Cyberattacks are one of the elements of a hybrid war and can lead to consequences, the extent of which we have not yet fully realized. According to IMF experts and the Fund's Global Financial Stability Report, the economic losses from all global cyberattacks reach $53 billion, including $850 million from the recent attack of the NotPetya virus, which hit the Ukrainian financial and public sector in the summer and created problems in other countries.
The expert on cybersecurity and operating director of the 10Guards company Vitaliy Yakushev told OstroV in which case Ukrainians can suffer from cyberattacks and whether Ukraine faces a second Chornobyl.
What are the most dangerous forms of cyberattacks nowadays?
- There are four main types of sources of cyberattacks, which, accordingly, bear various threats.
The first type are single hackers whose main goal is to "hooligan" (hacking for entertainment, boasting, training). It is almost impossible to predict damage in such case, because they often do not have the task to cause harm. Such cyber-hooligans are rarely aimed at hacking into a power plant system or other critical facilities. As a rule, they mostly aim at private persons. Such hacking was the most popular in 1980's, 1990's early 2000's.
The second type are financially-motivated cybercrime groups, they are also called APT (Advanced Persistent Threads). They inflict targeted blows to make money by hacking different businesses. Cybercrime groups carry out virus attacks, phishing attacks, which often have complex multi-step logic.
The most dangerous are hackers-activists (hacktivists) and cyber troops.
The first are obsessed by any national idea, ideological orientation. For example, Ukrainian Yevhen Dokukin, who blocks the websites of the "DNR/LNR", hacks enemy surveillance cameras, as well as a large hacktivist group Ukrainian Kiberalians.
And the fourth type – cyber troops. They are professional hackers, sponsored by the state. They are the most dangerous, since their main goal is to inflict damage (even irrecoverable) for the country.
And from this point of view, which areas of Ukrainian infrastructure are most vulnerable to cyberattacks?
- In our country, business, critical infrastructure facilities and state structures are vulnerable. For example, cyber troops can negatively affect the work of both small private companies, as well as TPPs, water utilities, HPPs. For example, there was a failure in the thermal power plant in Western Ukraine (Prykarpattyaoblenerho).
Everyone remembers the June cyberattack of the Petya virus, and Ukraine sees the Russian trace there. Can that be true?
- There are still no results of the official investigation. Unlike cyber police, I do not have access to seized servers, so it is hard to answer unambiguously. Subjectively, I can admit two hypotheses (based on the official reports of private companies and experts). Cyber troops or cybercrime groups can be involved in the Petya virus. I will explain this on the basis of analysis of previous attacks of cybercrime groups. Like the usual business, cybercrime has split into narrowly focused areas: for example, one group is engaged in hacking and then monetizes it, selling access to the hacked resources. Cybercriminals monetize it either by stealing and selling information/finance, or encrypting information for ransom, or using the system to further infect more and more resources to cover the attack more.
I dare to assume that in the case of the notPetya virus, they also wanted to earn money, but at some point they did not have enough qualification for modifying the hacker tool and this led to another result.
If we consider the version of cyber troops, then in fact, the consequences could be much more serious. Yes, they did damage, but not as strong as they could with their access.
You know, we like to underestimate the enemy. But we must not forget that Russian cyber troops are in world’s top-five ranking of cyber troops. And in Ukraine, there are no cyber troops in general.
By the way, in August, the head of the department of cyber police Serhiy Demedyuk, said that in Ukraine there are a lot of specialists in network administration, but there are no specialists in cyber defence and cyber threats. That is, there is no protection?
- In Ukraine, four departments de jure deal with cyber security - the National Security and Defence Council, cyber police, the SBU and the State Communications Committee (there will be 8 of them after the signing of the new law on cybersecurity). Each of them has its own accountable sphere, but sometimes it may overlap. Despite the fact that in 2016, the creation of a coordination center for cybersecurity was announced, it has not been created yet.
Yes, there are very few good professionals in state bodies. For comparison, there are several thousand people in the U.S. cyber troops.
We have a problem in financing: a good specialist should get several thousand dollars a month. Ukraine cannot afford this. At the same time, more money is being spent on real weapons, for example, one tank costs about $4 million. This amount equals to the annual funding of the division of decent cybersecurity specialists. But a tank can potentially be destroyed on the first day of operation, and cyber security experts will definitely make a significant contribution to the strengthening of both cyber defence and other elements of cyber troops. For example, to develop hacker instruments, cyber weapons. No wonder they say that the third world war can take place in a virtual plane. For example, nowadays one can "manage" or influence the results of elections from another country (an element of information warfare).
In this case, where Ukraine can expect cyber strikes in the context of a hybrid war?
- We must proceed from the fact that the goal of military operations, including a virtual scale, is to inflict maximum damage. Let us say that if the Verkhovna Rada voting system does not work, this damage is not so critical. But if any power plant or power unit stops working in the winter, residents will remain without heating or electricity, this is a very serious problem. The principle is – if you want to know where the fox is, think like a fox. That is, in order to protect oneself it is necessary to think of the threat model and to consider the object of cyberattacks. For example, deactivating TPPs during the winter would be an attempt to discredit the Ukrainian authorities (people do not believe that they can be protected and the credibility of the current government decreases).
How else can people suffer from potential cyberattacks?
- Cyberattacks can occur in respect of those systems that hold personal information of the population. For example, a taxpayer's personal account and databases of large banks with personal data of clients. For example, hackers can get the base of a large state-owned bank with all transactions – it is a tasty morsel for cyber troops. This is, at least, damage to the bank's reputation, country and authorities at large. Perhaps, there are still some risks from such a leak, it is necessary to carefully calculate and analyze everything. Communal service and all that provides a person's daily life can be the object of cyberattacks. Key media and TV channels are also of interest for cyber troops.
All principles and approaches of warfare do not change, but instruments change, in point of fact. For example, it is possible not to send cannon fodder, but be remotely engaged in causing damage on a virtual scale, and this is no less dangerous for the enemy. You can sit in the office and remotely control, for example, the work of the nuclear power plant - to push the regulation rod of the nuclear reactor more or less, what practically invites the second Chornobyl. And are we able to experience it now?
To what extent was the ban on Russian services and social networks effective in the context of a hybrid war?
- On the one hand, it was the right step, because if you quickly block the means of enemy propaganda, it gives a quick effect. On the other hand, from my point of view, users have not been given an alternative. After all, it is logical: if someone likes this social network, and it suddenly becomes forbidden, then he will look for a way to bypass this ban. And Russians began to manage by this tool, providing free VPN services. The fact is that most free VPN clients are spywares that steal user-data, including passwords.
That is, if the phone has a VPN service, then all passwords, including banking data, are available to the outside party?
Theoretically, yes. Having installed the application, you can automatically give access to all the data, including the bank cards, to the developer of this application.
In my opinion, prior to blocking something, it was necessary to conduct a good information preparation - to explain why this blocking occurs and how its absence can harm ordinary citizens.
For example, when the military operations in the Donbass were just beginning, there was an action to boycott Russian goods, and it responded, the population supported it. Perhaps, it was necessary to deal with the forbidden social networks in the same vein.
What do you think, what Russian resources or media can be blocked in Ukraine in the near future?
- Some of them just have to be blocked, for example, large Russian avid propaganda news agencies, such as Zvezda, where the apparent imperial grandeur of the brain is traced.
Is it expediently to block the local resources of the "DNR/LNR"? Will this help in protecting Ukrainian cyberspace?
- Well, the access to this small resource will be blocked, so what? The shelling will stop? I think it is necessary to look for an alternative. After all, blocking is not a silver bullet and it is easy to bypass. For example, they can buy a server in Germany, install a VPN server and gather clients to provide services to bypass blockings. China is already thinking about how to ban a VPN service. Such an approach can lead to the emergence of the so-called regional Internet, and the "entrance" to the global Internet will be by "passes." This is absurd, but everything goes to this in Russia, because they tend to maximally close their Internet space, trying to control it.
Recently, hackers' interference in elections has increased (for example, in the USA). Is there any risk of Russian interference in this process for Ukraine in 2019?
- Of course, there is a probability. When we talk about the Russian trace, we miss other real sources of cyberattacks. In fact, there may be another source, and accordingly, another approach to protection and counteraction sometimes is needed to counteract them. We consider one threat model - Russian cyber troops, without taking other sources of cyberattacks into account. Of course, there are grounds for fear of Russian hackers, but apart from that, we must understand the motivation of attackers and who else has an interest in influencing the result of elections.
Then, from what direction, apart from Russian hackers, can cyberattacks be against Ukraine at the domestic level?
- I think it depends on Ukraine's position at the geopolitical level. For example, there is a conflict between the DPRK and the USA. If we openly declare support for the position of the American party, then, roughly speaking, we have another enemy with good cyber army.
How can ordinary citizens protect their gadgets?
- First of all, you should update the software used on your phone, tablet, laptop and computer and not install software from doubtful sources, but only from official application stores or manufacturers' websites. For example, when the first attack of the Petya virus was in the spring of 2017, it was built on the fact that an old vulnerability was used in Windows operating system, which was closed two months before the attack, that is, the system of the affected was not updated for 2 months.
It is also advisable to update or install antivirus software. I emphasize that the installation of antivirus software does not give 100% security, but at least, complicates the infection of system.
Secondly, all your important assets - critical information resources (mail, social networks, banking data) can be protected with two-factor authentication. For example, the password entering and a fingerprint scanner (in the phone) or additional code from a text message or a special application.
Thirdly, you should always make backup copies of important documents and files. And do not store copies on the same device with the original.
Another recommendation is not to open the attached files and not click on the links in messages in social networks/messengers, if you are not sure that this information was sent exactly to you and you expected it from your interlocutor.
For example, there are a lot of phishing attacks on Facebook - a short videos posting, which offer to install an additional program, containing malware, when you try to view them. Also, do not open attachments, even a Word file, since it can contain a virus. And do not click on short links that can lead to a website with malware.
Is it dangerous to use free Wi-Fi in public places?
- Yes. In this case, any of your data can be intercepted by the owners of Wi-Fi access point. But if you use coded connection (SSL/HTTPS, VPN), as well as two-factor authentication, this will secure your communications.
Remember, if you are a public person or have a business, the risk of hacking increases, and in this case, a number of additional security mechanisms are required (in addition to coded connection and two-factor authentication). Only a highly skilled company (team of experts) in the field of information security will cope with this task.
Interviewed by Iryna Holizdra, OstroV