Tweet
Kenneth Geers - Computer Hacks in the Russia-Ukraine War
Kenneth Geers, Very Good Security / NATO Cyber Centre / Atlantic Council
Presentation Title: Computer Hacks in the Russia-Ukraine War
Length of presentation: 20 minutes
War Story Track
The Russia-Ukraine war has seen a lot of computer hacking, on both sides, by nations, haxor collectives, and random citizens, to steal, deny, alter, destroy, and amplify information. Satellite comms have gone down. Railway traffic has been stymied. Doxing is a weapon. Fake personas and false flags are expected. Every major platform has had issues with confidentiality, integrity, and availability. Hacked social media and TV have been a hall of mirrors and PSYOP. Russian comms are unreliable, so Ukrainian nets have become honeypots. Hackers have been shot in the kneecaps. Talking heads have called for a RUNET shutdown. The Ukrainian government has appealed for hacker volunteers – just send your expertise, experience, and a reference. The Great Powers are hacking from afar, while defending their own critical infrastructure, including nuclear command-and-control. Ukraine has many hacker allies, while Russian hackers are fleeing their country in record numbers. Some lessons so far: connectivity is stronger than we thought, info ops are stealing the day, drones are the future, and it is always time for the next hack.
SPEAKER BIO
Dr. Kenneth Geers works at Very Good Security. He is an Atlantic Council Cyber Statecraft Initiative Senior Fellow, a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, and a Digital Society Institute-Berlin Affiliate. Kenneth served for twenty years in the US Government: in the Army, National Security Agency (NSA), Naval Criminal Investigative Service (NCIS), and NATO. He was a professor at the Taras Shevchenko National University of Kyiv in Ukraine from 2014-2017. He is the author of "Strategic Cyber Security", editor of "Cyber War in Perspective: Russian Aggression Against Ukraine", editor of "The Virtual Battlefield", and technical expert to the "Tallinn Manual".
@KennethGeers
REFERENCES:
“Alert (AA22-057A): Destructive Malware Targeting Organizations in Ukraine,” Original release date: 26 Feb, 2022, last revised: 01 Mar, 2022, Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/uscert/ncas/alerts/aa22-057a.
Attack chain: “Ukraine: Disk-wiping Attacks Precede Russian Invasion,” Symantec, 24 Feb, 2022, https://symantec-enterprise-blogs.se...malware-russia.
“The Belarusian railway workers who helped thwart Russia’s attack on Kyiv,” Liz Sly, Washington Post, 23 Apr 2022,
https://www.washingtonpost.com/world...oteurs-russia/.
“Communication Breakdown: How Russia's Invasion Of Ukraine Bogged Down,” Sergei Dobrynin and Mark Krutov, Radio Free Europe/Radio Liberty, 19 Mar 2022,
https://www-rferl-org.cdn.ampproject.../31761259.html.
“Comparison of Russia and Ukraine Military Strengths (2022),” Global Firepower, 31 Mar 2022, https://www.globalfirepower.com/coun...untry2=ukraine.
“Cyber Signaling and Nuclear Deterrence: Implications for the Ukraine Crisis,” Erica Lonergan and Keren Yarhi-Milo, War on the Rocks, 21 Apr 2022,
https://warontherocks.com/2022/04/cy...kraine-crisis/.
“The Cyberlaw Podcast: Confirmation Bias Meets Ukraine War and Elon Musk,” Stewart Baker, Lawfare, 19 Apr 2022, https://www.lawfareblog.com/cyberlaw...-and-elon-musk.
“Decision No. 1202: OSCE Confidence-Building Measures to Reduce the Risks of Conflict Stemming from the Use of Information and Communication Technologies,” Organization for Security and Co-operation in Europe, 10 Mar 2016, https://www.osce.org/files/f/documents/d/a/227281.pdf.
“Disturbing Mass Text Operation Terrorizes Ukraine as Russian Troops Move In,” Shannon Vavra, Daily Beast, 23 Feb 2022, https://www.thedailybeast.com/cybera...s-into-ukraine.
“Food Delivery Leak Unmasks Russian Security Agents,” Tech Team, Bellingcat, 1 Apr 2022, https://www.bellingcat.com/news/rest...curity-agents/.
“Guide to Developing a National Cybersecurity Strategy,” NATO Cooperative Cyber Defence Centre of Excellence, 2021, https://ccdcoe.org/library/publicati...rity-strategy/.
“Hackers’ fake claims of Ukrainian surrender aren’t fooling anyone. So what’s their goal?”, Kate Conger, New York Times, 5 Apr 2022,
https://www.nytimes.com/2022/04/05/u...a-hackers.html.
“HermeticWiper: New data-wiping malware hits Ukraine,” ESET, 24 Feb 2022, https://www.welivesecurity.com/2022/...e-hits-ukraine.
“IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine,” Christopher Del Fierro, John Dwyer, Security Intelligence, 24 Feb, 2022, https://securityintelligence.com/pos...tacks-ukraine/.
“‘Idiots’: Russian military phone calls hacked after own soldiers destroy 3G towers,” Rob Waugh, Yahoo News, 8 March 2022,
https://uk.news.yahoo.com/russian-mi...104303881.html.
“Inside Cyber Front Z, the ‘People’s Movement’ Spreading Russian Propaganda,” David Gilbert, VICE, 4 Apr 2022, https://www.vice.com/en/article/7kbj...ont-z-telegram.
“Instagram restricted in Russia as online space continues to shrink,” NETBLOCKS, 13 Mar 2022,
https://netblocks.org/reports/instag...hrink-JBQXvVAo.
“An Intelligence Gold Mine! Ukraine Captures A Unit Of Russia's Prized Electronic Warfare System,” Meera Suresh, IB Times, 23 Mar 2022,
https://www-ibtimes-com.cdn.ampproje...-3447680?amp=1.
“IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine,” ESET, 1 Mar 2022, https://www.welivesecurity.com/2022/...eting-ukraine/.
“Key Ukrainian government websites hit by series of cyberattacks,” Sean Lyngaas, CNN, 24 Feb, 2022
https://edition.cnn.com/2022/02/23/e...ack/index.html.
“A Mysterious Satellite Hack Has Victims Far Beyond Ukraine,” Matt Burgess, WIRED, 23 Mar 2022, https://www.wired.com/story/viasat-i...kraine-russia/.
“Putin’s Puppets Go Ballistic Over Fake Russian Slashing Video,” Julia Davis, The Daily Beast, 12 Apr 2022,
https://www.msn.com/en-us/news/world...deo/ar-AAW8ZLG.
“Russia Is Losing A War Against Hackers Stealing Huge Amounts Of Data,” Micah Lee, The Intercept, 22 April 2022,
https://theintercept.com/2022/04/22/...a-ukraine-war/.
“Russian Disinformation: All Bot But No Bite?” Patience Wait, Nextgov, 1 Apr 2022, https://www.nextgov.com/cybersecurit...o-bite/363897/.
“Russian newspaper accuses hackers of planting fake report on military fatalities,” Elizabeth Crisp, The Hill, 22 Mar 2022, https://thehill.com/policy/internati...rt-on-military.
“Shields Up: U.S. officials preparing for potential Russian cyberattacks,” Bill Whitaker, 60-minutes, 17 Apr 2022, https://www.cbsnews.com/news/russia-...es-2022-04-17/.
“Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine,” Microsoft Digital Security Unit, 27 Apr 2022, https://query.prod.cms.rt.microsoft....binary/RE4Vwwd.
“TikTok created an alternate universe just for Russia,” Will Oremus, The Washington Post, 13 Apr 2022, https://www.washingtonpost.com/techn...cking-exposed/.
“Ukraine accuses Russia of cyber-attack on two banks and its defence ministry,” Dan Sabbagh, The Guardian, 16 Feb 2022, https://www.theguardian.com/world/20...fence-ministry.
“Ukraine reveals ‘Russian warship, go fuck yourself!’ postage stamp,” Chris Michael, Guardian, 12 Mar 2022, https://www.theguardian.com/world/20...-postage-stamp.
“‘The Ukrainians Are Listening’: Russia’s Military Radios Are Getting Owned,” Jack Detsch and Amy Mackinnon, Foreign Policy, 22 Mar 2022, https://foreignpolicy.com/2022/03/22...ilitary-radio/.
“Ukraine's IT army: Who are the cyber guerrillas hacking Russia?” Deutsche Welle, https://www.dw.com/en/ukraines-it-ar...sia/a-61247527.
“Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory,”, Matt Burgess, WIRED, 27 Feb 2022, https://www.wired.com/story/ukraine-...social_twitter.
“Ukrainians Use Drones, Facial-Recognition Software as They Investigate Alleged War Crimes,” Brett Forrest, Wall Street Journal, 12 Apr 2022,
https://www.wsj.com/articles/ukraini...es-11649767154.
“Where Russians Turn for Uncensored News on Ukraine,” Valeriya Safronova, Neil MacFarquhar and Adam Satariano, New York Times, 16 Apr 2022, https://www.nytimes.com/2022/04/16/w...m-ukraine.html.
[]
Kenneth Geers, Very Good Security / NATO Cyber Centre / Atlantic Council
Presentation Title: Computer Hacks in the Russia-Ukraine War
Length of presentation: 20 minutes
War Story Track
The Russia-Ukraine war has seen a lot of computer hacking, on both sides, by nations, haxor collectives, and random citizens, to steal, deny, alter, destroy, and amplify information. Satellite comms have gone down. Railway traffic has been stymied. Doxing is a weapon. Fake personas and false flags are expected. Every major platform has had issues with confidentiality, integrity, and availability. Hacked social media and TV have been a hall of mirrors and PSYOP. Russian comms are unreliable, so Ukrainian nets have become honeypots. Hackers have been shot in the kneecaps. Talking heads have called for a RUNET shutdown. The Ukrainian government has appealed for hacker volunteers – just send your expertise, experience, and a reference. The Great Powers are hacking from afar, while defending their own critical infrastructure, including nuclear command-and-control. Ukraine has many hacker allies, while Russian hackers are fleeing their country in record numbers. Some lessons so far: connectivity is stronger than we thought, info ops are stealing the day, drones are the future, and it is always time for the next hack.
SPEAKER BIO
Dr. Kenneth Geers works at Very Good Security. He is an Atlantic Council Cyber Statecraft Initiative Senior Fellow, a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, and a Digital Society Institute-Berlin Affiliate. Kenneth served for twenty years in the US Government: in the Army, National Security Agency (NSA), Naval Criminal Investigative Service (NCIS), and NATO. He was a professor at the Taras Shevchenko National University of Kyiv in Ukraine from 2014-2017. He is the author of "Strategic Cyber Security", editor of "Cyber War in Perspective: Russian Aggression Against Ukraine", editor of "The Virtual Battlefield", and technical expert to the "Tallinn Manual".
@KennethGeers
REFERENCES:
“Alert (AA22-057A): Destructive Malware Targeting Organizations in Ukraine,” Original release date: 26 Feb, 2022, last revised: 01 Mar, 2022, Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/uscert/ncas/alerts/aa22-057a.
Attack chain: “Ukraine: Disk-wiping Attacks Precede Russian Invasion,” Symantec, 24 Feb, 2022, https://symantec-enterprise-blogs.se...malware-russia.
“The Belarusian railway workers who helped thwart Russia’s attack on Kyiv,” Liz Sly, Washington Post, 23 Apr 2022,
https://www.washingtonpost.com/world...oteurs-russia/.
“Communication Breakdown: How Russia's Invasion Of Ukraine Bogged Down,” Sergei Dobrynin and Mark Krutov, Radio Free Europe/Radio Liberty, 19 Mar 2022,
https://www-rferl-org.cdn.ampproject.../31761259.html.
“Comparison of Russia and Ukraine Military Strengths (2022),” Global Firepower, 31 Mar 2022, https://www.globalfirepower.com/coun...untry2=ukraine.
“Cyber Signaling and Nuclear Deterrence: Implications for the Ukraine Crisis,” Erica Lonergan and Keren Yarhi-Milo, War on the Rocks, 21 Apr 2022,
https://warontherocks.com/2022/04/cy...kraine-crisis/.
“The Cyberlaw Podcast: Confirmation Bias Meets Ukraine War and Elon Musk,” Stewart Baker, Lawfare, 19 Apr 2022, https://www.lawfareblog.com/cyberlaw...-and-elon-musk.
“Decision No. 1202: OSCE Confidence-Building Measures to Reduce the Risks of Conflict Stemming from the Use of Information and Communication Technologies,” Organization for Security and Co-operation in Europe, 10 Mar 2016, https://www.osce.org/files/f/documents/d/a/227281.pdf.
“Disturbing Mass Text Operation Terrorizes Ukraine as Russian Troops Move In,” Shannon Vavra, Daily Beast, 23 Feb 2022, https://www.thedailybeast.com/cybera...s-into-ukraine.
“Food Delivery Leak Unmasks Russian Security Agents,” Tech Team, Bellingcat, 1 Apr 2022, https://www.bellingcat.com/news/rest...curity-agents/.
“Guide to Developing a National Cybersecurity Strategy,” NATO Cooperative Cyber Defence Centre of Excellence, 2021, https://ccdcoe.org/library/publicati...rity-strategy/.
“Hackers’ fake claims of Ukrainian surrender aren’t fooling anyone. So what’s their goal?”, Kate Conger, New York Times, 5 Apr 2022,
https://www.nytimes.com/2022/04/05/u...a-hackers.html.
“HermeticWiper: New data-wiping malware hits Ukraine,” ESET, 24 Feb 2022, https://www.welivesecurity.com/2022/...e-hits-ukraine.
“IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine,” Christopher Del Fierro, John Dwyer, Security Intelligence, 24 Feb, 2022, https://securityintelligence.com/pos...tacks-ukraine/.
“‘Idiots’: Russian military phone calls hacked after own soldiers destroy 3G towers,” Rob Waugh, Yahoo News, 8 March 2022,
https://uk.news.yahoo.com/russian-mi...104303881.html.
“Inside Cyber Front Z, the ‘People’s Movement’ Spreading Russian Propaganda,” David Gilbert, VICE, 4 Apr 2022, https://www.vice.com/en/article/7kbj...ont-z-telegram.
“Instagram restricted in Russia as online space continues to shrink,” NETBLOCKS, 13 Mar 2022,
https://netblocks.org/reports/instag...hrink-JBQXvVAo.
“An Intelligence Gold Mine! Ukraine Captures A Unit Of Russia's Prized Electronic Warfare System,” Meera Suresh, IB Times, 23 Mar 2022,
https://www-ibtimes-com.cdn.ampproje...-3447680?amp=1.
“IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine,” ESET, 1 Mar 2022, https://www.welivesecurity.com/2022/...eting-ukraine/.
“Key Ukrainian government websites hit by series of cyberattacks,” Sean Lyngaas, CNN, 24 Feb, 2022
https://edition.cnn.com/2022/02/23/e...ack/index.html.
“A Mysterious Satellite Hack Has Victims Far Beyond Ukraine,” Matt Burgess, WIRED, 23 Mar 2022, https://www.wired.com/story/viasat-i...kraine-russia/.
“Putin’s Puppets Go Ballistic Over Fake Russian Slashing Video,” Julia Davis, The Daily Beast, 12 Apr 2022,
https://www.msn.com/en-us/news/world...deo/ar-AAW8ZLG.
“Russia Is Losing A War Against Hackers Stealing Huge Amounts Of Data,” Micah Lee, The Intercept, 22 April 2022,
https://theintercept.com/2022/04/22/...a-ukraine-war/.
“Russian Disinformation: All Bot But No Bite?” Patience Wait, Nextgov, 1 Apr 2022, https://www.nextgov.com/cybersecurit...o-bite/363897/.
“Russian newspaper accuses hackers of planting fake report on military fatalities,” Elizabeth Crisp, The Hill, 22 Mar 2022, https://thehill.com/policy/internati...rt-on-military.
“Shields Up: U.S. officials preparing for potential Russian cyberattacks,” Bill Whitaker, 60-minutes, 17 Apr 2022, https://www.cbsnews.com/news/russia-...es-2022-04-17/.
“Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine,” Microsoft Digital Security Unit, 27 Apr 2022, https://query.prod.cms.rt.microsoft....binary/RE4Vwwd.
“TikTok created an alternate universe just for Russia,” Will Oremus, The Washington Post, 13 Apr 2022, https://www.washingtonpost.com/techn...cking-exposed/.
“Ukraine accuses Russia of cyber-attack on two banks and its defence ministry,” Dan Sabbagh, The Guardian, 16 Feb 2022, https://www.theguardian.com/world/20...fence-ministry.
“Ukraine reveals ‘Russian warship, go fuck yourself!’ postage stamp,” Chris Michael, Guardian, 12 Mar 2022, https://www.theguardian.com/world/20...-postage-stamp.
“‘The Ukrainians Are Listening’: Russia’s Military Radios Are Getting Owned,” Jack Detsch and Amy Mackinnon, Foreign Policy, 22 Mar 2022, https://foreignpolicy.com/2022/03/22...ilitary-radio/.
“Ukraine's IT army: Who are the cyber guerrillas hacking Russia?” Deutsche Welle, https://www.dw.com/en/ukraines-it-ar...sia/a-61247527.
“Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory,”, Matt Burgess, WIRED, 27 Feb 2022, https://www.wired.com/story/ukraine-...social_twitter.
“Ukrainians Use Drones, Facial-Recognition Software as They Investigate Alleged War Crimes,” Brett Forrest, Wall Street Journal, 12 Apr 2022,
https://www.wsj.com/articles/ukraini...es-11649767154.
“Where Russians Turn for Uncensored News on Ukraine,” Valeriya Safronova, Neil MacFarquhar and Adam Satariano, New York Times, 16 Apr 2022, https://www.nytimes.com/2022/04/16/w...m-ukraine.html.
[]