Ukrainian services violated on the eve of the February 24 invasion include the Interior Ministry, which oversees police, the national guard and border patrols. One month earlier, a national database of car insurance policies came under attack during a diversionary cyber attack that violated Ukrainian websites. The incursions, combined with pre-war data theft, likely armed Russia with extensive details about much of Ukraine’s population, say cybersecurity and military intelligence analysts. It is information that Russia can use to locate and locate Ukrainians who are more likely to resist an occupation and possibly target them for incarceration or worse. “Fantastic useful information if you are planning a business,” said Jack Watling, a military analyst at the British think tank Royal United Services Institute on car insurance data, “knowing exactly which car each one drives and where they live. . » As the digital age evolves, the dominance of information is increasingly exercised for social control, as China has shown by suppressing the Uighur minority. It came as no surprise to Ukrainian officials that a pre-war priority for Russia would be to gather information about citizens. “The idea was to kill or imprison these people in the early stages of the occupation,” said Viktor Zora, a senior Ukrainian cyber defense official. Aggressive data collection accelerated shortly before the invasion, with hackers serving in the Russian military targeting increasingly isolated Ukrainians, according to Zhora, the State Intelligence and Intelligence Service. Serhii Demediuk, deputy secretary of the National Security and Defense Council of Ukraine, said in an email that personal data remained a priority for Russian hackers as they attempted more breaches of the government network: “Cyber warfare is really hot today.” . There is no doubt that political targeting is a goal. Ukraine says Russian forces have killed and abducted local leaders where they are seizing territory. Demediuk was stingy in some details, but said Russian cyber attacks in mid-January and as the invasion began were mainly aimed at “destroying government information systems and critical infrastructure” and involved data theft. The Ukrainian government says that the violation of car insurance on January 14 resulted in the theft of up to 80% of Ukrainian contracts registered with the Office of Car Transport. Demediuk acknowledged that the Interior Ministry was among the state services that were violated on February 23. He said the data had been stolen, but would not say which services had been used, only that it “did not lead to significant consequences, especially for military or volunteer data.” Security researchers from ESET and other cyber security companies working with Ukraine that the networks had been breached months earlier, giving enough time for covert thefts. Data collection through piracy is an ongoing project. A Russian FSB intelligence unit that investigators named Armageddon has been operating for years outside Crimea, which was occupied by Russia in 2014. Ukraine says it has tried to infect more than 1,500 Ukrainian government computer systems. It has been trying to violate and maintain access to government, military, judicial and law enforcement agencies, as well as nonprofits since October, with the primary goal of “filtering out sensitive information,” Microsoft said in a blog post on Wednesday. February. This included anonymous organizations “critical to dealing with emergencies and ensuring the security of Ukrainian territory”, as well as the distribution of humanitarian aid. After the invasion, hackers targeted European organizations helping Ukrainian refugees, according to Zhora and cybersecurity company Proofpoint. Authorities have not clarified which organizations or what may have been stolen. Another attack on April 1 crippled Ukraine’s National Call Center, which operates a hotline for complaints and investigations on a wide range of issues: corruption, domestic abuse, people displaced by the invasion, and war veterans’ benefits. Used by hundreds of thousands of Ukrainians, it issues COVID-19 vaccine certificates and collects callers’ personal data, including email, addresses and telephone numbers. Adam Meyers, senior information vice president at cybersecurity company CrowdStrike, believes the attack, like many others, could have a greater psychological impact than intelligence gathering – aimed at undermining Ukrainians’ confidence in their institutions. “Make them fear that when the Russians take over, if they do not cooperate, the Russians will find out who they are, where they are and will chase them,” Meyers said. The attack left the center offline for at least three days, said center director Marianna Vilshinska: “We could not work. Neither the phones nor the chatbots worked. They destroyed the whole system. ” Hackers calling themselves Russia’s cyber-army have claimed to have stolen the personal data of 7 million people in the attack. However, Vilshinska denied violating the database with users’ personal data, while confirming that the list of contacts posted by hackers on the Internet with more than 300 employees of the center was genuine. Spearfishing attacks in recent weeks have focused on military, national and local officials, with the aim of stealing credentials to open up government data. Such activity relies heavily on Ukraine’s cellular networks, which CrowdStrike Meyers said were too rich in information for Russia to shut down. On March 31, Ukraine’s SBU intelligence service announced that it had seized a “robot farm” in the Russian-controlled eastern part of Dnipropetrovsk and sent text messages to 5,000 Ukrainian soldiers, police and SBU members, urging them to surrender or to sabotage their units. . Service spokesman Artem Dekhtiarenko said authorities were investigating how the phone numbers were obtained. Gene Yoo, CEO of cybersecurity company ReSecurity, said it was probably not difficult: Subscriber databases of major Ukrainian wireless companies have been available for sale by cybercriminals in the dark for quite some time – as in many countries. If Russia gains control of more parts of eastern Ukraine, stolen personal data will be an advantage. The Russian occupiers have already gathered passport information, a top adviser to the Ukrainian president, who could help hold separatist referendums, said on Twitter recently. Ukraine, for its part, appears to have gathered important information – with the help of the United States, the United Kingdom and other partners – targeting Russian soldiers, spies and police, including rich geolocation data. Demediuk, the top security official, said the country knew “where and when a particular soldier crossed the border into Ukraine, in which occupied settlement he stopped, in which building he spent the night, stole and committed crimes on our land.” “We know their cell phone numbers, the names of their parents, their spouses, their children, their home addresses, who their neighbors are, where they went to school and the names of their teachers,” he said. Analysts warn that some claims about data collection on both sides of the conflict may be exaggerated. But in recordings posted on the Internet by Ukrainian Minister of Digital Transformation Mikhailo Fedorov, callers were heard calling Russian soldiers’ distant wives and posing as Russian state security officials to say that the parcels were houses. In one, a woman with a nervous tone recognizes that she is receiving what she calls souvenirs – a handbag, a keychain. Her boyfriend says she has a criminal record, that her husband “killed people in Ukraine and stole their belongings”. The phone hangs up.
AP journalist Larry Fenn in New York and Inna Verenytsia in Kyiv, Ukraine, contributed to this report.
