,,Russia will never accept a sovereign, independent Ukraine.

Twenty--five years since the

Soviet collapse, Russia is still sick with this imperialistic syndrome``.
The December 2015 Ukraine power grid cyberattack took place two days before Christmas
and is a considered to be the first known successful cyberattack on a power grid.
Hackers were able to successfully compromise information systems of three energy distribution
companies in Ukraine and about 230 thousands people were left without electricity for a period
from 1 to 6 hours. It was blame later on Russia, but with no evidence. Same thing happend one
year later on Ukrain capital Kiew, when the blackout lasted just over an hour and started just
before midnight on 17 December.
It said that both the 2015 and 2016 attacks were connected, weren’t just isolated attacks. There
are cyber attacks that has never happend in the world. This hackers has practically entered and
broked every sector of Ukrain: media. Finaince, military, energy, politics. As the NATO
ambassador said: You can’t really find a space in Ukraine where there hasn’t been an attack,”
CyberBerkut which is a modern organized group of pro-Russian hacktivists and who became
famous after attacked on Ukrainian government, and western or Ukrainian corporate websites
and who had hacked into multiple U.S. political organizations, leaked confidential information
and leveraged digital propaganda against U.S. citizens ahead of the 2016 presidential election.
Oleksii Yasinsky, Ukrainian cybersecurity researcher, was asked to help in October 2015 attack
StarLightMedia, Ukraine’s largest TV broadcasting conglomerate. During the night, two of
StarLight’s servers had inexplicably gone offline. Shortly, Yasinsky descovered that the two
victim servers were domain controllers, computers with powerful privileges that could be used
to reach into hundreds of other machines on the corporate network had planted malware on the
laptops of 13 empliyees. They have been set to infect and destroy 200 more PCs at the company.
Yasinsky pored over its code and descovered that the malware had evaded all antivirus scans
and realised he has never analyzed such a sophisticated digital weapon. He figured it out the
KillDisk is the destructive malware made by the hackers who used BlackEnergy for access and
reconnaissance, then KillDisk for destruction.
Christmas 2015 on Alabama, Robert Lee who had recently left a high-level job at a three-letter
US intelligence agency, received on his wedding day message from Ukraine which confirmed
that the hackers had just taken down a power grid in western Ukraine news was real and they
needed his help. It was about the same malware – KillDisk – found by the Yasinsky on
StarLightMedia system months before.
Lee thought to the cyber attacks from the past, for exemple the one made by the Sandworm in
2014. The team of hackers planted BlackEnergy malware on targets that included Polish energy
firms and Ukrainian government agencies signs indicated that the target was US taking into
consideration that earlier in 2014 US Government reported that BlackEnergy was planted in
American power and water utilities systems.
Now, Lee had a complete image: there is practically no difference between Ukrainian power
grid attack and the one happened in US.
For a better understanding of how the hackers worked, a team of Americans arrived in Kiev
Lee and Assante being parts of this group. The first place they went was Kyivoblenergo, the
city’s regional power distribution company and one of the three victims of the power grid
attacks. They saw that the attackers had set up their own perfectly configured copy of the control
software on a PC in a faraway facility and then had used that rogue clone to send the commands
that cut the power. The hackers were able to destroy the company’s PCs as they struck the
control station’s battery backups, so not only the region lost power, but also the stations
themselves by making a blackout within a blackout.
The second place they went was Prykarpattyaoblenergo were at the beggining seemed that the
hackers used almost identical method hat hit Kyivoblenergo: BlackEnergy, corrupted firmware,
disrupted backup power systems, KillDisk.
Back to the 2016 attack, the systems security researchers who analyzed both 2015 and 2016
malware get to the conclusion that hackers’ methods as simpler and far more efficient than the
ones used in the previous year’s`` which shows that hackers became more and more powerful
and no one when, how and where next attacks will materialize.
The worst part is that we don;t have the exactly number of Ukrainian institutions have been
hit in the escalating campaign of cyberattacks; any number is an underestimated one as there
are still targets that haven’t been yet descovered in their systems.
The conclusion of those all attackes is that Ukraine, not being known as country such France
of Germany is a test place, where you can do your worst without being prosecuted for Russia.
Why should US citisens care about a country they don’t even know where is on the map?
How did I understand all this?
The cyber war is a new part of the war, as the concept of internet is relative new. In the past
years this part of the war got bigger and bigger and for sure it won’t stop as this is just the
beggining. All you need are 2-3 smart guys who spend most of the time in front of their
laptops.
We can take Russian military force as exemple which is, even if they like to say they are
strong, not at the same level with US force. So, in order to balance US army, Russians found
the cyberspace a perfect medium in the battle with US and the rest of the world.
Taking into consideration that my experince o this topic was made by reading a few articles,
so practically none, I might say that is the more dangerous that it looks. You can create a real
chaos just by letting a city, such a Bucharest, without electricity for 1 day. No ATM, no
money, no markets to be opened and hardest part - almost imposible to inform the population
about what’s happening. Also, the companies which can have economic collaps with only a
few hours of lack of internet, so an economy of a country can get rough with only some
clicks.
Why should Romanian Intelligence Service be involve in cyber attacks?
We cannot talk about a war between only two separate countries with no repercussion to the
entire world. Romania is member of EU and NATO, which means we are a real target. An
exemple can be the WannaCry ransomware attack when the Dacia car plant in Mioveni had to
halt its production because of the event.
Usually the first victims are the important institutions, so the security of the country is not
stable. I think that the weak link is the human resource, the individuals that is in front o f the
computer. We might need a better information of th people about the need and the way we
can protect our IT system.