,,Russia will never accept a sovereign, independent Ukraine.
Twenty--five years since the
Soviet collapse, Russia is still sick with this imperialistic syndrome``. The December 2015 Ukraine power grid cyberattack took place two days before Christmas and is a considered to be the first known successful cyberattack on a power grid. Hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and about 230 thousands people were left without electricity for a period from 1 to 6 hours. It was blame later on Russia, but with no evidence. Same thing happend one year later on Ukrain capital Kiew, when the blackout lasted just over an hour and started just before midnight on 17 December. It said that both the 2015 and 2016 attacks were connected, weren’t just isolated attacks. There are cyber attacks that has never happend in the world. This hackers has practically entered and broked every sector of Ukrain: media. Finaince, military, energy, politics. As the NATO ambassador said: You can’t really find a space in Ukraine where there hasn’t been an attack,” CyberBerkut which is a modern organized group of pro-Russian hacktivists and who became famous after attacked on Ukrainian government, and western or Ukrainian corporate websites and who had hacked into multiple U.S. political organizations, leaked confidential information and leveraged digital propaganda against U.S. citizens ahead of the 2016 presidential election. Oleksii Yasinsky, Ukrainian cybersecurity researcher, was asked to help in October 2015 attack StarLightMedia, Ukraine’s largest TV broadcasting conglomerate. During the night, two of StarLight’s servers had inexplicably gone offline. Shortly, Yasinsky descovered that the two victim servers were domain controllers, computers with powerful privileges that could be used to reach into hundreds of other machines on the corporate network had planted malware on the laptops of 13 empliyees. They have been set to infect and destroy 200 more PCs at the company. Yasinsky pored over its code and descovered that the malware had evaded all antivirus scans and realised he has never analyzed such a sophisticated digital weapon. He figured it out the KillDisk is the destructive malware made by the hackers who used BlackEnergy for access and reconnaissance, then KillDisk for destruction. Christmas 2015 on Alabama, Robert Lee who had recently left a high-level job at a three-letter US intelligence agency, received on his wedding day message from Ukraine which confirmed that the hackers had just taken down a power grid in western Ukraine news was real and they needed his help. It was about the same malware – KillDisk – found by the Yasinsky on StarLightMedia system months before. Lee thought to the cyber attacks from the past, for exemple the one made by the Sandworm in 2014. The team of hackers planted BlackEnergy malware on targets that included Polish energy firms and Ukrainian government agencies signs indicated that the target was US taking into consideration that earlier in 2014 US Government reported that BlackEnergy was planted in American power and water utilities systems. Now, Lee had a complete image: there is practically no difference between Ukrainian power grid attack and the one happened in US. For a better understanding of how the hackers worked, a team of Americans arrived in Kiev Lee and Assante being parts of this group. The first place they went was Kyivoblenergo, the city’s regional power distribution company and one of the three victims of the power grid attacks. They saw that the attackers had set up their own perfectly configured copy of the control software on a PC in a faraway facility and then had used that rogue clone to send the commands that cut the power. The hackers were able to destroy the company’s PCs as they struck the control station’s battery backups, so not only the region lost power, but also the stations themselves by making a blackout within a blackout. The second place they went was Prykarpattyaoblenergo were at the beggining seemed that the hackers used almost identical method hat hit Kyivoblenergo: BlackEnergy, corrupted firmware, disrupted backup power systems, KillDisk. Back to the 2016 attack, the systems security researchers who analyzed both 2015 and 2016 malware get to the conclusion that hackers’ methods as simpler and far more efficient than the ones used in the previous year’s`` which shows that hackers became more and more powerful and no one when, how and where next attacks will materialize. The worst part is that we don;t have the exactly number of Ukrainian institutions have been hit in the escalating campaign of cyberattacks; any number is an underestimated one as there are still targets that haven’t been yet descovered in their systems. The conclusion of those all attackes is that Ukraine, not being known as country such France of Germany is a test place, where you can do your worst without being prosecuted for Russia. Why should US citisens care about a country they don’t even know where is on the map? How did I understand all this? The cyber war is a new part of the war, as the concept of internet is relative new. In the past years this part of the war got bigger and bigger and for sure it won’t stop as this is just the beggining. All you need are 2-3 smart guys who spend most of the time in front of their laptops. We can take Russian military force as exemple which is, even if they like to say they are strong, not at the same level with US force. So, in order to balance US army, Russians found the cyberspace a perfect medium in the battle with US and the rest of the world. Taking into consideration that my experince o this topic was made by reading a few articles, so practically none, I might say that is the more dangerous that it looks. You can create a real chaos just by letting a city, such a Bucharest, without electricity for 1 day. No ATM, no money, no markets to be opened and hardest part - almost imposible to inform the population about what’s happening. Also, the companies which can have economic collaps with only a few hours of lack of internet, so an economy of a country can get rough with only some clicks. Why should Romanian Intelligence Service be involve in cyber attacks? We cannot talk about a war between only two separate countries with no repercussion to the entire world. Romania is member of EU and NATO, which means we are a real target. An exemple can be the WannaCry ransomware attack when the Dacia car plant in Mioveni had to halt its production because of the event. Usually the first victims are the important institutions, so the security of the country is not stable. I think that the weak link is the human resource, the individuals that is in front o f the computer. We might need a better information of th people about the need and the way we can protect our IT system.