This posting is here to collect cyber security news in March 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
888 Comments
Tomi Engdahl says:
Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/
On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations affected by the attack,1 among other families including a sophisticated wiper CrowdStrike Intelligence tracks as DriveSlayer (HermeticWiper). Analysis of the PartyTicket ransomware indicates it superficially encrypts files and does not properly initialize the encryption key, making the encrypted file with the associated .encryptedJB extension recoverable.
Tomi Engdahl says:
Signal Confirms Hack Claims Are Part Of Misinformation Campaign https://www.forbes.com/sites/kateoflahertyuk/2022/03/01/signal-confirms-hack-claims-are-part-of-misinformation-campaign/
Encrypted messaging app Signal has not been hacked, the app maker has confirmed. As Signal use in Eastern Europe increases, rumors had started to circulate that the encrypted messaging app had been hacked.. But as misinformation around the Russia Ukraine conflict escalates, Signal says the hack rumors are part of a coordinated misinformation campaign.
Tomi Engdahl says:
https://www.securityweek.com/nvidia-confirms-employee-credentials-stolen-cyberattack
Tomi Engdahl says:
DDoS Attacks Abuse Network Middleboxes for Reflection, Amplification
https://www.securityweek.com/ddos-attacks-abuse-network-middleboxes-reflection-amplification
Threat actors specializing in distributed denial-of-service (DDoS) attacks have started abusing network middleboxes for reflection and amplification, Akamai warns.
The use of misconfigured network middleboxes and censorship systems for DDoS reflection was theorized last year by a group of researchers at the University of Maryland and University of Colorado Boulder.
In their paper, the academics showed that censorship infrastructure could be abused to achieve DDoS amplification ratios of up to 700,000:1. Furthermore, they showed that firewalls and intrusion prevention systems deployed within non-censoring nation-states could also be weaponized.
Although still small compared to other vectors, attacks that abuse the “TCP Middlebox Reflection” technique appear to be growing in popularity, Akamai says. To date, the method has been used against the banking, gaming, media, travel, and web-hosting sectors.
While the first attacks only peaked at 50Mbps, the most recent assaults hit 2.7 gigabytes per second (Gbps) and 11 Gbps, the latter also peaking at 1.5 million packets per second (Mpps).
With hundreds of thousands of middlebox systems worldwide vulnerable to such attacks, an adversary no longer needs access to a large number of compromised systems and the potential for TCP reflection abuse is very high, especially since TCP Middlebox Reflection has been tested and tried.
Mitigation options, however, are relatively easy to implement, Akamai says. Because SYN packets are typically used to initiate the TCP handshake and not for data transmission, any such packet that has a length greater than 0 bytes is suspect and can be used to trigger defenses.
TCP Middlebox Reflection: Coming to a DDoS Near You
https://www.akamai.com/blog/security/tcp-middlebox-reflection
Executive summary
Over the past week, Akamai Security Researchers have detected and analyzed a series of TCP reflection attacks, peaking at 11 Gbps at 1.5 Mpps, that were leveled against Akamai customers.
The attack, amplified with a technique called TCP Middlebox Reflection, abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack.
Middleboxes range from nation-state censors, such as the Great Firewall of China, to corporate enterprise content filtering systems, and can be found globally.
The novel technique was presented in theory last August by researchers from the University of Maryland and the University of Colorado; however, this is the first we’re seeing it live and in the wild.
This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint.
Some middlebox implementations allow attackers to add SYN, ACK, or PSH+ACK flooding to the attack, on top of the volumetric TCP attack.
Attacks have been observed against organizations in the banking, travel, gaming, media, and web-hosting industries.
Although the current attack traffic is relatively small, we expect to see this type of attack to grow in the future, due to the significant amplification it offers an attacker.
Tomi Engdahl says:
A Free-for-All But No Crippling Cyberattacks in Ukraine War
https://www.securityweek.com/free-all-no-crippling-cyberattacks-ukraine-war
Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasn’t had much of a noticeable impact.
Instead, it’s Ukraine that’s marshalled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war on its neighbor. It’s a kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.
So far, Ukraine’s internet mostly works, its president still able to rally global support via a smartphone, and its power plants and other critical infrastructure still able to function. The kind of devastating cyberattacks thought likely to accompany a large-scale Russian military invasion haven’t happened.
“It has not played as large a component as some people thought it might and it definitely has not been seen outside of Ukraine to the extent that people feared,” said Michael Daniel, a former White House cybersecurity coordinator. “Of course, that could still change.”
It’s not clear why Russia hasn’t landed a more powerful cyber punch. Russia might have determined that the impact wouldn’t be serious enough — Ukraine’s industrial base is far less digitized than in Western nations, for one. Or Russia might have determined that it couldn’t do serious harm to Ukraine without risking collateral impact outside its borders.
Many cybersecurity experts believe the Kremlin, at least for now, prefers to keep Ukraine’s communications open for the intelligence value.
Tomi Engdahl says:
Critical Vulnerabilities Impact Widely Used Printed Circuit Board File Viewer
https://www.securityweek.com/critical-vulnerabilities-impact-widely-used-printed-circuit-board-file-viewer
Security researchers with Cisco’s Talos division this week disclosed six critical-severity vulnerabilities affecting Gerbv, an open source file viewer for printed circuit board (PCB) designs.
A native Linux application, Gerbv is found on many common UNIX platforms, with a Windows version available as well. Gerbv has been downloaded from SourceForge more than 1 million times.
The software is designed for viewing file formats that display layers of circuit boards, including Excellon drill files, RS-274X Gerber files, and pick-n-place files, and can be used either as a standalone application, or as a library.
“Some PCB manufacturers use software like Gerbv in their web interfaces as a tool to convert Gerber (or other supported) files into images. Users can upload gerber files to the manufacturer website, which are converted to an image to be displayed in the browser, so that users can verify that what has been uploaded matches their expectations,” Talos explained.
This makes it possible for an attacker to reach the software over the network without user interaction or elevated privileges.
The identified vulnerabilities, the researchers explain, impact the function that Gerbv employs when opening Gerber files.
Four of the newly disclosed vulnerabilities – tracked as CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, and CVE-2021-40401 – have a CVSS score of 10. All four could be exploited by uploading a specially crafted file to Gerbv.
Tomi Engdahl says:
Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure
https://blog.talosintelligence.com/2022/02/vuln-spotlight-gerbv-g.html
Tomi Engdahl says:
Cyberattacks in Ukraine: New Worm-Spreading Data-Wiper With Ransomware Smokescreen
https://www.securityweek.com/cyberattacks-ukraine-new-worm-spreading-data-wiper-ransomware-smokescreen
Cybersecurity researchers tracking destructive data-wiping malware attacks in Ukraine are finding signs of new malware with worm-spreading capabilities and what appears to be a rudimentary ransomware decoy.
According to new research from Slovakian anti-malware company ESET, the cyberattacks began hours before Russia’s invasion of Ukraine on February 24 with DDoS attacks against Ukrainian government websites and quickly morphed into wiper attacks aimed at destroying data on computer networks.
In all, ESET found the initial attacks leveraging three components:
• HermeticWiper makes a system inoperable by corrupting its data
• HermeticWizard spreads the data-wiper like a computer worm across a local network via WMI and SMB
• HermeticRansom adds a data-extortion ransomware component written in Go
A day later, ESET said its technology intercepted yet another new wiper in a Ukrainian governmental network.
Tomi Engdahl says:
Chris Stokel-Walker / Wired:
Russia’s invasion of Ukraine shows that TikTok’s design and algorithm are ideal for sharing videos of war, but present a challenge for its moderation system
https://www.wired.com/story/ukraine-russia-war-tiktok/
Tomi Engdahl says:
BuzzFeed News:
Google Maps is removing newly added user content, like pins, in Russia, Ukraine, and Belarus, amid claims of its use in coordinating Russian military activity — Responding to claims that its Maps were being used to coordinate Russian military activity in Ukraine, Google …
Google Removed Tags on Ukrainian Google Maps After Users Said They May Have Been Used To Coordinate Russian Air Strikes
https://www.buzzfeednews.com/article/sarahemerson/russia-google-maps-tags-ukraine?scrolla=5eb6d68b7fedc32c19ef33b4
Ukrainian-language accounts claimed edits targeted gas stations, schools, and hospitals in cities like Kyiv.
Tomi Engdahl says:
Juli Clover / MacRumors:
Apple pauses all product sales in Russia, removes RT News and Sputnik News from the App Store outside Russia, and disables Apple Maps’ live traffic in Ukraine — Apple today confirmed that it has stopped all product sales from its online website in Russia, which means customers in Russia …
Apple Halts All Sales From Online Store in Russia [Updated]
https://www.macrumors.com/2022/03/01/apple-stops-product-sales-in-russia/?scrolla=5eb6d68b7fedc32c19ef33b4
Tomi Engdahl says:
Issie Lapowsky / Protocol:
Meta will demote content linking to Russian state media outlets on Facebook and Instagram globally and rolls out encrypted Instagram DMs in Ukraine and Russia — Meta is ramping up efforts to crack down on Russian propaganda and keep users in Russia and Ukraine safe, including …
Meta rolls out encrypted Instagram DMs in Russia and Ukraine
https://www.protocol.com/bulletins/encrypted-instagram-dms-russia-ukraine
The company is also demoting Russian state media worldwide on Facebook.
Meta is ramping up efforts to crack down on Russian propaganda and keep users in Russia and Ukraine safe, including by offering encrypted Instagram direct messages in Russia and Ukraine and demoting Facebook posts by Russian state media outlets worldwide. The company will also demote Facebook posts from users who link to Russian state media, changes the company plans to bring to Instagram as well.
Meta president of Global Affairs Nick Clegg announced the new features Tuesday, adding that Instagram will be giving users notices that they can switch to encrypted chats. Facebook Messenger and WhatsApp already offer encryption. “We feel our priorities are first to continue to make our services available for people to use as safely and securely as possible,” Clegg told reporters on a call.
Russia has already retaliated against Facebook’s actions against state media outlets, announcing last week that it would begin partially restricting Facebook inside the country. Clegg said that “degradation of the service is definitely discernible,” particularly when it comes to photos and videos. That poses an obstacle to anyone inside Russia hoping to document what’s going on there for the outside world.
Clegg said Meta has been in contact with the government of Ukraine and is responding to government requests from all over the world, including requests that Meta completely block its services inside of Russia, which the company has refused to do. “We have explained why we don’t agree with that,” Clegg said. “We think it is essential, as long as this continues, that ordinary Russians can use our services to express themselves, organize and protest and reach out to family and friends in the wider community.”
Tomi Engdahl says:
Ivana Saric / Axios:
Meta says it “will be restricting access to RT and Sputnik across the EU at this time” following requests from several governments and the EU
Meta will restrict Russian state media across EU
https://www.axios.com/meta-russian-state-media-eu-63ad7110-200a-403c-a986-8609c9ee05d8.html
Tomi Engdahl says:
Mark Scott / Politico:
YouTube plans to block Russia-backed RT and Sputnik in the European Union and the UK, following similar bans by Meta and TikTok, citing the invasion of Ukraine
YouTube bans Russian media outlets across Europe
Squeeze tightens on RT and Sputnik.
https://www.politico.eu/article/youtube-bans-russian-media-outlets-across-europe/
Google’s YouTube said Tuesday that it would block Kremlin-backed media outlets RT and Sputnik from Europe following similar bans by Facebook and TikTok.
“It’ll take time for our systems to fully ramp up. Our teams continue to monitor the situation around the clock to take swift action,” Google’s video streaming service said in a statement.
YouTube’s ban — following an announcement from the European Commission that it wanted to remove these Russian media outlets from the EU — would apply within the European Union and the U.K.
Tomi Engdahl says:
Michael Kan / PCMag:
Nvidia confirms hackers have leaked employee data and “some Nvidia proprietary information”; LAPSUS$ group claims it took 1TB data, including DLSS source code — Nvidia has confirmed that hackers stole data from the company during last week’s breach.
Nvidia Confirms Company Data Was Stolen in Hack
Meanwhile, the hackers behind the breach are now releasing some of the stolen files on the web.
https://uk.pcmag.com/graphics-cards/138984/nvidia-confirms-company-data-was-stolen-in-hack
Tomi Engdahl says:
Corin Faife / The Verge:
Web host Namecheap ends services for users registered in Russia over Russia’s “war crimes”, with exceptions for anti-regime media, protest resources, and expats — Exceptions will be made for anti-regime media, protest resources, and Russians no longer living in the country
Namecheap ends service for Russian customers due to government’s ‘war crimes’
https://www.theverge.com/2022/3/1/22956581/russia-ukraine-namecheap-ends-service-war-crimes?scrolla=5eb6d68b7fedc32c19ef33b4
Exceptions will be made for anti-regime media, protest resources, and Russians no longer living in the country
Tomi Engdahl says:
https://www.facebook.com/637758527/posts/10158854793548528/
YouTube esti Euroopassa kaikki Venäjän valtiolliset kanavat esim. RT. Tämä on sitä länsimaista “sananvapautta”.
Myös Venäjän valtioon yhteydessä olevat sovellukset näyttäisivät hävinneen Android-sovelluskaupasta.
RT:n saa edelleen Androidiin toisia kanavia pitkiin. Tästä meiningistä tulee kieltämättä mieleen Kiina.
https://apkpure.com/rt-news/com.rt.mobile.english
Tomi Engdahl says:
Retail investors are willing to take on the risk of buying Ukraine war bonds and help the country against Russia, if only they can figure out how to buy them.
https://www.bloomberg.com/news/articles/2022-03-01/how-to-buy-ukraine-war-bonds-investors-look-to-risky-bet-to-help-show-support?utm_medium=social&utm_campaign=socialflow-organic&cmpid=socialflow-facebook-business&utm_source=facebook&utm_content=business
Tomi Engdahl says:
Intelligence, information warfare, cyber warfare, electronic warfare – what they are and how Russia is using them in Ukraine
https://theconversation.com/intelligence-information-warfare-cyber-warfare-electronic-warfare-what-they-are-and-how-russia-is-using-them-in-ukraine-177899
Russia has one of the most capable and technological militaries on the planet. They have advanced intelligence, information warfare, cyber warfare and electronic warfare capabilities.
Russia has used these technologies in recent years in combat in Syria and the Donbas region in eastern Ukraine, and is using them in its current invasion of Ukraine.
The terms “intelligence,” “information,” “cyber” and “electronic” denote distinct but overlapping fields. As a cybersecurity professor of practice, I can explain what they are and how Russia is using them in Ukraine.
Intelligence and counterintelligence in the information age
The role of intelligence is to gain insight about the enemy’s activity. The role of counterintelligence is to blind the enemy or distort his view. Automation in intelligence surveillance and reconnaissance – key functions of intelligence in warfare – has become a common practice for modern militaries.
Intelligence services collect vast amounts of data from open-source intelligence (OSINT) – information collected from news, social media and other publicly available sources – as well as secret sources, and use artificial intelligence to analyze the information.
Russia has reportedly progressed faster at integrating AI in intelligence systems than the U.S. expected them to.
It’s impossible to know what information Russia has collected, but its access to OSINT, spy satellites, operatives in Ukraine, powerful computers and experienced analysts makes it likely that Russia has extensive intelligence about Ukraine’s military and political situation.
Information and disinformation
Information warfare is the battle waged in the news media and on social media to bolster popular support; persuade and induce the sympathy of potential allies; and simultaneously spread confusion, uncertainty and distrust in the enemy’s population.
Russia has used and is likely to continue to use cyber operations to subvert the Ukrainian government. For example, in the weeks leading up to both the 2014 and 2022 invasions, Ukrainian soldiers were targeted with disinformation designed to sow confusion and disorder in the event of an attack.
Russian messaging about “liberating” portions of Ukraine is the disinformation most likely aimed at an international audience, and I expect attempts to legitimize Russia’s actions will continue.
There is an ongoing contest to control the narrative about what is happening in Ukraine. Russia is running an active disinformation campaign and I expect it is using AI to find and generate content at a rapid rate.
Some information circulating on social media, like this video purporting to show Russian bombers over Ukraine, has been proven to be fake. This underscores how difficult it is to be certain of the truth with a high volume of fast-changing information in an emotionally charged, high-stakes situation like warfare.
Cyber warfare
Cyber warfare entails infiltrating and disrupting the enemy’s computer systems. This includes generating denial of service attacks to block access to websites, breaking into computer systems to steal or destroy data, and taking control of computer systems to disrupt critical infrastructure like power grids.
U.S. and U.K. intelligence agencies reported on Feb. 23, 2022 that hackers based in Russia had unleashed a powerful new type of malware against targets in Ukraine. The attacks appear to have been targeted at Ukrainian government and telecommunications facilities, including the Ministry of Internal Affairs, and involve the theft and destruction of data.
Russia’s invasion of Ukraine was preceded by several weeks of cyberattacks, including an attack that posted a fake ransomware note and then destroyed data. These attacks were part of a multi-year campaign of cyber warfare against Ukraine, which included attacks on portions of the country’s power grid.
A rapid response team of cybersecurity experts in the European Union has mobilized to assist Ukraine in defending against cyberattacks by detecting when attacks are occurring. The Ukrainian government has also called on the Ukrainian hacker community to help defend the country, by protecting computer systems that control critical infrastructure like the power grid.
Electronic warfare
Electronic warfare describes efforts to disrupt or misdirect the enemy’s electronic systems like radar and communications networks. It can include blocking radio signals, remotely destroying computer circuits and spoofing GPS signals to disrupt navigation.
Russia has a long history of controlling the electromagnetic spectrum.
Russia has used systems that interfere with the signal reception from satellites in eastern Ukraine. These systems can be used to block communications and disrupt control of drones.
Though the Russian military has shown some interesting technological innovations in recent years, it’s not clear whether it has mastered this new way of conducting warfare.
Tomi Engdahl says:
Google pulls Russia Today, Sputnik from Play Store as EU ban looms
https://techcrunch.com/2022/03/02/google-rt-sputnik-apps-play-store/?tpcc=tcplusfacebook
Google has followed Apple’s lead and removed the apps of Russia Today (RT) and Sputnik from its mobile app Store, Play, per Reuters.
The two Kremlin-lined media outlets have been sanctioned in the European Union following Russia’s invasion of Ukraine.
It’s not immediately clear if the Play Store ban on the Russian state-affiliated media entities’ apps is limited to the EU — where a ban on the two entities is expected to come into force today.
Google had previously banned the RT News app in Ukraine at the request of the government in Kyiv.
https://www.reuters.com/technology/exclusive-google-blocks-rt-sputnik-play-app-store-europe-2022-03-02/
Tomi Engdahl says:
Hackers Make Russian Charging Stations Display “Putin Is A Dickhead” Message
https://www.iflscience.com/technology/hackers-make-russian-charging-stations-display-putin-is-a-dickhead-message/
A Ukrainian company that supplies parts for electric vehicle charging stations in Russia has been accused of using their access in order to display messages such as “Slava Ukraini” (Glory to Ukraine) and “Putin is a dickhead”.
“Charging stations installed on the M-11 route were purchased in 2020 according to the results of an open purchase procedure,” Russian energy company Rosseti wrote of the incident on Facebook.
Tomi Engdahl says:
2022 Russia-Ukraine war — Cyber group tracker.
https://cyberknow.medium.com/2022-russia-ukraine-war-cyber-group-tracker-6e08ef31c533
Since even before the outbreak of war between Russia and Ukraine I have been tracking cyber-groups that have been conducting some form of cyber-attacks in support of either side. The following list is what I have come across — all of these have conducted some form of attack or declared allegiance since the outbreak of the war.
The idea is to make this an open project and get community input to make sure we capture all the actors during the conflict as a reference source. It will be value data as a case study of what it may like look for future conflicts, big or small and how different elements of cyberspace may engage in ‘warfare’.
The idea is to make this an open project and get community input to make sure we capture all the actors during the conflict as a reference source. It will be value data as a case study of what it may like look for future conflicts, big or small and how different elements of cyberspace may engage in ‘warfare’.
This is a living table and will change as we get more information — it is correct as of 27 FEB 2022.
Tomi Engdahl says:
This table will be updated daily and for real-time updates follow on twitter:
https://twitter.com/Cyberknow20
Tomi Engdahl says:
Top Russia funds have erased roughly 60% of their value amid Putin’s invasion of Ukraine.
Russia Stock Market Crash Intensifies—BlackRock Warns Investors Of ‘Significant Declines’
https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fjonathanponciano%2F2022%2F03%2F01%2Frussia-stock-market-crash-intensifies-blackrock-warns-investors-of-significant-declines%2F%3Futm_campaign%3Dforbes%26utm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_term%3DGordie&h=AT09u5IfcS97FX9zWtGzqT58RuvahMFd_uCWPYGSed-zrw4VxXLGiuB9d-zAsoGNq3KfDhyY60hvciCgLdhSuFGvLZrOb9e3bYnfsUnzH00XNN2jjf9J-h6sJH-k_4UiqxEV5CtL6lKj7H1RNQ
Though the Moscow Stock Exchange was closed for a second straight day, the Russian stock market was battered by steep declines again on Tuesday as shares and funds trading internationally plummeted in value, prompting $10 trillion asset manager BlackRock to caution investors about buying into the funds while the volatility lingers.
Tomi Engdahl says:
No need to declare captured Russian tanks, other equipment of invaders as income – NAPC
https://en.interfax.com.ua/news/general/804441.html
Ukraine’s National Agency for the Protection against Corruption (NAPC) has declared that captured Russian tanks and other equipment are not subject to declaration.
“Have you captured a Russian tank or armored personnel carrier and are worried about how to declare it? Keep calm and continue to defend the Motherland! There is no need to declare the captured Russian tanks and other equipment, because the cost of this … does not exceed 100 living wages (UAH 248,100),” NAPC’s press service said.
“Speaking by the letter of the law, combat trophies are not subject to reflection in the declaration for the following reasons: they were acquired not as a result of the conclusion of any type of transaction, but in connection with the full-scale aggression of the Russian Federation on February 24, 2022 against the independent and sovereign Ukrainian state as a continuation the insidious attack of the Russian Federation on Ukraine launched in 2014. “
Tomi Engdahl says:
Yksi kuva kertoo, miten rajusti poikkeukselliset pakotteet tehoavat https://www.is.fi/taloussanomat/art-2000008653736.html
Tomi Engdahl says:
I’ve studied nuclear war for 35 years — you should be worried. | Brian Toon | TEDxMileHigh
https://www.youtube.com/watch?v=M7hOpT0lPGI
For the first time in decades, it’s hard to ignore the threat of nuclear war. But as long as you’re far from the blast, you’re safe, right? Wrong. In this sobering talk, atmospheric scientist Brian Toon explains how even a small nuclear war could destroy all life on earth — and what we can do to prevent it. A professor in the Department of Atmospheric and Oceanic Sciences at the University of Colorado-Boulder, Brian Toon investigates the causes of the ozone hole, how volcanic eruptions alter the climate, how ancient Mars had flowing rivers, and the environmental impacts of nuclear war. He contributed to the U.N.’s Nobel Peace Prize for climate change and holds numerous scientific awards, including two NASA medals for Exceptional Scientific Achievement. He is an avid woodworker. This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at https://www.ted.com/tedx
Tomi Engdahl says:
As Ukraine’s cyber army takes the war to Russian banks and government websites, it’s working with Elon Musk to set up satellite internet.
Ukraine’s Propaganda Offensive, Led By Ad-Tech Entrepreneurs, Appears To Be Winning
https://www.forbes.com/sites/thomasbrewster/2022/03/01/ukraine-propaganda-machine-might-be-winning-against-russia/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&sh=7486a379536d
As Ukraine’s cyber army takes the war to Russian banks and government websites, it’s working with Elon Musk to set up satellite internet. Two former ad-tech entrepreneurs are leading the country’s information warfare charge. Outside experts think they’re winning.
A mere two weeks ago, the former advertising entrepreneurs who run Ukraine’s Ministry of Digital Transformation were focused on making the Kyiv government more accessible by smartphone. Last week, they organized a crowdsourced cyber army, claiming to have knocked Russia’s biggest bank off the internet. This week, it was back to smartphones. They’re distributing an app that’s essentially an air-raid siren to warn Ukrainians of Russian attacks from the sky.
So many lives have utterly changed in the seven days since Russian President Vladimir Putin ordered Russian forces to invade Ukraine. The two former ad-tech executives who helm Ukraine’s digital ministry are no exception. The chief, 31-year-old Mykhailo Fedorov, has gone from being best-known for handling advertising for Ukraine President Volodymyr Zelensky’s 2019 election campaign to, now, being the face of Ukrainian cyber resistance. In the last 24 hours, he’s claimed his cyber army is waging an unprecedented online war and posted online images of himself with freshly-imported satellite-link equipment donated by Elon Musk so the country can maintain an online presence.
Federov’s deputy, Alex Bornyakov, a former ad-tech entrepreneur who turned 40 on Tuesday, told Forbes the army of hackers crowd-sourced through Telegram aimed to “coordinate all the people that want to help Ukraine fight Russian propaganda and help with cyberattacks.
“With this coordination, we had a lot of impact on media, telling the truth to Russian people” who didn’t know what was happening in Ukraine because their government wasn’t telling them, Bornyakov said. “Our goal is to show them that politics and the way that Putin thinks and his actions are going to bring down the whole of Russia. We fight lies and fakes with transparency.”
Ukraine is ‘winning’ the info war
As bombs fall on Ukraine and Russian troops find stiff resistance in the armed struggle fought on the streets of cities such as the capital Kyiv and Kharkiv in the East, Ukraine is winning the information war, according to sources outside the country.
The Russians “are losing the information battle – badly. And they know it,” said Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, a former cofounder of cybersecurity company CrowdStrike and a Russian living in the U.S. He said Russia was failing to push back on Ukrainian propaganda, which was flooding the internet, in particular around their military successes, but also via Fedorov’s claims of an unprecedented cyberwar being carried out via the IT army.
Ukrainian propaganda has included exaggerations and untruths, Alperovitch said, noting that many of its claims were “doubtful or proven to be false.” For example, Fedorov’s claim that the Moscow Exchange, which was offline Monday, was still down the next day thanks to a cyberattack by the IT army, was proven not to be true.
David Betz, professor of war in the modern world at King’s College London, agreed that Ukraine was filling the web with fake information, though Russians were quick to point out fabrications. “What’s been impressive on Telegram is how rapidly the Russians are taking them apart,” he said. Conversely, he said that he believed some Russian information, surprisingly, was being provided with little obvious embellishment. He pointed to a Telegram channel, where figures for destroyed military targets were being published with little fanfare and appeared to be accurate.
“I think that [Ukraine] is winning international opinion, but that’s largely because every Western media organization and government is amplifying and repeating their narrative, despite the fact that [Ukraine’s propaganda is] fake and verifiably fake to anybody that has the gumption to do basic research,” Betz added.
Sometimes the information is intriguing, though difficult to verify, most notably a leak today via Ukrainian publication Pravda, which claimed to have published a list of 120,000 Russian military personnel in Russia. As noted by Thomas Rid, professor of strategic studies at Johns Hopkins University, it may take a long time to verify the veracity of the leak.
The Ukrainian IT army’s operations are being done in the open on the social-media app Telegram, where target lists of Russian entities are posted and members have been encouraged to send reports to Google’s YouTube to ban Russian broadcasters, such as Russia24. YouTube, though it has blocked channels connected to RT and Sputnik across Europe, hasn’t taken action or responded to requests for information on Russia24. “Our teams continue to monitor the situation around the clock to take swift action,” a YouTube spokesperson said.
The army’s transparency, where anyone can join and no personal information is being taken from participants, means that the chance of actionable Russian infiltration is low. Even if a cyberattack target is announced, it’s launched within five minutes, making it difficult for any spies to send useful alerts, Bornyakov said. As for who makes up the army, “most of them are Ukrainians,” he said, adding that they include a mix of tech founders and IT workers.
The Musk connection
Bornyakov said that his team evacuated Kyiv, in part, to get away from the bombing and from bunkers where there was no web connectivity. The arrival of Musk’s satellites should help provide more stable internet access, though it’s unclear how much of Ukraine will be covered. “It’s already live,” he said. More satellites are expected.
He wouldn’t be drawn into providing a statement on whether or not the army would try to hack into Russian servers, saying it was too sensitive to discuss.
Though the cyber side of the war has been far more muted than expected, Bornyakov believes the IT army’s attacks have been successful. One target, Sberbank, remained down after more than 24 hours, though the financial institution hasn’t commented on whether or not it was inaccessible because of a cyberattack or another reason.
A sign that Ukraine’s cyberwarfare may be getting the best of Russia, for now, is the Tuesday announcement by Russia’s TASS news agency urging citizens to leave Kyiv as it was planning to launch “precision” attacks on the country’s intelligence and information warfare agencies.
With Musk’s satellites providing internet connectivity from above, it looks like Ukraine will be able to continue the online information war even if its telecommunications infrastructure goes down. But there are other ways to transmit information that don’t need the internet. The Digital Transformation department this week went old school in trying to win the information war. It announced that Ukrainians in call centers were getting on the phone to Russians to tell them their version of the war in Ukraine.
Follow me on Twitter. Check out my website. Send me a secure tip.
Thomas Brewster
Follow
I’m associate editor for Forbes,… Read More
CorrectionsReprints & Permissions
© 2022 Forbes Media LLC. All Rights Reserved.
AdChoicesPrivacy StatementDo Not Sell My Personal InformationTerms and ConditionsContact UsReport a Security IssueJobs At ForbesReprints & PermissionsForbes Press RoomAdvertise
Cookies on Forbes
Tomi Engdahl says:
Venäjän hyökkäys Ukrainaan saattaa aiheuttaa pahemman pakolaiskriisin Euroopassa kuin mikä koettiin 2015 – moni asia on nyt toisin
https://yle.fi/uutiset/3-12338270
YK varautuu siihen, että Venäjän hyökkäystä saattaa paeta neljä miljoonaa ukrainalaista. Toistaiseksi jopa Euroopan maahanmuuttovastaiset maat pitävät ovensa avoinna.
Tomi Engdahl says:
Venäjän Lavrov: Kolmas maailmansota olisi ydinsota
https://yle.fi/uutiset/3-12314941
Venäjän ulkoministeri Sergei Lavrov väittää, että Ukraina olisi hankkimassa ydinasetta, kertoo venäläinen uutistoimisto Ria.
Lavrovin väitteitä ei ole voitu vahvistaa.
Ukraina luopui ydinaseistaan 1990-luvlla. Lavrov sanoi tänään, että Venäjä ei salli Ukrainan hankkia joukkotuhoaseita. Lavrov myös sanoi, että mikäli maailmassa syttyisi kolmas maailmansota, se olisi koko maailman kannalta tuhoisaa.
Lavrovin mukaan kolmas maailmansota käytäisiin ydinaseilla.
Lähteet: AFP, Reuters, Tass
Tomi Engdahl says:
Kommentti: Venäjän valuuttahalvauksesta on yllättävän lyhyt matka talouden sekasortoon – ja jopa hyperinflaatioon
https://www.is.fi/taloussanomat/art-2000008651307.html
Länsimaiden rajuiksi kiristyneet talouspakotteet aiheuttavat jo vakavaa vahinkoa Venäjän taloudelle. Maan rahaolot ovat sekasorron partaalla, kirjoittaa erikoistoimittaja Jan Hurri.
Tomi Engdahl says:
Asiantuntijat: Tätä nähdään Ukrainan kybersodassa seuraavaksi
https://www.is.fi/digitoday/tietoturva/art-2000008653212.html
Kyberturvallisuuden asiantuntijoiden mukaan kybermaailmassa sodan rintamalinjat ovat entistäkin sumuisemmat.
Ukrainassa käydään sotatoimia kahdessa maailmassa. Toinen on fyysinen maailma, jossa nähdään pommituksia ja panssarivaunuja. Samaan aikaa sotaa käydään digitaalisessa maailmassa tietoverkkojen puolella eli toisin sanoen kybermaailmassa.
Näin arvioivat suomalaiset kyberturvallisuuden asiantuntijat STT:lle.
Aalto-yliopiston kyberturvallisuuden professori Jarno Limnéllin mukaan kybermaailmassa sotaa käydään eri pelisäännöillä kuin fyysisen maailman puolella. Sodan toimijat vaihtelevat valtioista aktivisteihin, eikä esimerkiksi maantieteellisistä etäisyyksistä tarvitse välittää.
– Sodan rintamalinjat ovat sumuisemmat kuin fyysisen maailman puolella, Limnéll sanoo.
Toistaiseksi huomio Ukrainaan kohdistuvissa sotatoimissa on ollut fyysisen maailman sodankäynnissä. Kyberpuolella on tehty vasta suhteellisen lieviä hyökkäyksiä. Limnéll kuitenkin uskoo, että kybermaailman käyttö tulee lähiviikkoina lisääntymään.
Mielikuvien ja propagandan taistelua
Hakkeriryhmä Anonymous julisti viime viikolla kybersodan Venäjää vastaan ja on sittemmin kertonut hakkeroineensa lukuisia venäläissivustoja ja häirinneensä niiden toimintaa.
Julistettuaan kybersodan Venäjää vastaan Anonymous kertoo kaataneensa jo yli 300 venäläistä verkkosivustoa.
Vastikään Anonymous kehotti ihmisiä kirjoittamaan Google Mapsin karttapalvelussa ”arvosteluja” venäläiskaupunkien yrityksille ja palveluille. Arvostelujen sijaan ihmiset ovat kertoneet tietoja Ukrainasta ja vaatineet sodan lopettamista.
Lisäksi Anonymous on hakkeroitunut useisiin venäläisiin tv-kanaviin näyttääkseen Ukraina-myönteistä sisältöä.
– Nämä iskut voivat olla aika kivuliaita Venäjälle, sillä valtionjohdon tavoitteena on pyrkiä hallitsemaan informaatiotilaa, Limnéll kertoo.
Venäjä pakotettu suojelemaan omaa kotikenttäänsä
Ukrainan hallinnollisiin verkkosivuihin kohdistui paljon palvelunestohyökkäyksiä ennen Venäjän viime torstaina aloittamaa laajamittaista hyökkäystä. Kun Venäjä aloitti maaoperaationsa, näytti siltä, että kyberiskut hiljentyivät.
– Ehkä syynä oli se, että venäläiset pyrkivät olemaan koskematta kriittiseen infrastruktuuriin. Ajatus varmaan oli, että he pääsisivät nopeasti kiinni hallintoon Ukrainan luopuessa puolustuksesta, kertoo Maanpuolustuskorkeakoulun sotilasprofessori Aki-Mauri Huhtinen.
Kun näin ei ole käynytkään, on odotettavissa, että Venäjä aloittaa taas perinteiset kyberiskut Ukrainaa vastaan. Huhtinen pitää mahdollisena, että Venäjä pyrkisi sulkemaan Ukrainan kyberympäristöä hallinnon antautumisen vauhdittamiseksi. Onko Venäjällä siihen mahdollisuuksia, on eri asia.
– Nyt kun Anonymous on julistanut Venäjää vastaan kybersodan, on heidän oma kyberpuolustuksensa suojaamassa Venäjän kotikenttää ja hallintoa. Heillä on tällä hetkellä varmaan kädet aika täynnä, arvioi Huhtinen.
Anonymous ei niinkään auta Ukrainaa valtiona vaan aiheuttaa sen, että Venäjän pitää suojata omia järjestelmiään. Puolustautumiseen tarvittava kapasiteetti puolestaan on pois Ukrainaan kohdistuvasta hyökkäysvoimasta.
Vaikka Anonymousin kybersodanjulistus onkin saanut paljon kansainvälistä huomiota, ei Ukraina ole suinkaan jättänyt kyberuhkilta suojautumistaan kokonaan anonyymin hakkeriryhmän käsiin.
Huhtisen mukaan Ukrainan kyky seurata omia tietoverkkojaan ja suojautua kyberhyökkäyksiltä on koko ajan kehittynyt. Lisäksi Ukraina saa apua länsimailta.
– Missään tapauksessa tämä ei ole Anonymousin varassa, vaikka apu onkin varmasti tervetullutta. He (ukrainalaiset) ovat kehittyneet vuosien varrella, ja heillä on täysin selvä kuva siitä, että heidän kriittistä infrastruktuuriaan on yritetty pommittaa kyberulottuvuudessa, Huhtinen kertoo.
Informaatiokamppailussa hyödynnetään jopa meemejä
Limnéllin mukaan kybersodankäynnissä on erotettavissa kaksi ulottuvuutta. Ensimmäinen niistä on informaatiovaikuttamista eli kyberpsykologista sotaa, jossa käydään kamppailua narratiiveista ja pyritään vaikuttamaan ihmisten ajatteluun ja mielikuviin.
– Tämän päivän informaatioteknologia antaa tähän aivan uudenlaiset mahdollisuudet. Voi esimerkiksi sanoa, että tämä sota on ensimmäinen meemisota, Limnéll sanoo.
Limnéllin mukaan informaatiokamppailu on vain tiivistymässä.
Kybersodankäynnin toista puolta Limnéll kutsuu kybertekniseksi sodankäynniksi. Sillä tarkoitetaan esimerkiksi tietojärjestelmiin murtautumista ja niiden lamauttamista.
Ukrainassa vahvimmin ovat olleet esillä palvelunestohyökkäykset, joissa hyökkäyksen tarkoituksena on pyrkiä haittamaan esimerkiksi verkkosivun toimintaa. Niitä on tehty molemmin puolin. Muun muassa Ukrainan hallinnon ja Venäjän puolustusministeriön verkkosivut ovat olleet kaatuneina.
Ukrainassa on havaittu myös haittaohjelmia, jotka ovat tuhonneet tietoja valtionhallinnon tietojärjestelmissä.
Limnéllin mukaan suuri huoli Ukrainassa on, että Venäjä iskisi kyberhyökkäyksellä maan energiantuotantoon ja -jakeluun. Tällaisella kyberhyökkäyksellä olisi selvät suorat vaikutukset fyysiseen maailmaan esimerkiksi sähkökatkosten muodossa.
Korruptiopaljastukset voisivat iskeä kipeästi
Anonymous on järjestäytyneen organisaation sijaan enemmänkin hakkereiden löyhä yhteenliittymä, johon kuka tahansa voi kuulua.
– Anonymous on enemmänkin ideologia kuin järjestäytynyt joukko, sillä ei ole johtajaa, Limnéll sanoo.
Jokainen voi olla Anonymousin jäsen, jos niin haluaa. Anonymousin jäsen voi yhtä hyvin olla valtiollinen toimija tai rikollinen. Mukana on mahdollisesti myös venäläisiä aktivisteja.
Kyberturvallisuuden professori rinnastaa hakkereiden toiminnan fyysisessä maailmassa järjestettäviin mielenosoituksiin.
– Tämä on lippujen heiluttamista ja megafoneihin huutamista verkkomaailmassa, johon jokainen voi osallistua, Limnéll kuvailee.
Mukana maailman parhaita hakkereita
Anonymousia ei ole syytä pitää täysin pyyteettömästi Ukrainan avuksi rientäneenä pelastajana. Huhtinen huomauttaa, että Anonymousista tekee ongelmallisen se, ettei ryhmä ole kenenkään johdossa tai kontrollissa. Mukana voi olla myös rikollisia toimijoita.
– Anonymousilla voi olla muitakin tarkoitusperiä kuin tämä Venäjälle julistettu kybersota, Huhtinen muistuttaa.
Kyberhyökkäykset voivat eskaloida sodan kulun
Vakavampia kyberhyökkäyksiä, jotka kohdistuisivat kriittiseen infrastruktuuriin kuten energianjakeluun, terveydenhuollon tietojärjestelmiin tai finanssimaailmaan, ei olla Ukrainan konfliktissa vielä nähty. Tähän voi olla tulossa muutos.
Limnéllin mukaan ilmassa on merkkejä, että sekä valtioiden että ei-valtiollisten aktivistiryhmien toiminta kybermaailmassa olisi kiihtymään päin. On jo havaittu, että esimerkiksi Valko-Venäjän rautateiden tietojärjestelmiin on kyetty hakkeroitumaan ja siten vaikeutettu kaluston kuljetuksia.
– Venäjä on viime päivinä varoittanut yrityksiään ja kriittisen infrastruktuurin toimijoitaan siitä, että kyberhyökkäysten vaara on kasvanut. Puhutaan jopa kriittisestä vaarasta, Limnéll sanoo.
– Jos lähdetään vaikuttamaan toimintoihin ja palveluihin, joiden varassa yhteiskunta toimii, niin hyökkäysten onnistuessa ihmisiä kuolee. Silloin on todellinen vaara, että koko sota eskaloituu entistään.
Kyberhyökkäysten heijastevaikutukset voivat olla arvaamattomia ja näkyä myös Suomessa. Sotilasliitto Nato on sanonut, että vakava kyberhyökkäys yhtä sotilasliiton jäsenmaata kohtaan voisi aktivoida artikla 5:n eli yhteisen puolustuksen.
https://twitter.com/YourAnonNews/status/1498337491056836610
Go to Google Maps. Go to Russia. Find a restaurant or business and write a review. When you write the review explain what is happening in Ukraine.
Idea via @Konrad03249040
Tomi Engdahl says:
https://hackaday.com/2022/03/01/playstation-4-controller-gets-a-usb-c-upgrade/
Tomi Engdahl says:
Pelottava esimerkki puree – tämän vuoksi venäläistähdet eivät kritisoi Vladimir Putinia
https://www.iltalehti.fi/jaakiekko/a/47ac6ddb-6467-4b8b-90de-e5894b352b95
Tomi Engdahl says:
Asiantuntija: Suomi voi olla seuraava Ukraina
Iltalehti kysyi asiantuntijoilta, mikä on Venäjän tulevaisuus, ja mitä Suomen pitäisi tehdä nyt, kun Venäjä on näyttänyt, että se voi hyökätä demokraattiseen eurooppalaiseen naapurimaahansa.
https://www.iltalehti.fi/politiikka/a/355ffb4f-6fd3-4254-bceb-7e5b9a56eb84
Suomessa on tähän asti ajateltu, että Suomen sotilaallinen liittoutumattomuus on osa vakauspolitiikkaa eli Suomi ei halua kärjistää suhdettaan Venäjään kuulumalla Natoon. Tosin samaan aikaan Suomessa on myös pidetty yllä niin sanottua Nato-optiota eli mahdollisuutta hakea Nato-jäsenyyttä.
Suomi on myös korostanut hyvien Venäjä-suhteiden merkitystä ja satsannut vahvaan omaan puolustukseen.
Torstaina Venäjä muutti kertarysäyksellä koko Euroopan turvallisuusasetelman hyökkäämällä Ukrainaan. Samalla myös Suomen Venäjä-suhde muuttui.
Tomi Engdahl says:
KHL:n mielestä Venäjä ei ole sodassa – se on iso ongelma suomalaispelaajille
https://www.iltalehti.fi/khl/a/d259d76b-56cc-497c-bec7-44b64889df85
Tomi Engdahl says:
Nämä somejätit rajoittavat pääsyä venäläismediaan
Sosiaalisen median palvelut ovat alkaneet rajoittaa pääsyä RT- ja Sputnik-uutispalveluihin EU:ssa.
https://www.iltalehti.fi/digiuutiset/a/180d0a97-ccaf-471f-875f-9167a59b4758
Facebook, Youtube ja useat muut sosiaalisen median palvelut ovat alkaneet rajoittaa pääsyä Venäjän hallinnon operoimille RT- ja Sputnik-tileille Euroopassa. Palvelut haluavat välttää valeuutisten ja väärän tiedon levittämistä alustoillaan. Asiasta kertoo Cnet.
Facebook, YouTube to Restrict Some Russian State-Controlled Media Across Europe
The social networks are limiting access to RT and Sputnik across the EU.
https://www.cnet.com/news/facebook-youtube-to-restrict-some-russian-state-controlled-media-across-europe/
Facebook, YouTube and other social networks are restricting access to Russian state-controlled media outlets RT and Sputnik across Europe, amid calls to crack down on disinformation. The move will likely heighten tensions between some of the world’s most popular social networks and the Russian government.
Facebook’s parent company, Meta, said Monday that it will limit the accessibility of Sputnik and RT across the European Union.
“We have received requests from a number of governments and the EU to take further steps in relation to Russian state-controlled media. Given the exceptional nature of the current situation, we will be restricting access to RT and Sputnik across the EU at this time,” Nick Clegg, who oversees global affairs at Meta and is a former UK deputy prime minister, said in a tweet.
Clegg didn’t respond to questions on Twitter about what the restrictions entail, how many requests Meta has received and from which governments or how many Facebook users will be impacted by these restrictions. Clegg also didn’t say when these restrictions would start. RT’s Facebook page has 7.4 million followers and Sputnik’s Facebook page has 1.4 million followers. The media outlets are also on Facebook-owned Instagram, a photo and video service. RT has 839,000 followers on Instagram and Sputnik has 116,000 followers.
Tomi Engdahl says:
Kaapatut radioviestit: Venäjän joukot ”täydellisen sekasorron vallassa”
Brittiyrityksen tiedustelutiedot kertovat karua kieltä joidenkin venäläisten sotilaiden tilanteesta.
https://www.iltalehti.fi/ulkomaat/a/962315f2-1845-4022-95d1-9eb0af4f88ea
Venäjän armeijan rivit näyttävät rakoilevan Ukrainassa, ainakin jos on luottaminen siltä kaapattuihin radiosanomiin.
Venäläistä radioviestintää on hankkinut käsiinsä britannialainen tiedustelualan yritys ShadowBreak Intl. Sen löydöksistä uutisoi arvostettu brittilehti The Telegraph, joka ei ole kuitenkaan kyennyt itsenäisesti vahvistamaan materiaalin aitoutta.
Nauhoja radiokeskusteluista on noin 24 tunnin edestä. Tiedusteluyrityksen mukaan osa Venäjän armeijasta viestii keskenään kännyköillä ja analogisilla radiopuhelimilla, joiden salakuuntelu käy varsin helposti.
– Se on käytännössä kuin salakuuntelisi poliisitaajuutta Yhdysvalloissa, ShadowBreak Intl -yrityksen perustaja Samuel Cardillo toteaa Telegraphille.
Hänen mukaansa venäläisjoukot ovat radioviestien perusteella ”täydellisen sekasorron vallassa”. Useilla kaapatuista äänitteistä rivisotilaat itkevät ja valittavat esimerkiksi ruoan puutteesta. Tallenteilla on myös heidän välistään riitelyä.
Venäjän sotajohdon kannalta huolestuttavaa on, että nauhoille on tallentunut myös otteita, joilla alaiset kieltäytyvät johtajiensa käskyistä.
”Taistelutahto on vähäistä”
Riippumattomissa venäläismedioissa on jo aiemmin ollut uutisia, joiden mukaan jotkut sotilaista eivät tienneet edes ”sotaharjoituksiin” lähtiessään, että matka käy todellisuudessa oikean sodan rintamalle. Ukrainalaismedian mukaan myös Venäjän sotilaiden kaikki yhteydet kotiin ovat olleet käytännössä poikki.
– Taistelutahto on vähäistä, mikään ei ole organisoitua, sotilaat eivät halua taistella ja jättävät epäröimättä paikkansa, Yhdysvaltain laivaston johtava Venäjä-asiantuntija Michael Kofman tiivistää lehdelle.
Suomalainen sotilasasiantuntija arvioi jo viikonloppuna Iltalehdelle, ettei sotaoperaatio Ukrainassa ole edennyt Venäjän odotusten mukaisesti. Myös maan johtajan Vladimir Putinin tilannekuvan realistisuutta on epäilty.
Russian troops in disarray and ‘crying’ in combat, radio messages reveal
https://www.telegraph.co.uk/world-news/2022/03/01/russian-troops-disarray-crying-combat-radio-messages-reveal/
Soldiers are refusing to obey orders – including to shell Ukrainian towns – while others have walked away from battle
Tomi Engdahl says:
Global hacking group Anonymous launches ‘cyber war’ against Russia
https://www.cnbc.com/2022/03/01/how-is-anonymous-attacking-russia-disabling-and-hacking-websites-.html
Following Russia’s invasion of Ukraine, a Twitter post from an account named “Anonymous” summoned hackers around the world to target Russia.
Subsequent posts claimed the group was responsible for pulling down websites of the Russian oil giant Gazprom, the state-controlled Russian news agency RT and numerous Russian and Belarusian government agencies.
Attracting the ire of online hackers is yet another example of how global players — from NATO powers to international businesses and everyday consumers — are protesting Russia’s invasion of Ukraine.
The murky online group known as Anonymous appears to be wading into the Ukraine-Russia conflict by declaring it is at cyber war against President Vladimir Putin and the Russian government.
Following Russia’s invasion of Ukraine, a Twitter post from an account named “Anonymous” — with 7.4 million followers and nearly 190,000 Tweets — summoned hackers around the world to target Russia.
In the days thereafter, posts by the account claimed responsibility for disabling websites belonging to the Russian oil giant Gazprom, the state-controlled Russian news agency RT, and numerous Russian and Belarusian government agencies, including the Kremlin’s official site.
“Russia may be using bombs to drop on innocent people, but Anonymous uses lasers to kill Russian government websites,” read a post on Feb. 26.
A post from the account on Feb. 24 stated the loosely connected global group was gearing up for action against the country — “and we will be retweeting their endeavors,” it said.
No official account
Despite the account’s large following, the person — or persons — behind the “Anonymous” Twitter account denied that it is the group’s official account, stating in a post: “We are a decentralized resistance movement. There is no official #Anonymous account.”
Substantiating the group’s claims is difficult, if not impossible, since anonymity is a key tenet of the collective.
A review of a website that checks server outages confirmed that many of the websites that the group claimed to have knocked down are currently — or were recently — disabled.
An article on RT published on Feb. 28 confirmed that its own website, as well as that of the Kremlin, had in fact been shuttered by Anonymous last Friday. The article also stated the group had targeted other Russian and Belarusian media outlets on Monday, replacing their main pages with the message “Stop the war.”
A global coalescence
Attracting the ire of online hackers is yet another example of how global players — from NATO powers and international businesses to everyday consumers — are using their leverage, big or small, to protest Russia’s invasion of Ukraine.
A global coalescence
Attracting the ire of online hackers is yet another example of how global players — from NATO powers and international businesses to everyday consumers — are using their leverage, big or small, to protest Russia’s invasion of Ukraine.
A two-sided cyber war
Russia is already believed to be engaging in its own version of cyber warfare with Ukraine. Last week, destructive “data wiping” software hit Ukrainian governmental agencies and financial institutions, according to Reuters. The news agency said Russia has denied any involvement.
Several of Ukraine’s governmental websites last week were shut down in denial-of-service, or “DDoS,” attacks, reported Reuters. Ukraine has suffered digital attacks since 2014, when Russia annexed the Crimean peninsula, it said.
A post by the “Anonymous” Twitter account last week reiterated that the group is not at war with Russia as a whole, or its people.
The identities of those behind Anonymous are largely unknown. A pinned message on the “Anonymous” Twitter account states that they are “working class people seeking a better future for humanity … who agree on a few basic principles: freedom of information, freedom of speech, accountability for companies and governments, privacy and anonymity for private citizens.”
Anonymous has targeted other high-profile entities in the past, including the governments of the United States and China, the Church of Scientology and the Islamic State group, while expressing support for uprisings such as the Arab Spring and Occupy Wall Street.
https://twitter.com/YourAnonNews
Tomi Engdahl says:
Russian Media Sites Hacked; Anonymous Claims Responsibility
https://www.voanews.com/a/russian-media-sites-hacked-anonymous-claims-responsibility/6462874.html
Many Russian media outlets have been hacked, with anti-war messages being placed on their websites, as Russia continues its massive, unprovoked attack on Ukraine.
Twitter accounts historically associated with Anonymous, the amorphous online activist community that first grabbed global attention about a decade ago, claimed it was behind the hacker attack.
Among the media outlets impacted were websites of such news agencies and newspapers as TASS, Kommersant, Izvestia, Fontanka, Forbes, and RBK.
“[Russian President Vladimir] Putin forces you to lie and puts you in danger. Why do we need it? So that Putin was added to textbooks? This is not our war, let’s stop him!” one of the messages read.
The official website of the Kremlin was down on February 26, following reports of denial-of-service attacks on various other Russian government and state media websites.
Tomi Engdahl says:
How Ukraine’s Internet Can Fend Off Russian Attacks >
https://www.wired.com/story/internet-ukraine-russia-cyberattacks/
Tomi Engdahl says:
Suurin osa venäläisistä kannattaa Putinin ”erikoisoperaatiota” Ukrainassa ja uskoo lännen asettavan pakotteita mielivaltaisesti, arvioi venäläinen sosiologi
https://www.hs.fi/ulkomaat/art-2000008651322.html?share=c001fff8aaf4c184bb43c901044b4768
Läheskään kaikki venäläiset eivät osaa vetää yhteyttä lännen asettamien sanktioiden ja Venäjän toimien välille, arvioi riippumattoman tutkimuskeskus Levadan johtaja, sosiologi Denis Volkov.
VENÄLÄISISTÄ valtaosa tukee presidenttinsä Vladimir Putinin ”erikoisoperaatiota” Ukrainassa, vaikka harva tietää, mitä tukee.
Venäjällä yleinen mielipide on selvästi ”erikoisoperaation” puolella, mutta käsitys siitä on riittämätön ja puutteellinen, arvioi riippumattoman tutkimuskeskus Levadan johtaja, sosiologi Denis Volkov.
”Tuki on suurta, mutta ei sille, mitä ukrainalaiset näkevät Kiovassa ja Harkovassa. Tuki perustuu venäläisten päämedioiden antamaan yleiskuvaan”, Volkov sanoo puhelinhaastattelussa.
VENÄJÄN päätelevisiokanavalla Ukrainan tapahtumia käsitellään jatkuvalla syötöllä, mutta aivan erilaisesta kulmasta kuin vaikkapa Suomessa.
Tiistaina alkuillasta satunnainen ykköskanavan katsoja Venäjällä sai kuulla, miten ”poliittinen asiantuntija” moitti Ukrainan hallitusta samalla kun katsojille näytettiin kuvaa Ukrainan valtionjohdosta ja Venäjän kanssa käydyistä neuvotteluista.
”He eivät ymmärrä, että nyt käydään keskusteluja heidän maansa tulevaisuudesta. He eivät ole ammattilaisia. Ei heidän kanssaan voi keskustella. He eivät ymmärrä, miten taata kansalaistensa turvallisuus”, ”asiantuntija” soimasi ukrainalaisia.
SAMAAN aikaan suomalaisissa tiedotusvälineissä uutisoitiin Venäjän kuolonuhreja vaatineista ohjusiskuista Harkovassa, kohdennettujen iskujen uhkasta Kiovassa ja sadoista tuhansista sotaa paenneista ukrainalaisista.
Venäjän mediassa puhutaan erikoisoperaatiosta, Suomessa Venäjän hyökkäyksestä ja Ukrainan sodasta.
”Menetyksistä ja uhreista ei saa käytännössä lainkaan tietoa virallisista kanavista. Kansainvälisessä mediassa niistä kerrotaan, mutta [Venäjällä] niihin suhtaudutaan vastustajan medioina. Läheskään kaikki eivät ole niitä valmiita uskomaan, saati katsomaan”, Volkov sanoo.
Venäjän valtion omistama Vtsiom-tutkimuslaitos julkaisi maanantaina mielipidetutkimuksensa, jonka mukaan 68 prosenttia venäläisistä tukee Venäjän sotilaallista erikoisoperaatiota Ukrainassa. Vastaajista viidennes ei tukenut operaatiota. Osallistujista kymmenen prosenttia ei osannut vastata.
LÄNSI on jo määrännyt Venäjälle ennennäkemättömän järeät pakotteet, mutta Venäjällä niitä ei vielä juuri tunne. Moskovassa ja Pietarissa on nostettu tyhjäksi pankkiautomaatteja, mutta sen kummempaa paniikkia ei ole aistittavissa.
Volkov uskoo, että ymmärrys sanktioiden syistä ja vaikutuksista rajoittuu toistaiseksi eliitin eri kerroksiin. Suurimmalla osalla väestöstä ymmärrystä ei ole, eikä välttämättä edes tule.
”Läheskään kaikki eivät valitettavasti osaa vetää yhteyttä Venäjän toimien ja lännen asettamien sanktioiden välille.”
”Pelkään, että täällä ne käsitetään aivan toisin: länsi rankaisi meitä, koska halusi rankaista, mutta ei täysin ymmärretä miksi.”
Venäjällä suuri yleisö näkee ”erikoisoperaation” ja tapahtumat Ukrainassa suunnilleen samalla tavalla, kuin Putin ne esittää, sanoo Volkov.
VIESTI välittyy valtion tiedotusvälineissä.
Volkov uskoo, että suurin osa venäläisistä jää pysyvästi jonkinlaisen sumuverhon taakse. Vallalle jää käsitys, jossa länsi on Venäjää vastaan. Länsi etsi syyn repiä kaikki yhteydet, vaikka Venäjä lähestyi hyvin aikein ja oli valmis neuvotteluihin. Sen huolenaiheita vain ei ymmärretty.
”Pelkään, että syntyy käsittelemätön trauma: koko maailma on meitä vastaan, mutta ei ole tietoa, miksi.”
Tapahtumien selvittäminen eri lähteistä vaatisi ponnisteluja, mutta Volkovin mukaan vain harva on valmis näkemään niin paljon vaivaa.
On helpompaa avata televisio.
Tomi Engdahl says:
Anonymousin väite: Venäjän avaruusvirasto kaadettu – vakoilusatelliitit eivät toimi
Hakkeriryhmä Anonymous ilmoittaa kyberhyökkäyksestään Venäjän avaruusvirasto Roscosmosiin.
https://www.iltalehti.fi/digiuutiset/a/f24bb21a-c325-4350-be96-715d944a8fbc
Hakkerikollektiivi Anonymousiin liittyvä hakkeriryhmä on ilmoittanut halvaannuttaneensa Venäjän avaruusviraston. Hakkeriryhmän mukaan Venäjällä ei ole enää hallintaa vakoilusatelliitteihinsa. Asiasta uutisoi Independent.
Ryhmä väittää, että hakkerit ovat saaneet ladattua ja poistettua luottamuksellisia tietoja, jotka liittyivät avaruusjärjestön satelliittikuvaukseen ja ajoneuvojen valvontajärjestelmään.
Mikäli väite pitää paikkaansa, voi Anonymousin uusi kyberhyökkäys olla merkittävä takaisku hyökkäystä tekevälle Venäjälle. Väitteen paikkaansa pitävyyttä ei ole vielä pystytty varmistamaan.
Roskosmosin johtaja Dmitri Rogozin on kiistänyt Anonymousin väitteet ja kutsunut ryhmää pikkuhuijareiksi
Anonymous hackers claim attack on Russia’s space agency but Roscosmos chief calls them ‘fraudsters and swindlers’
https://www.independent.co.uk/tech/anonymous-hack-russia-space-agency-roscosmos-b2026574.html
‘We won’t stop until you stop dropping bombs, killing civilians, and trying to invade. Go the f*** back to Russia’, the hacking group NB65 wrote
A hacking group associated with the collective Anonymous has claimed that it has breached Russia’s space agency.
Network Battalion 65 or ‘NB65’, as the gang is known, posted a tweet claiming to show server information for Roscosmos, claiming that Russia “has no more control over their own Spy-Satelites.”
It was claimed that the hackers downloaded and deleted confidential files related to the space agency’s satellite imaging and Vehicle Monitoring System.
“The WS02 was deleted, credentials were rotated, and the server is shut down”, the hackers tweeted.
The Independent has not yet been able to verify these claims and the head of the Russian space agency has said that operations are continuing as normal.
“The information published by these fraudsters and pretty swindlers is false. All our space control centers operate as usual,” Roscosmos chief Dmitry Rogozin tweeted.
However, Russia has been consistently engaged in a misinformation and disinformation campaign assisted by state media
Mr Rogozin has said previously that control of the Russian space industry, orbital group and the Russian International Space Station segment are thoroughly protected and isolated from cyber criminals, but threatened that sanctions placed against Russia could have a damaging effect on the ISS.
Nasa has said it would “make every effort to continue as before … [despite] disagreements between our countries”
Tomi Engdahl says:
Aleksei Navalnyi kannustaa venäläisiä nousemaan barrikadeille vastustamaan sotaa: ”Kukaan ei tee sitä puolestamme”
https://www.is.fi/ulkomaat/art-2000008653901.html
Tomi Engdahl says:
Sota Ukrainassa raaistuu – mihin nyt pitää varautua? Asiantuntija vastaa
https://www.iltalehti.fi/iltv-paivarinta/a/0c0f23c9-cb8a-4aa4-a5c2-84c89aa7801a
Ulkopoliittisen instituutin tutkimusjohtaja Mikael Wigell antoi arvionsa Ukrainan sodan tilanteesta ja sen vaikutuksista Sensuroimattomassa Päivärinnassa.
Tomi Engdahl says:
5th domain
TikTok Was Designed for War
https://www.wired.com/story/ukraine-russia-war-tiktok/
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
RUSSIA’S INVASION OF Ukraine is not the first social media war—but it is the first to play out on TikTok. The 2011 Arab Spring was fomented and furthered on Twitter and Facebook. Clips of Syrian children choking from chemical weapons filled social media timelines in 2018. And the Taliban’s capture of Kabul, with all the chaos that wrought, was live-tweeted into our homes last year. Images of unspeakable horrors supplanting the banality of status updates and selfies is nothing new. But the current conflict is a very different kind of social media war, fueled by TikTok’s transformative effect on the old norms of tech.
Its more established competitors fundamentally changed the nature of conflict, but TikTok has created a stream of war footage the likes of which we have never seen, from grandmothers saying goodbye to friends to instructions on how to drive captured Russian tanks.
https://mobile.twitter.com/JoshuaPotash/status/1498332884121399307
The future is a very weird place. Ukrainians are uploading videos on TikTok about how to drive abandoned or captured Russian military vehicles.
Tomi Engdahl says:
”Tiedetäänkö enemmän kuin kerrotaan?” Asiantuntijalla yllättävä Venäjä-tulkinta
https://www.iltalehti.fi/iltv-paivarinta/a/09ef48c1-d79d-45bc-8b49-4e9c9d072984
Katso kansainvälisen politiikan asiantuntija Risto E.J. Penttilän arviot Venäjän uhittelusta ja Suomen roolista Sensuroimattomassa Päivärinnassa.
Tomi Engdahl says:
The founder of Yandex, Russia’s alternative to Google, falls out of the billionaire ranks amid his country’s chaos.
Putin Has Broken Russia’s Brightest Tech Business–Founder Arkady Volozh Loses $2 Billion In Three Months
https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fdaviddawkins%2F2022%2F03%2F02%2Fputin-has-broken-russias-brightest-tech-businessfounder-arkady-volozh-loses-2-billion-in-three-months%2F%3Futm_campaign%3Dforbes%26utm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_term%3DGordie&h=AT3IXXyylLBXp_xs2nnd5fwduXBEDZiNlhv6LdzJHGdTLlFyK1n27sKG3elLtWThnOM2UyQlCGsgz7olS7psgOZUBrIH9-_ATMkmi2bRJc5hyF6pwGf_oHeQNsex794M8og0NtjqW_iLcRfdMw
Arkady Volozh, the tech entrepreneur behind Yandex—the Russian equivalent to search engines like Google and Yahoo—has seen the value of his stake in Russia’s top tech giant fall by over 60% since last Thursday, the day Putin attacked Ukraine. Volozh himself lost more than $400 million that day, as Russia’s wider business community reeled from Putin’s war and the subsequent sanctions imposed thereafter. Volozh, whose net worth hit a high of $2.6 billion billion, is now worth $580 million.
A coder and tech entrepreneur in the Silicon Valley tradition, Volozh cofounded several IT outfits before starting Yandex in 1997. Listed on NASDAQ but headquartered in Moscow, Yandex (which means “Yet another index”) was Russia’s largest technology business with a market cap of over $30 billion at its highest point in November last year. Its market cap today is just $6.7 billion.
For years Yandex meant more to Russia than its dollar value. Popular with global investors and Russian users alike, Yandex gained a 60% share in Russia’s search engine market–a signal that its tech entrepreneurs could, at least sometimes, compete against its U.S. rivals. It also had a rapidly growing Uber-like ride hailing business.
Volozh is not the only billionaire to fall off the Forbes list in the days since Russia invaded Ukraine. According to Forbes billionaire tracker, at least 10 billionaires have now fallen beneath the dollar threshold in just a few days’ trading.
Most notable amongst them, Oleg Tinkov has seen shares in digital bank Tinkoff (listed on the London Stock Exchange) lose more than 90% since the start of Russia’s assault on Ukraine. Tinkov has lost $5 billion in less than a month, and on Tuesday he officially joined Volozh in losing his billionaire status.
Tomi Engdahl says:
“The research authors note that there are hundreds of thousands of middlebox systems vulnerable to this TCP reflection abuse around the globe. In their testing they discovered amplification rates that surpass popular and often abused UDP reflection vectors,” explains Akamai’s report.
Content filtering devices abused for 65x DDoS amplification
https://www.bleepingcomputer.com/news/security/content-filtering-devices-abused-for-65x-ddos-amplification/
Researchers have identified an alarming new trend in DDoS attacks that target packet inspection and content filtering devices to attain enormous 6,533% amplification levels. With such an amplification level, threat actors can launch catastrophic attacks with limited bandwidth/equipment.
DDoS (distributed denial of service) attacks are used to take down a server or corporate network by overwhelming network devices such as servers and routers with a large number of bogus requests or very high volumes of garbage data.
When the device becomes overwhelmed, it can no longer accept legitimate traffic and thus fails to operate correctly.
Being such a potent threat, Internet security service providers have developed advanced detection and mitigation solutions, to which DDoS actors have responded with new tricks and different approaches.
A new DDoS approach
In the context of this “cat and mouse” game, Akamai has seen a new DDoS attack method used in the wild called ‘TCP Middlebox Reflection,’ which was first examined by a team of American university researchers in August 2021.
A middlebox is a network device that performs packet inspection or content filtering by monitoring, filtering, transforming packet streams exchanged between two internet devices.
Middleboxes don’t just handle packet headers, but also the contents of packet, so they are employed in deep packet inspection (DPI) systems.
With each reflection, a new amplification step is added, so the response size can quickly get out of hand, and these attacks can surpass even the well-established UDP vectors in potency.
Akamai describes an attack at a port with a running TCP service as follows:
“This volumetric attack now becomes a resource exhaustion attack: These SYN packets directed at a TCP application/service will cause that application to attempt to respond with multiple SYN+ACK packets, and hold the TCP sessions open, awaiting the remainder of the three-way handshake. As each TCP session is held in this half-open state, the system will consume sockets that will in turn consume resources, potentially to the point of complete resource exhaustion.”
Akamai
Tomi Engdahl says:
Verkkohyökkäys kaatoi Nordean palvelut – näin pankki kommentoi
https://www.is.fi/digitoday/tietoturva/art-2000008654707.html
Nordean järjestelmät ovat hidastelleet vielä keskiviikkonakin, vaikka palvelunestohyökkäys alkoi jo maanantaina.