The tensions in the world keep running high. Recent frequent reports of hacking wars and virtual world hacking attacks also add anxiety. Cyber-attacks or cyber-fraud cases occur in the world every 14 seconds. Large corporations and international companies in the leading economic sectors suffer the most from hackers’ actions. According to the World Economic Forum, the total amount of planetary economic losses caused by hackers and their actions can reach 8 trillion $ before 2022.
Although Ukraine is currently not at the forefront of the global corporate economy, cyber threats to Ukrainian information resources and political life are a common thing for us in conditions of real and hybrid information war with Russia. The last one from the list of constant attacks was most likely initiated by the Russian hackers from a military intelligence unit known formerly as the G.R.U., and by the espionage alias “Fancy Bear”. According to The New York Times, the hackers conducted the attack on the day before the Christmas Eve on the Ukrainian gas company Burisma website: hey used so-called phishing emails, according to Area 1, the Silicon Valley security firm that detected the hacking. “The attacks were successful,” said Oren Falkowitz, a co-founder of Area 1. Falkowitz can be trusted: he previously served at the US National Security Agency and now runs a company that monitors web servers around the globe to block potential phishing attacks against his own business clients.
An excessive Russian interest on the part of G.R.U. was reported by Area1 in November, along with the start of the investigation into the impeachment of US President Donald Trump. After that, the attacks repeated regularly on New Year’s Eve. All tracked web-sites attacks had something in common: they were all subsidiaries of Burisma Holdings (among the Burisma subsidiaries The New York Times mentions KUB-Gas, Aldea, Esko-Pivnich, Nadragas, Tehnocom-Service and Pari).
Most likely, the main purpose of Russia’s cyber-attacks is to look for potential compromising material (or even materials) on former US Vice President Joe Biden, who is Trump’s rival in the 2020 presidential election. Trump himself once wanted to get compromising material on «Biden&Son» company, and demanded it from Ukraine, insisting on a thorough investigation into their activities. Trump wanted and insisted on it, and Russian hackers just started looking for it. Whether these attacks were successful in terms of the quality of information stolen and the extent of the information leak remains unknown.
The web-site of Kvartal 95 was another object of cyber-attacks. The New York Times reporters connect the phishing attack on a well-known TV production company, clearly associated with Mr Zelensky, with the aim to dig up email correspondence of the company’s chief, Ivan Bakanov, whom Mr Zelensky appointed as the head of Ukraine’s Security Service.
Immediately following the dissemination of information about the cyber-attacks on Burisma Holdings and Kvartal 95, the NPS cyber-police department launched criminal proceedings under para. 2 of art. 163 (violation of the secrecy of correspondence, telephone conversations, telegraph or other correspondence) and para. 2 art. 361 (unauthorized interference with the operation of electronic computing devices (computers), automated systems, computer networks or telecommunication networks) of the Criminal Code of Ukraine.
«We are trying to identify individuals implicated in committing this criminal offence. Within the framework of criminal proceedings, the National Police of Ukraine has approached the Federal Bureau of Investigation and Area1, which detected the signs of hackers’ attack, requesting to facilitate the providing of information published in the US media. In order to properly investigate the circumstances of the offence, the National Police is initiating the creation of an international investigative team including the invited FBI representatives», – reads the Ministry of Internal Affairs statement.
The similarity of hacking tactics indicates Russian involvement in this attack, even despite the lack of confidence of the Russian media in terms of this information. Moscow used the same phishing method hacking the emails of Hillary Clinton’s campaign chairman and the Democratic National Committee during the 2016 presidential campaign.
The so-called phishing emails used during recent cyber-attacks in Ukraine are designed to steal usernames and passwords. The algorithm has been already worked out: hackers create fake websites that imitate the login pages of a subsidiary and send the emails that look like they have been sent from the parent company to the company’s employees. According to the US media Area, 1 traced the look-alike sites using a combination of internet service providers frequently used by G.R.U.’s hackers, rare web traffic patterns, and techniques used in previous attacks against a number of other victims, including the 2016 hack and a more recent Russian hack of the World Anti-Doping Agency. Hackers succeeded to hack some of their employees’ accounts and break into one of Burisma’s servers.
The scenario of Russian cyber interference in the US elections in 2020 almost completely repeats the scenario of Russian interference in the past US elections. Russian hackers seek any sort of compromise on the Bidens, trying to break into Burisma, and actively attack the sources of financial and legal information related to Ukrainian officials.
According to the Andrew Bates’s statement in the US media, intense and sophisticated Russian hacking attacks shortly before the US presidential election clearly demonstrate Volodymyr Putin’s concern about the probable success of Joe Biden’s campaign. It should be reminded that Joe Biden is considered to be the main competitor of US President Donald Trump in the upcoming election, and Biden’s son, Hunter, once worked for Burisma which belongs to Zlochevskyi, former Ukrainian minister of environment. Increased interest in their personalities arose after the published transcripts of Trump and Zelensky conversation during their meeting in the White House. According to the transcript, Zelensky stated that the Prosecutor General is 100% his man, and the European Union provides little help to Ukraine. According to the informant’s message, whose complaint was published in the US after the Trump and Zelensky conversations were made public, it was a hint to the Ukrainian authorities that the assistance and cooperation with Ukraine depend directly on its intention to conduct an investigation against the company where Joe Biden’s son worked. The next thing is the simple chronology of the events: on October 31, the Congress initiated Trump’s impeachment process; on November 13, the US Congress started public hearings on Trump’s impeachment, and on December 19, during a vote in the House of Representatives, they charged Trump under two articles («abuse of authority» and «obstructing Congress»). On January 21, the Senate began its first hearings in the case of Trump impeachment process.
The majority of experts believe Trump is going to be justified, but still, the situation is intriguing. It depends on whether additional witnesses will be involved. They have not yet made public statements in Congress but may have embarrassing information about the White House pressure on Ukraine and the unlawful termination of US defence assistance programs in Ukraine (e.g., John Bolton, Trump’s former national security advisor, Mick Mulvaney, Trump’s administration chief, Mike Pompeo, secretary of the US and others). Trump’s defence insists that all accusation against the president are not in the category of violations providing for the impeachment process. It is worth waiting and observing how it all turns out, but in any case, Ukrainegate appears to be the part of pre-election competitions in the United States and is at the centre of the third possible historic trial against the US president.
Inna Krupnyk for Promote Ukraine