Cybersecurity experts from the ISSP announced that the reason for the December blackout in Kiev was not a technical failure and hacking attack. Surprisingly, this news press and the ruling circles of Ukraine for some reason chose not to notice. The employees themselves ISSP admitted the newspaper VIEW that to fully protect the Ukrainian infrastructure from hacker attacks while it is impossible.
Cybersecurity experts from the Kiev firms Information Systems Security Partners (ISSP) completed a preliminary investigation of the incident, during which on the night of December 18, few blocks to the North and North-West of the capital of Ukraine was without electricity. This was written on Thursday, Russian service Bi-bi-si.
“Over the past 25 years in Belarus and in Russia, in spite of everything preserved its own school of cryptography and mathematics. And worked in Ukraine, to put it mildly, in other cases”
The cause of the blackout was the stop operation of the substation “North” the village of Novi Petrivtsi (Kyiv pumped storage power plant). Experts from the ISSP, working by order of the Ministry of energy considered that the substation brought down by unknown hackers. And the attack was the same perfect in 2015 at the West of the country – Ivano-Frankivsk region in which no light was 225 thousand people. The Ministry of internal security of the United States then blamed the blackout on hackers, suggesting that traces of the attack lead to Russia.
The approval of the ISSP, the attacks are also associated with similar attacks in the same month on other infrastructure, including the railway administration, several ministries and the national pension Fund.
Alex, the chief information security officer at ISSP, said that the cyber attack of 2015 and 2016 were little different from each other. The only difference, he said, that the attack of 2016 was more complicated and much better organized. According to him, apparently, in these cases, several criminal groups have cooperated with each other and tested methods that could be applied in other countries.
The newspaper VIEW Jasinski stated that he had not even tried to determine, from Russia or some other country there were intruders. In the system, he said, left specific traces. “Another way to find out? It is only speculation, but I operate only with facts,” he said.
According to Gaydar, for the past month, the government partially improved the protection against new attacks. “Immediate measures are of course taken, after the usual break-ins. Perhaps not enough of them. A lot depends on the results of the investigation, which is still continuing,” says the Ukrainian expert.
Jasinski acknowledged that to protect yourself from such hacks is impossible, but have the ability to cut invisible presence of the attacker in the infrastructure. “We need to clearly examine its infrastructure to place the monitoring system in the right places and keep track. Attackers to penetrate the infrastructure in the first place starting to learn it. On these stages you can see them, they are still “noisy”. But once learned, they try to operate under administrator accounts, and then to identify their presence is difficult. The argument is simple – to defend against such attacks is impossible, but you can reduce invisible time the attackers,” Jasinski concluded.
“The integrity control loop”
Director of the Russian Association of electronic communications Sergey Plugotarenko believes that by hacking the information systems can be shut down in Ukraine, one or several objects, and even damage the entire infrastructure. “This is for anybody not a secret. Hypothetically it is possible. But as far as the statement of Ukrainian experts true can’t judge” – he said the newspaper VIEW. In his opinion, will have to answer three questions: first, whether it was hacking, and secondly, how this hack was performed, and finally, is it worth it for Russia. “To establish the fact of breaking is easy to track a hacker is difficult, but to prove the connection of the burglars with the Russian special services is even more difficult,” – said Plugotarenko.
Publisher of Information Security, an expert in the field of information security, Alexander Vlasov, told the newspaper VIEW that to establish the fact of cyberpromote in the network of an enterprise is easy but only in hot pursuit. “There are certain algorithms for integrity control information network, monitoring the integrity of the circuit to control the packets communication networks. Therefore, if your information system of unauthorised entry, it is logged if the system itself is quite well protected,” he explained.
Vlasov did not find it strange that the conclusion about the cyber attack were made only in a month. “In most countries where a well developed system of information security in all procedures of internal investigations of unauthorized entries goes from one month to six months. It is necessary to establish the fact of interference, secondly, was it inside or outside, and finally, to establish the chain through which servers and IP entered,” – said the expert.
However, according to Vlasov, to establish where there was a break in the first hours after the attack. “Subsequently, the hackers are all washed and removed. So if someone wants to claim to have “Russian hackers”, it needs to show the entire chain of evidence, or it will be regarded as another bluff and political propaganda,” he said.
Moscow Windows unquenchable light
In General, the expert assessed the level of protection against cyber attacks in the Ukraine as a fairly weak. “Traditionally, the best school security in the USSR was in Russia and Belarus. Over the past 25 years in Belarus and in Russia, in spite of everything preserved its own school of cryptography and mathematics. And worked in Ukraine, to put it mildly, in other cases. But if there is no school, hence, the low level of cyber security. Something is probably done, but will likely not have enough professionals and technologies,” said Vlasov.
Marina Kratofil of the Honeywell Industrial Cyber Security Lab, which was also involved in the investigation of the blackout in Kiev, says that the attack of 18 December was not aimed at the long-term effects or serious damage. “They could do more, but obviously it was not in their plans. It was more of a demonstration of what they can do,” she said.
In December, President Petro Poroshenko complained that for the last two months of 2016, hackers have organized cyber attacks on 6500 state resources of Ukraine. According to the Ukrainian leader, this suggests that Russia unleashed a cyber war against his country. “The investigation of a number of incidents indicates direct or indirect involvement of the Russian special services,” – said the President.
It is noteworthy that the message of Bi-bi-si in Kiev printing mostly passed over in silence. It was published only a few news sources, TV channels ignored and mentioned in passing, although the subject of the ubiquitous “Russian hackers” now seemingly more relevant than ever.
Ukrainian media expert Anatoly Shary found it odd. “Even if the Ukrainian media is not spreading this news, I can find only one explanation: it means that they do not believe in the conclusions,” he told the newspaper VIEW. According to him, the Ukrainian media are usually willing to share anything about Russian aggression. “But here is a news about a hacker attack on the Ukrainian power grid, Yes, and probably from Russia. It is strange,” says Shary. The expert also finds it strange that the news about the cyber attack on Kiev is not picked up in the government and in Parliament. “By its nature, it deserves to become a major topic of discussion for at least a week”, says Shary.