There’s nothing special with weak Ukrainian government’s cyber security, many other countries in the region are similarly vulnerable, says digital security expert Vadym Losev.
On June 27, a ransomware virus hit Ukrainian companies, banks, and government institutions, in what is described as the biggest cyber attack in the history of Eastern Europe. The malware is disguised as update for the software, MeDoc, popular in Ukraine. The malware encrypts all data on infected computers. With a ransom request of only 300 USD in equivalent bitcoin, the attack raises questions of possible political motivation.
The scale of the damage caused by this attack is still unknown. Attribution for the attack will take experts weeks or even months.
According to Losev, there is nothing new about this attack technologically. Instead, what is new is the scale of the attack’s impact on day-to-day life, unseen ten years prior.
When it comes to the special genius of hackers from the former Soviet Union, Losev argues that it is a myth. The activity of hackers has a lot to do with finances and are not necessarily political, says Losev. Governments actively try to recruit talented I.T. individuals and “I.T. people, like people representing other professions, routinely work with intelligence services.” On the other hand, there is an extensive criminal underground due to with low wages, “low living standards, and the ability to do bad stuff and go unpunished in the region.”
Ultimately, Losev states that it is important to acknowledge that “Hacking, and surveillance technology, and censorship technology is as much a part of modern capitalism as banking, or industry, or insurance.” Governments and businesses need to invest in human talent and equipment to protect itself from cyber-attacks and damages.
Hromadske sat down with digital security expert Vadym Losev to learn more about modern cyber security and the relationship between hackers and governments.
The virus attack on a number of Ukrainian companies and state enterprises, albeit not just in Ukraine it has taken place. Still, can you explain what that was? It was everywhere in the news. Of course, we are still counting the damage.
Vadym Losev: Apparently, on the 27 June, there was a malicious update to a piece of software which is popular in Ukraine, which is called MeDoc, it has something to do with financial reporting. But anyway, a lot of people got an update for that piece of software which happened to be a piece of malware. Which spread across networks and encrypted information on a bunch of computers. And when I say a bunch, I mean thousands, tens of thousands.
This is huge. I don’t know how much money people in companies have lost. It will probably take some time to count the damage and then a lot of companies will be incentivized to say it was bigger than it actually was. And then a lot of people in companies will be incentivized to cover up the damage and say there was none. But still, this is something that is really important on the global scale, because it’s in the news on many I.T.-related websites, online places that would never report on Ukraine otherwise.
Of course, when we speak about something in Ukraine happening on that scale, the Russian question pops up. Do we have any evidence?
Vadym Losev: We really don’t. Attack attribution is a real job. There are people who can do it really well. It usually takes them time to figure out whether there is sufficient evidence that a particular threat actor has done that. So far, I have not seen anything convincing. Until we have real factual evidence about the attribution of the attack. We really don’t know.
A lot of times, government agencies are hit harder than business, because they are protected worse. Because governments spend less money protecting themselves on the cyber front than businesses.
From your experience, how long might it take? What were cases and precedence for how long the attribution takes?
Vadym Losev: It usually takes weeks to months. It really depends on the political interests of a particular government. It usually takes, I would say, weeks, months, or several months. So far, they have only come to some basic factual conclusions, like how the malware actually spread, or what kind of systems it actually infects, but not the attribution part.
What was new for you?
Vadym Losev: For me, what was actually, like the attack itself from the technological level is nothing new technologically. However, every attack like that has a bigger and bigger scale in term of impact on economy, on life. But what new for me is we were already in a place where a computer problem can stop commerce, or travel, or interfere with governments, which was not the case ten years ago.
Is there anything special about Ukrainian being so insecure and so unprepared for that? What would be your experience?
Vadym Losev: There is actually nothing special about Ukraine as a country. It was a clever attack. It spread through a method that mostly worked in Ukraine, so Ukraine suffered the most. If a different method was used, I would guess almost any other country in this region would probably not do much better.
Another myth is about how genius could be detected in the post-Soviet space. You know, all the political discussion is about Russian hacks, people coming from this region. If we don’t speak particularly about this attack? Is this the case? Have you seen something special taking place in the post-Soviet world?
Vadym Losev: The post-Soviet region, the former Soviet Union, has a lot of really intelligent people and those people are often paid very little. And so, there’s incentive for them to look for alternative ways of making money. I’m not really convinced that ex-Soviet hackers are any better than German, Romanian, British, American, Chinese, or any other kind of hackers. However, people keep telling themselves and other people that story. This is human nature. But it is true that there is a huge hacker underground, including extension criminal underground in this region, including in Ukraine. But that has to do with low living standards and the ability to do bad stuff and go unpunished. Because the legal system may not work very well in a particular case involving computer crime.
Can we speak specifically about the hackers’ cooperation with the security services, with intelligence?
Vadym Losev: I.T. people, like people representing other professions, routinely work with intelligence services. Sometimes the way it works, the way IT blogs and books describe that, somebody would do something wrong and then he’s approached by either law enforcement or intelligence, and then, made an offer he or she cannot refuse; but this is not specific to an ex-Soviet region. Reportedly, it works like that everywhere. The government is looking for talented IT people. Talented IT people usually wants a lot of money. The government cannot afford to pay them. So unless there’s a kind of hook for talent.
Is there anything specific about hackers’ cooperation in dictatorships?
Vadym Losev: A lot of countries which are not usually associated with democracy, think some countries in Central Asia, still can buy hacking technology and equipment in the open market, because there is an open and legal market, and use it against its citizens, or against the enemies, or against, you know. This has become a commercial market. It is a part of modern capitalism. Hacking, and surveillance technology, and censorship technology is as much a part of modern capitalism as banking, or industry, or insurance.
In Ukraine, the attack has brought back memories of the 2007 cyber-attacks on Estonia which hit businesses, government institutions and banks. The attack was sparked by a disagreement with Russia. Furthermore, the allegations against Russian hackers meddling with U.S. and French elections is raising fears of cyber warfare.
/Interview by Nataliya Gumenyuk
/Written by Chen Ou Yang