The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Ukraine gets by in cyberspace with a little help from its friends

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! We won’t have a newsletter Monday, so we’ll be back with you Tuesday.

Below: A Chinese regulator gives Tencent and ByteDance censorship directives in the wake of protests, and a Sim-swapper gets sentenced. First:

Ukraine's cyber defenses get a boost from unusual suspects

Ukraine got cyber help from perhaps some unexpected U.S. sources in the lead-up to the Russian invasion, the leader of Ukraine’s ministry of digital transformation said Thursday.

One of them was the American media, Deputy Prime Minister Mykhailo Fedorov said in a visit to The Washington Post. (Surely he wasn’t playing to the crowd.)

“We ended up getting a lot of information about cyberattack vectors and other related information from the media,” Fedorov said through an interpreter. “And that is how we were able to prevent attacks on our energy infrastructure back in December.”

Partially in response to the articles they read, Ukrainian officials established so-called “red teams,” which simulates enemy attackers to probe for weaknesses, he said. 

Another source of help? Moving important data into the cloud two weeks before the war, he said. As Fedorov commented after an appearance at an Amazon Web Services (AWS) conference Thursday, “The cloud can’t be destroyed by missiles.” (Amazon founder Jeff Bezos owns The Washington Post.)

More than nine months into what Fedorov called “the most technologically advanced war in the history of the world,” help from the United States continues.

  • AWS is dedicating $75 million to continue the ministry’s migration to the cloud, the ministry announced Thursday.
  • Google on Thursday also committed to providing additional cybersecurity services to Ukraine, on top of past assistance like taking down Russian influence operations and providing cyber incident response and tracking threats.
State of defense

While the Russia-Ukraine war hasn’t featured cyberattacks as heavily as many expected, Fedorov said daily cyberattacks number in the hundreds and thousands. There’s constant scanning for vulnerabilities. Phishing attacks are the most common kind.

Ukraine’s defenses have held up, though, he said.

“From what we know, there hasn’t been a single leak of any of the basic registries since the beginning of the war,” Fedorov said. “Not a single registry has stopped operating.”

The most prominent suspected Russian cyberattacks against Ukraine came in the buildup to the invasion.

Of late, security researchers have pointed to disruptive ransomware attacks coming out of Russia that targeted transportation companies in Ukraine and Poland. It’s rare for Ukraine to be hit with ransomware attacks, but Ukraine also warned last month that another ransomware gang — one that researchers have yet to publicly attribute to a particular headquarters nation — appeared to be targeting Ukraine’s military websites.

State of offense

government-recruited volunteer pro-Ukraine hacking group, known as the IT Army, has served as a distraction and a counteroffense to Russia’s FSB security agency, Fedorov said.

“Clearly, they do have certain targets inside the Russian Federation,” he said. “There are certain targets and goals which are not made public.”

Russia also has proven an easy target for those hackers, he said.

“Inside Russia, the cyberdefense situation is at a terrible level,” according to Fedorov. Economic sanctions have helped produce those conditions.

Many companies have left Russia because they can’t move in new equipment. Many IT specialists have left the country as well, given fewer available opportunities to reach their potential, Federov said.

State of social media

On the information warfare front, Ukraine has won praise for how effective it’s been.

But as Ukraine has worked to get its message out across social media, Facebook owner Meta has proven an obstacle, he said.

The company has blocked accounts of media that write about the war, Federov said. Ukraine has pleaded its case to Meta, which Federov said is trying to improve his algorithm. 

“The situation is better now than it used to be, but it is still difficult,” he said.

A Meta spokesperson did not answer a request for comment on Fedorov’s remarks.

The keys

Chinese regulator gives Tencent and ByteDance direction on censorship amid protests

The Cyberspace Administration of China told tech giants Tencent and ByteDance to be on guard for posts about protests in the country, also telling the companies to staff up their censorship teams, the Wall Street Journal’s Liza Lin reports. The protests have spread across China over the past month, with protesters using the government’s covid lockdowns as a proxy for various grievances.

“The directives were issued following an internal meeting at the internet regulator, where officials were also told to ask Chinese search engines, e-commerce companies and internet content platforms to conduct a fresh sweep to remove sales postings and information about how to use virtual private networks, also known as VPNs,” Lin writes, citing people familiar with the matter. “The regulator also asked officials to get companies to prevent searches related to VPNs, which were used by protesters and their supporters to circulate videos of the recent demonstrations, the people said,” Lin writes.

Tencent declined to comment to the Wall Street Journal. The Cyberspace Administration of China and ByteDance didn’t respond to the outlet’s requests for comment.

Federal judge sentences Sim-swapper to 18 months in prison

Nicholas Truglia has already served 12 months of the prison term, Bloomberg News’s Ava Benny-Morrison reports. Truglia had pleaded guilty to a count of conspiring to commit wire fraud. He had been accused of being part of a group of hackers who stole $20 million from cryptocurrency consultant Michael Terpin through a type of hack known as “Sim-swapping” in 2018.

Truglia “has been described in court filings as part of a posse of ‘evil computer geniuses’ who tricked telecom employees into transferring customers’ cell numbers to SIM cards controlled by the hackers,” Benny-Morrison writes. “But he is the only one to face criminal charges. He has already been hit with civil judgments totaling almost $80 million for the audacious attacks, which targeted wealthy crypto figures on opposite ends of the U.S.”

Cuba blasts U.S. committee recommendation to reject approval of undersea cable

Cuban Vice Foreign Minister Carlos Fernandez de Cossio said the recommendation is “the way in which the government of the United States pretends to comply with its declared commitment to promote internet use in Cuba, and its concerns for the well-being of the Cuban people,” Reuters’s Dave Sherwood and David Shepardson report. The reaction came in the wake of a recommendation by Team Telecom, a U.S. interagency committee, that urged the Federal Communications Commission to not allow an undersea cable license connecting Cuba and the United States, citing counterintelligence and national security concerns.

“Cuba has long accused the U.S. of doublespeak, saying a Cold War-era embargo imposed by the United States on Cuba has failed to upend Cuba’s government, and instead, has only caused suffering among the Cuban people,” they write. “The U.S. government in recent years has been scrutinizing undersea cable connections especially involving China. Around 300 subsea cables form the backbone of the internet, carrying 99 percent of the world’s data traffic.”

Cyber insecurity

Hive Social turns off servers after researchers warn hackers can access all data (Ars Technica)

Cuba ransomware infections of US organizations have doubled in last year, feds say (SC Magazine)

Government scan

White House says an anticipated executive order on identity theft is coming, here’s what experts want in it (FCW)

Global cyberspace

Russian-Canadian man living in Simcoe County fights extradition after arrest for global ransomware attacks (CTV News)

Orban used Hungarians’ covid data to boost election campaign, report says (Politico Europe)

Industry report

Anker’s Eufy lied to us about the security of its security cameras (The Verge)

Daybook

  • Mykhailo Fedorov, Ukraine’s minister of digital transformation, speaks at an Atlantic Council event on Ukraine’s digital resilience today at 1 p.m.

Secure log off

Thanks for reading. See you next week.

Loading...