Month: January 2022

Microsoft said late Saturday that dozens of computer systems at an unspecified number of Ukrainian government agencies have been infected with destructive malware disguised as ransomware, a disclosure suggesting an attention-grabbing defacement attack on official websites was a diversion. The extent of the damage was not immediately clear.

The attack comes as the threat of a Russian invasion of Ukraine looms and diplomatic talks to resolve the tense stand-off appear stalled.

Microsoft said in a short blog post that amounted to the clanging of an industry alarm that it first detected the malware on Thursday. That would coincide with the attack that simultaneously took some 70 government websites temporarily offline.

The disclosure followed a Reuters report earlier in the day quoting a top Ukrainian security official as saying the defacement was indeed cover for a malicious attack.

Separately, a top private sector cybersecurity executive in Kyiv told The Associated Press how the attack succeeded: The intruders penetrated the government networks through a shared software supplier in a so-called supply-chain attack in the fashion of the 2000 SolarWinds Russian cyberespionage campaign targeting the U.S. government.

Microsoft said in a different, technical post that the affected systems “span multiple government, non-profit, and information technology organizations.” It said it did not know how many more organizations in Ukraine or elsewhere might be affected but said it expected to learn of more infections.

“The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” Microsoft said. In short, it lacks a ransom recovery mechanism.

Microsoft said the malware “executes when an associated device is powered down,” a typical initial reaction to a ransomware attack.

Microsoft said it was not yet able to assess the intent of the destructive activity or associate the attack with any known threat actors. The Ukrainian security official, Serhiy Demedyuk, was quoted by Reuters as saying the attackers used malware similar to that used by Russian intelligence. He is deputy secretary of the National Security and Defense Council.

A preliminary investigation led Ukraine’s Security Service, the SBU, to blame the web defacement on “hacker groups linked to Russia’s intelligence services.” Moscow has repeatedly denied involvement in cyberattacks against Ukraine.

Tensions with Russia have been running high in recent weeks after Moscow amassed an estimated 100,000 troops near Ukraine’s border. Experts say they expect any invasion would have a cyber component, which is integral to modern “hybrid” warfare.

Demedyuk told Reuters in written comments that the defacement “was just a cover for more destructive actions that were taking place behind the scenes and the consequences of which we will feel in the near future.” The story did not elaborate and Demedyuk could not immediately be reached for comment.

Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm, told the AP he did not know how serious the damage was. He said also unknown is what else the attackers might have achieved after breaking into KitSoft, the developer exploited to sow the malware.

In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record with the NotPetya virus, causing more than $10 billion in damage globally. That virus, also disguised as ransomware, was a so-called “wiper” that erased entire networks.

Ukraine has suffered the unfortunate fate of being the world’s proving ground for cyberconflict. Russia state-backed hackers nearly thwarted its 2014 national elections and briefly crippling parts of its power grid during the winters of 2015 and 2016.

In Friday’s mass web defacement, a message left by the attackers claimed they had destroyed data and placed it online, which Ukrainian authorities said had not happened.

The message told Ukrainians to “be afraid and expect the worst.”

Ukrainian cybersecurity professionals have been fortifying the defenses of critical infrastructure since 2017, with more than $40 million in U.S. assistance. They are particularly concerned about Russian attacks on the power grid, rail network and central bank.

 
…

Chinese technology and expertise is making it possible for Venezuela and Cuba to exercise suffocating control over digital communications in the two countries, according to insider accounts and several international investigations. 

Venezuela and Cuba do more to block internet access than any other governments in Latin America, according to the U.S.-based advocacy group Freedom House, which has documented what it describes as “digital authoritarianism” in the region since 2018. 

“Whoever believes that privacy exists in Venezuela through email communications, Twitter, WhatsApp, Facebook and Instagram is wrong. All these tools” are totally subject to government intervention, said Anthony Daquin, former adviser on computer security matters to the Ministry of Justice of Venezuela. 

Daquin participated between 2002 and 2008 in delegations sent by former President Hugo Chávez to China to learn how Beijing uses software to identify Chinese citizens, and to implement a similar system in Venezuela. 

Key to those efforts was the introduction in 2016 of the “carnet de la patria” or homeland card, developed by the Chinese company ZTE. While theoretically voluntary, possession of the cards is required to access a vast range of goods and services, ranging from doctor’s appointments to government pensions. 

The cards were presented as a way to make public services and supply chains more efficient, but critics denounced them as a form of “citizen control.” 

Daquin said China’s role in recent years has been to provide technology and technical assistance to help the Venezuelan government process large amounts of data and monitor people whom the government considers enemies of the state. 

“They have television camera systems, fingerprints, facial recognition, word algorithm systems for the internet and conversations,” he said. 

Daquin said one of the few means that Venezuelans have to communicate electronically free from government monitoring is the encrypted messaging platform Signal, which the government has found it very costly to control. 

The former adviser said Venezuela’s digital surveillance structure is divided into five “rings,” with “Ring 5 being the most trusted, 100 percent Chinese personnel supervising.” 

According to Daquin, the government receives daily reports from the monitors that become the basis for decisions on media censorship, internet shutdowns and arbitrary arrests. 

US accusations against Chinese companies 

Several Chinese technology companies are active in Venezuela, including ZTE, Huawei and the China National Electronics Import & Export Corp. (CEIEC). The latter was sanctioned in 2020 by the U.S. Treasury Department on the grounds that its work in Venezuela had helped the government of President Nicolas Maduro “restrict internet service” and “conduct digital surveillance and cyber operations against political opponents.”

The U.S. Senate Foreign Relations Committee also issued an alert in 2020. In a report, Big Brother, China Digital Authoritarianism, it accused Chinese telecommunications companies of facilitating “digital authoritarianism” around the world and cited Venezuela as a case study. 

Specifically, the committee mentions the existence of a team of ZTE employees working within the facilities of the state telecommunications company CANTV, which manages the homeland card database. 

The document cites an investigation by the Reuters news agency, which reported it was told by CANTV employees that the card system allows them to monitor a vast range of information about individuals, including “birthdays, family information, employment and income, property owned, medical history, state benefits received, presence on social media, membership of a political party and whether a person voted.” 

“Maduro takes full advantage of Chinese hardware and services in his effort to control Venezuelan citizens,” the report says. 

Sophisticated and simple internet blockades 

The Maduro government’s efforts to block access to the internet by domestic opponents are “very crude,” according to Luis Carlos Díaz, president of the Venezuelan chapter of the Internet Society, a U.S.-based nonprofit that advocates for open development of the internet. 

He said it takes nothing more than a phone call from a government official to the operator of a web portal to have a website or social media outlet blocked for a time. 

However, in 2019, Venezuela blocked The Onion Router, or TOR, one of the most sophisticated systems used globally to allow internet users to remain anonymous and bypass censorship. The platform directs messages through a worldwide network of servers so the origin of a message cannot be identified. 

Diaz said that, unlike other recurrent blockades in Venezuela, the TOR hack did require a higher level of knowledge. 

“There, we raised alerts because it was excessively serious,” he told VOA. “It meant that the Venezuelan government was using technology like the one used in China to block users who had TOR, a tool used to circumvent censorship.” 

The TOR blockade lasted a week, and Díaz said he doubts that the Venezuelan government did it by itself, because it lacks the highly trained people needed for such a complex operation. 

China’s role in Cuba 

The internet infrastructure in Cuba was also built with equipment acquired from Chinese companies. The Swedish organization Qurium, in a report published at the beginning of 2020, said it had detected Huawei eSight network management software on the Cuban internet. The purpose of the software is to help filter web searches, according to this organization. 

Cuban dissidents say the only way to access pages censored by the government on the island is through a virtual private network or VPN, which tricks the system into believing that the user is in another country. 

This “is the only way to enter any controlled website,” said journalist Luz Escobar, who converts web content into PDF format or newsletters and sends those by email to users of 14yMedio, an independent digital news outlet that is blocked from uploading its content to the internet. In Cuba, however, “few people master this technique,” she said. 

Internet censorship in Cuba was investigated in 2017 by the Open Observatory of Network Interference (OONI), a volunteer-based organization that monitors internet censorship around the world. The group said it was able to determine that a Chinese company had developed software for public Wi-Fi portals on the island “because they left comments in the source code in Chinese.” 

“We also found a wide use of Huawei equipment,” said Arturo Filastó, a project leader at OONI who had traveled to Cuba and tested various Wi-Fi connection points provided by the government. 

Voice of America asked for comments from the three government entities in question — Cuba, Venezuela and China — but did not receive responses from any of them before publication. 

China continues to tutor countries with an “authoritarian tendency” 

In a 2021 report on internet censorship, Freedom House said Venezuelan officials, along with representatives from 36 other countries including Saudi Arabia and Syria, participated in Chinese government training and seminars on new media and information management. 

China has organized forums such as the World Internet Conference in 2017 “where it imparts its norms to authoritarian-leaning governments,” the report concluded. 

Justin Sherman, an information security expert at the Atlantic Council’s Cyber Statecraft Initiative, told VOA that Chinese companies like Huawei and ZTE have “been involved all over the world, not just in Venezuela, in creating programs of internet censorship surveillance for governments, intelligence services and police agencies.” 

Sherman said it is not clear whether Chinese companies sell their surveillance technology to authoritarian governments solely for profit. The thesis of the 2020 Senate Relations Committee report is that there is an interest in China to go beyond the sale of its technology services to extend its policy of “digital authoritarianism in the world.” 

This article originated in VOA’s Latin America Division.
…

Ukraine was hit by a massive cyberattack warning its citizens to “be afraid and expect the worst”, and Russia, which has massed more than 100,000 troops on its neighbor’s frontier, released TV pictures on Friday of more forces deploying in a drill.

The developments came after no breakthrough was reached at meetings between Russia and Western states, which fear Moscow could launch a new attack on a country it invaded in 2014.

“The drumbeat of war is sounding loud,” said a senior U.S. Diplomat.

Russia denies plans to attack Ukraine but says it could take unspecified military action unless demands are met, including a promise by the NATO alliance never to admit Kyiv.

Russia said troops in its far east would practice deploying to far-away military sites for exercises as part of an inspection. Defense Ministry footage released by RIA news agency showed numerous armored vehicles and other military hardware being loaded onto trains in the Eastern Military District.

“This is likely cover for the units being moved towards Ukraine,” said Rob Lee, a military analyst and a fellow at the U.S.-based Foreign Policy Research Institute.

The movements indicated Russia has no intention of dialing down tensions over Ukraine, having used its troop build-up to force the West to the negotiating table and press sweeping demands for “security guarantees” – key elements of which have been described by the United States as non-starters.

Ukrainian authorities were investigating a huge cyberattack, which hit government bodies including the ministry of foreign affairs, cabinet of ministers, and security and defense council.

“Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it,” said a message visible on hacked

government websites, written in Ukrainian, Russian and Polish.

“All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”

Ukraine’s foreign ministry spokesperson told Reuters it was too early to say who could be behind the attack but said Russia had been behind similar strikes in the past. Russia did not immediately comment but has previously denied being behind cyberattacks on Ukraine.

The Ukrainian government said it had restored most of the affected sites and that no personal data had been stolen. Several other government websites had been suspended to prevent the attack from spreading.

The European Union’s top diplomat, Josep Borrell, condemned the attack and said the EU’s political and security committee and cyber units would meet to see how to help Kyiv: “I can’t blame anybody as I have no proof, but we can imagine.”

The message left by the cyberattack was peppered with references that echoed long-running Russian state allegations, rejected by Kyiv, that Ukraine is in the thrall of far-right nationalist groups. It referenced Volhynia and Eastern Galicia, the site of killings carried out in Nazi German-occupied Poland by Ukrainian insurgents, a point of contention between Poland and Ukraine.

The United States warned on Thursday that the threat of a Russian military invasion was high. Russia has consistently denied that. 

Moscow said dialogue was continuing but was hitting a dead end as it tried to persuade the West to bar Ukraine from joining NATO and roll back decades of alliance expansion in Europe.

The United States and NATO have rejected those demands but said they are willing to talk about arms control, missile deployments, confidence-building measures and limits on military exercises.

Russian Foreign Minister Sergei Lavrov said on Friday that Moscow was awaiting a point-by-point written response to its proposals.
…