Moscow expanding its cyber war against Ukraine



Increasing cyberattacks against strategic objects in Ukraine are part of Russia’s hybrid war against that country, its security services warn; and Kyiv is having to play catch up because as of now it lacks much of the legal framework and technology for defending against them.

On the portal yesterday, Ukrainian journalist Artem Dekhtyarenko says that Moscow is exploiting these shortcomings in order to create chaos and destroy the confidence of Ukrainians in their institutions, thus weakening them and the country as a whole.

One of the reasons Moscow has been able to do this is that its actions are hidden within the broader growth of cybercrime in Ukraine. According to Sergey Demedyuk, who heads the interior ministry’s cybercrime unit, there were 4,800 cybercrimes in Ukraine in 2014; 6,026 in 2015; and the number continues to rise.

Most of these involve fraud or identity theft, but far from all, and “the most dangerous examples of cybercrime” are those directed not against individuals but against Ukrainian businesses and institutions, according to Nikolay Kuleshov, deputy head of the information security department of the SBU (Ukraine’s Security Service).

Separating out official Russian crimes from the mass of cybercrimes is no easy matter, he says, because “Russian special services often use the territories of third countries and do everything they can to mask their involvement” in this sector.

Experts suggest that the Russian security services were behind the recent cyberattack against the Prikarpatyevoblenergo power company which left “hundreds of thousands of Ukrainians without light for almost six hours and also shut down Ukrainian state enterprises including the Borispol airport. (On that, see this article.)

There are traces of Russian involvement in a number of other cases, experts say, and Gennady Gudak, deputy director for information security at the Iqusion Corporation, says that they can involve attacks on “all spheres which today are linked to the Internet and which realize their functions through computer networks.”

Kuleshov adds that “attacks on strategic objects of Ukrainian infrastructure can be directed not only at shutting it down but also to destabilize the situation and to sow chaos and panic among people” who may as a result then engage in protests against Kyiv. The Russians often exploit the fact that Ukrainian institutions often use electronics of Russian origin.

Last week, President Petro Poroshenko signed a decree approving a January 2016 Security Council decision about dealing with cybersecurity and defining key terms like “cyber-terrorism.” And now the interior ministry and SBU are working on new legislation in that area.

But officials acknowledge they have a long way to go: Demedyuk notes that “bringing cybercriminals to justice in Ukraine is complicated by the fact that we do not have a corresponding legal framework.” Indeed, at present, “Ukraine is a more liberal country regarding cybercrime” and cybercriminals often use it as their base.


Moreover, as Gudak points out, Kyiv has been anything but quick in moving on this issue. The first draft documents about cybercrime were worked out four years ago as part of a Ukraine-NATO meeting in Yalta. But only now is Kyiv taking them up formally. If things don’t speed up, Ukraine will face ever greater problems in this area.


Edited by: A. N.

Dear readers! Since you’ ve made it to this point, we have a favor to ask. Russia’s hybrid war against Ukraine is ongoing, but major news agencies have gone away, which is why it's extra important to provide news about Ukraine in English. We are a small independent journalist team on a shoestring budget, have no political or state affiliation, and depend on our readers to keep going (using the chanсe - a big thank you to our generous supporters, we couldn't make it without you.)  If you like what you see, please help keep us online with a donation

Tags: , , ,


  1. Avatar Lev Havryliv says:

    The Putin regime is using every underhand method it can to destabilise Ukraine.

    Putin is obsessed with undermining Ukrainian sovereignty. As a dictator he is dead scared of the emergence of a democratic pluralist Ukrainian nation because he sees this as a threat to his absolute rule in Russia.

    1. Avatar Quartermaster says:

      I think he is running scared of things happening inside Russia as well. The increase in political repression is always a sign of trouble for a regime. The Russian people have been sheep so far, but, hopefully, they will wake up.

  2. Avatar Randolph Carter says:

    This is the sort of situation where I wish a group like Anonymous would get involved and kick some serious Russian ass. I hope Ukraine puts together their own “black hat” group to hit back hard. Many Russian (and sadly, Ukrainian) systems are totally open; their remote machinery is driven by primitive protocols like RS-232; completely open and vulnerable to attack from any point on the line. Hell, RS-232 doesn’t even use TCP; it’s just a big line of wire, mostly systems build around WW2 and after and used to connect remote systems to a central control room.

    But what worries me more is the destructive potential – consider someone hacking railroad switches and sending trains head-on into each other, or changing the instructions to several chemical tanks and causing generation of something simple but deadly like a cloud of hydrogen cyanide. Rearranging bank records is obnoxious and can cause chaos, but shutting off electricity to all of (say) Kharkov or Kiev could be disastrous. Worse yet: there are three reactors still operating at Chernobyl. Just how sane is the midget and would he consider meltdown(s) as a doomsday gambit?

    1. Avatar Quartermaster says:

      RS-232 is much newer than WW2. 50s, as I recall. Prior to that the standard serial communication means was “current loop.” Teletypes worked on current loop, although a few had started appearing with RS-232 in the 70s as Teletypes were dying out. Serial ports often had current loop available in the 70s and 80s because of the legacy equipment lying around that used it.
      The controllers using RS-232 to control equipment, however, are probably connected to the net. Frankly, that’s insanity. If you need a network to control machinery, it should not be connected to the Internet in anyway, unless you intend to accept the vulnerabilities that engenders.

      1. Avatar Randolph Carter says:

        You’re right! – I had forgotten all about current loops and teletypes. I started on teletypes but it had RS232 capability and we never went back! Thanks for the memories 🙂