20 June 2014

New Details of Massive Cyber Attack During Last Month’s Ukrainian National Elections

Mark Clayton 
June 18, 2014 
Ukraine election narrowly avoided ‘wanton destruction’ from hackers 
Christian Science Monoitor 
David Mdzinarishvili/Reuters
View Caption 

A three-pronged wave of cyber-attacks aimed at wrecking Ukraine’s presidential vote – including an attempt to fake computer vote totals – was narrowly defeated by government cyber experts, Ukrainian officials say.

The still little-known hacks, which surfaced May 22-26, appear to be among the most dangerous cyber-attacks yet deployed to sabotage a national election – and a warning shot for future elections in the US and abroad, political scientists and cyber experts say.

National elections in the Netherlands, Norway, and other nations have seen hackers probe Internet-tied election systems, but never with such destructive abandon, said experts monitoring the Ukraine vote.

“This is the first time we’ve seen a cyber-hacktivist organization act in a malicious way on such a grand scale to try to wreck a national election,” says Joseph Kiniry, an Internet voting systems cyber-security expert. “To hack in and delete everything on those servers is just pillaging, wanton destruction.”

That wanton destruction began four days ahead of the national vote, when CyberBerkut, a group of pro-Russia hackers, infiltrated Ukraine’s central election computers and deleted key files, rendering the vote-tallying system inoperable. The next day, the hackers declared they had “destroyed the computer network infrastructure” for the election, spilling e-mails and other documents onto the web as proof.

A day later, government officials said the system had been repaired, restored from backups, and was ready to go. But it was just the beginning.

Only 40 minutes before election results were to go live on television at 8 p.m., Sunday, May 25, a team of government cyber experts removed a “virus” covertly installed on Central Election Commission computers, Ukrainian security officials said later.

If it had not been discovered and removed, the malicious software would have portrayed ultra-nationalist Right Sector party leader Dmytro Yarosh as the winner with 37 percent of the vote (instead of the 1 percent he actually received) and Petro Poroshenko (the actually winner with a majority of the vote) with just 29 percent, Ukraine officials told reporters the next morning.

Curiously, Russian Channel One aired a bulletin that evening declaring Mr. Yarosh the victor with 37 percent of the vote over Mr. Poroshenko with 29 percent, Ukraine officials said.

“Offenders were trying by means of previously installed software to fake election results in the given region and in such a way to discredit general results of elections of the President of Ukraine,” the Ukrainian Security Service (SBU) said in a statement.

Still, there was more to come.

In the wee hours of the morning after polls closed, as results flowed in from Ukrainian election districts, Internet links feeding that data to the vote tally system were hit with a barrage of fake data packets – known as distributed denial of service (DDoS) attacks. So from about 1 to 3 a.m. on May 26, election results were blocked, delaying the finally tally until the early morning, a preliminary report by international election observers recounted.

An analysis of the DDoS attack by Arbor Networks, a Burlington, Mass., cyber-security company, ties it to CyberBerkut.

In the end, international observers declared Ukraine’s vote “a genuine election.” But US researchers say it’s clear that Ukraine dodged a major cyber-bullet.


“We’ve seen vote fraud before in Ukraine, including a rigged computer system in 2004,” says Peter Ordeshook, a California Institute of Technology political scientist. “But this wasn’t an effort to steal the election outcome, so much as to steal the election itself – by entirely discrediting it in the eyes of key segments of the population in Ukraine and in Russia, too.”

While it was well understood across most of Ukraine and internationally that the far-right candidate Yarosh had little political support, the faked results would have lent credibility to Russian-inspired accounts that the popular revolt last fall against the Ukraine government was fomented by ultra-nationalists.

“In that light, the cyber fakery looks incredibly clumsy from the outside because no one there would have believed it,” Dr. Ordeshook says. “But these faked results were geared for a specific audience in order to feed the Russian narrative that has claimed from the start that ultra-nationalists and Nazis were behind the revolution in Ukraine.”

If the virus with the faked computer results had not been discovered, it would have fomented unrest across the volatile ethnic-Russian Donetsk region now under the shadow of Russian forces on the border with Ukraine, he says. Such spurious results also would have undermined the credibility of the new Ukraine government and could have paved the way for Russian military action, say political scientists who monitor Ukraine elections.

The Ukraine hack is a stark warning for the US and other democracies that use the Internet for tabulation and even direct voting, election security experts say. One clear lesson, they say, is to always have paper ballots to back up election results – like Ukraine – and to avoid Internet voting.

“The Ukraine attack story demonstrates there is no shortage of methods which a determined adversary will make use of to sabotage an election,” says Pamela Smith, president of the Verified Voting Foundation, a US group that has researched US election systems security.

In the runup to the election, President Obama on May 2 warned Russia not to interfere or the US “will not have a choice but to move forward with additional, more severe sanctions.”

Since then, US officials appear reluctant to make too much of the attacks. References to the cyber-attacks have been brief and oblique. With anonymity cloaking cyber-attacks across the Internet, it’s difficult to tell how deeply involved Russia’s government might have been.

Ukraine experienced “cyber-attacks on the Central Election Commission of the kind that generally would require outside support,” Victoria Nuland, assistant secretary of State for European affairs, acknowledged in a May 27 interview on the Charlie Rose show. Mark Green, a former congressman, said in Senate testimony June 6 that he had been told by a US diplomat of a failed Russian cyber-attack on the election.

Ukrainian officials have been unabashed in throwing blame at Russia, saying that arrests were made in the case, although no names have yet been made public.

"It was prepared in advance and stored on Russian (Internet) re-sources," Volodymyr Zverev, head of the Ukraine’s Administration of Public Service of Special Communication and Protection of Information said of the malware that was intended to deliver the fake election results, according to Interfax-Ukraine. "They wanted to, and made the preparations, but they did not succeed."

While Russian hacktivists appear to be linked to at least some of the attacks, not everyone agrees the Russian government had a hand in the most devious element. Internet security expert Mr. Kiniry, for instance, says there is no solid proof yet to back the Ukrainian government claim of a virus carrying fake election results.

Others say Russia’s paw prints are all over the attack.

“Did Russia attempt to sway the Ukrainian Presidential Election? I honestly don’t know the answer to that,” says Jeffery Stutzman, CEO of Red Sky Alliance, a cyber-security group in New Hampshire.

But, he adds, “the idea that these guys were trying to poison the election result by compromising the election commission computers is amazing to me – and this coincidence with the Russian channel showing the same fake results – is just too much. If it walks like a duck and quacks like one, maybe it’s a duck.” 

June 18, 2014 

Israel Skylark UAV Aids ‘Operation Brother’s Keeper’ 

Barbar Opall-Rome 

Defense News 

June 17, 2014 

TEL AVIV — The Elbit Systems-produced Skylark UAV is chalking up hundreds of flight hours in “Operation Brother’s Keeper,” Israel’s ongoing incursion in the West Bank targeting the Hamas organization it blames for last Thursday’s abduction of three Israeli teens.

Now in its fifth day, the operation is steadily expanding from its initial focus on the area south of Hebron to points throughout the Palestine Authority-administered territory.

Defense sources here say the Israel Defense Forces (IDF) has deployed nearly a division-sized force of infantry, paratroopers and commandos supported by hundreds of operatives from the Shin Bet security service and the Israel Police.

Use of the Skylark in support of ground forces engaged in house-to-house maneuvering operations marks the first wide-scale deployment of the system since it was first fielded in 2010, sources here say.

The tactical UAV, known here as Skyrider, is operated by the IDF’s Artillery Corps. In the current operation, it is used not in its primary “sensor-to-shooter” mission, but rather in a mission-tailored “sensor-to-commander” role aimed at minimizing casualties of uninvolved civilians, said Maj. Aviv Koltonof, deputy commander of the Skyrider Unit.

“In our training, we work on bringing critical intelligence in real time to the shooters,” Koltonof told reporters here Tuesday.

But in Operation Brother’s Keeper, the system is being used more in a force protection role, spotting local Palestinians on rooftops who may pose a threat to approaching ground forces.

“We are bringing very unique information to the forces working down in the streets, since they cannot see what’s up on the roofs,” Koltonof said.

“They can’t see things over the next house to know if there are any people there who can assist the enemy.”

In contrast, he said, Skylark has an unobstructed view of potential threats at ranges of up to 15 kilometers.

Koltonof credited Skyrider surveillance operations for thwarting attacks on IDF ground troops as well as unnecessary clashes with civilians.

“Every night, [UAV-generated intelligence] allows our forces to change their route of entering the village. … Or it allows them to abort the mission,” he said.

The IDF officer said several teams from the Artillery Corps are operating simultaneously in the West Bank theater, flying “very close to the ground,” at altitudes of 300-400 meters.

High-resolution day and night imagery generated from the UAV’s payload, by Hod Hasharon-based Controp Precision Technologies, is streamed over the IDF’s secure Tzayad digital C4I network to war rooms in Israel, and to company and battalion commanders in the field.

“Our mission is to bring this unique information to the ground forces, who know what to do with it,” he said.

No comments: