OpsLens

The US and Ukraine Team Up to Tackle Russian Cyber Threat

International hysteria over the Russian hacker threat is often overblown. Unfortunately, the danger posed by Russian cyber capabilities is far from baseless. Moscow has shown itself willing and able to use the cyber-sphere in a variety of ways to advance its agendas.

The latest developments in this years-long saga are recent reports indicating the growing cooperation between the United States and Ukraine in combating regional cyber threats. Last week, a bipartisan legislation bill designed to foster further collaboration on cybersecurity efforts between the U.S. and Ukrainian governments passed in the House of Representatives.

(Credit: Facebook/Congressman Brendan Boyle)

The so-called “Ukraine Cybersecurity Cooperation Act of 2017” (UCCA) was first introduced by Rep. Brendan Boyle (D-PA) in April 2017. The Act seeks to advance three prime objectives: (1) Provide Ukraine the necessary support it needs to increase “security protection on government computers, particularly systems that defend Ukraine’s critical infrastructure”; (2) Help the country achieve cyber independence and reduce reliance on foreign technology, especially hardware and programs coming from Russia, and (3) help Ukraine become a competent member of the global cyber community by building the nation’s “capacity, expanding cybersecurity information sharing” and ability to “cooperate in international response efforts.”

The bill came to Congress just three months after reports of a massive cyberattack on Kiev’s power grid that left the entire northern half of the capital city without electricity. According to Ukrainian officials, investigations by IT specialists at the country’s national power company Ukrenergo, found transmissions of data that had not been included in standard protocols. This was more than enough proof the outage was not due to mechanical failure, but rather external interference. The incident wasn’t even Ukraine’s first hacker-executed outage.

Back in December 2015, a first-of-its-kind cyber attack cut the lights off to 225,000 people in western Ukraine, compromising the first ever confirmed hack to take down a power grid. Hackers also sabotaged the power distribution equipment, which complicated attempts by the Ukrainians to restore power. According to privately conducted investigations following the incident, the attack was considered “highly sophisticated.” The attacks behind the hack reportedly spent months studying the networks and siphoning-off operator credentials to gain access to restricted parts of the system. Only afterward did they launch their synchronized assault.  

In June 2017, Ukrenergo was again hit by a devastating cyber campaign using the infamous Petya malware. The company was an early victim of a series of attacks that began in Ukraine itself and spread around the world, knocking out thousands of machines, shutting down ports, factories, and offices in around 60 countries.

Alongside the US efforts, Ukraine is taking its own initiative to bolster its cyber assets. Ukrenergo announced recently that the company will invest up to $20 million in a new cyber defense system. While details of this system are sparse, Ukrenergo did report that the company had teamed up with international consultants to conduct a thorough scan of its network. The scan revealed about 20 specific threats, all of which would be neutralized with the new system.

It is not a secret that all of these developments are meant to address the Russian threat.

Boyle, the Representative that introduced UCCA, is a member of the House Foreign Affairs Committee and outspoken advocate for stronger US relations with Ukraine. Boyle told media sources the bill represented a “strong step forward in the ongoing fight to counter Russia’s intensifying cyber-aggression.”

“The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies…if those programs are compromised in any way, then our competitive advantage and our defense is compromised.” –Charles Sowell

At least part of this “intensifying aggression” Boyle was referring to came to light recently in an investigation by journalists of the Associated Press. According to reports by the outlet, Russian hackers have been engaged in a long concerted effort to steal data from American defense contractors operating in the Middle East and other locations.

The method used by hackers was to trick key contract workers into exposing their sensitive email communications. The hacker group behind the breaches was none other than the notorious Fancy Bear conglomerate — an organization that continues to make headlines by attacking US assets, including governmental sites.

(Credit: Facebook/US-Council)

Fancy Bear went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms, or other sensitive activities. Although a comprehensive list of those victimized is still unavailable, companies breached in the campaign included Lockheed Martin Corp., Raytheon Co., Boeing Co., Airbus Group and General Atomics.

Journalists were reportedly able to identify the defense and security targets from some 19,000 lines of email phishing data created by the hackers over a period of about two years and later collected by the US-based cybersecurity company SecureWorks. The firm’s researchers stumbled upon this data after Fancy Bear accidentally exposed part of its email phishing operation on the internet. The data, which is by no means complete, shows that hackers have been active in this campaign since at least March 2015.

(Credit: Facebook/Cyberlutions)

The trove of data revealed that in addition to defense contractors, hackers targeted a slew of individuals connected to the Democratic party, including some 130 party workers, campaign staffers and other supporters. The list of names included John Podesta and other members of Hillary Clinton’s inner circle. A handful of prominent Republicans were also allegedly targeted.

The implications of this hacking could be quite serious. Charles Sowell, a former advisor to the Director of National Intelligence, who reviewed the list of reported victims, told AP that “The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies” and that “if those programs are compromised in any way, then our competitive advantage and our defense is compromised.”  

This news is even more disconcerting taken in light of other national news reports about Russian probes into US election infrastructure. News of these efforts on Russia’s part is hardly new. What is, though, is the extent of how successful these operations actually were. In a recent interview on NBC, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, said the Department “saw a targeting of 21 states” during the 2016 election, and that a number of the states were “successfully penetrated.””  

The US has been busy bolstering its cyberinfrastructure for some time. The passing of UCCA shows America is expanding its efforts to combat Russian cyber threats to international partnerships. The development of this trend will certainly become an increasingly important factor in the global cyber-threat sphere.