Cyber Conflict in the Crimea – Russia already on the Offensive

updated 3/4/2014 -As Russian troops surround military bases in Ukraine, the attacks in the cyber realm have already begun. Ukraine lawmakers are reporting that Russians are attacking their mobile phones.

I confirm that an IP-telephonic attack is under way on mobile phones of members of Ukrainian parliament for the second day in row,” said Valentyn Nalivaichenko, head of Ukraine’s SBU security service.

At the entrance to (telecoms firm) Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation.

Russia, looking more and more like Cold War Soviet Union under Putin, has moved combat troops across the Crimean Peninsula. The move is very reminiscent of the Russian invasion of Georgia in 2008.

And as Russian troops attacked Georgia on the ground, they also flooded them with cyber attacks. This has led many wondering when Russia’s very capable cyber forces would begin attacking the Ukraine’s Infrastructure.

Well, it would seem the moves have already begun.

On Friday, Ukraine’s largest telecom company announced that voice and data connectivity between Crimea and the rest of Ukraine had been interrupted. Remember that this also happened in Georgia when Russian troops invaded.

Though it would seem from reports that instead of using cyber attacks to accomplish this, Russian troops physically cut and sabotaged power and communication lines.

Also, the propaganda machine seems to be in full swing as Pro-Ukraine messages and sites have been blocked on Russian social media sites. News media has been involved too.

There seems to be a marked difference between the English and Russian version of news site RT.com, with the English version being very critical of US and Ukraine, while the Russian version is very different. This hasn’t seemed to escape the attention of pro-Ukraine hackers, as RT.com was apparently hacked on Sunday.

The word “Nazi” was inserted in several places on the English version of the main page:

RT.com acknowledged that they had been hacked, and the page was restored within a short amount of time.

But will Ukraine be as susceptible to Russian cyber attacks as Georgia was? It would appear that though not a member of NATO, Ukraine has recently worked with them to address security issues.

In November NATO and partner members examined cyber security strategies in Ukraine. Volodymyr Porodko, Deputy Chairman of the Security Service of Ukraine stressed its importance, “The relevance of cyber security as a component of national security is driven by the global tendency of unlawful activity being transferred into the virtual realm. This problem does not concern only the interests of the state and society as a whole, but has a direct bearing on every individual.”

But has enough been done to protect Ukrainian infrastructure from Russian hackers?

According to reports, Ukraine does have a capable cyber force and will likely pull a lot of support from western hacktivists. And Russia does have more critical online systems than Ukraine.

Only time will tell how this will play out, but for now, all eyes are on the Crimea.

Advertisements

Iran inside US Navy Unclassified Intranet System for Four Months

Navy NMCI

It took the Navy longer than previously reported to remove Iranian hackers from the Navy and Marine Corps Intranet (NMCI). According to the Wall Street Journal, the hackers had access to the system last year for four months.

The hackers were able to gain access via a hole in a public facing website and conducted surveillance on the intranet, though a senior official told the WSJ that no emails were hacked and no data was extracted.

The NMCI is the largest enterprise network in the world and second only to the internet itself in size. It handles about 70% of the Department of the Navy’s IT needs. It encompasses more than 360,000 computers and 4,100 servers connected together in over 600 locations.

The sheer size of this network makes is very difficult to secure. IT specialists have to make sure everything is kept updated and all security issues are dealt with on the hundreds of thousands of systems.

Attackers just need to find one opening to exploit.

Then once someone does gain access into a network of this size, it can take a long time for security specialists to analyze what was touched, what was compromised and what, if any, backdoors were left.

Though the system is the Navy’s unclassified network, the fact that Iran was able to gain access to this military intranet is very concerning.

It was a real big deal, it was a significant penetration that showed a weakness in the system.” a senior official told the WSJ.

Of interest to this story too, is that just five days after the breach was initially disclosed last year, an Iranian cyber commander was apparently assassinated.

Iranian Cyber Commander Mojtaba Ahmadi’s body was found in a remote area near Karaj. Initial police reports stated that he has shot by two men on a motorbike.

An eyewitness reported that there were “two bullet wounds on his body”, and that ‘”The extent of his injuries indicated that he had been assassinated from a close range with a pistol“.

This style of attack seems to be a very similar to a tactic used by Israeli secret agents.

Though it has not been proved that Israel was involved, and Iranian officials later denied that Ahmadi was assassinated – One thing seems true, physical responses for cyber attacks seem to be on the table.

And, you don’t mess with the United States Marine Corps!

Syrian Hacker Group (SEA) claims to be able to Hack any Website

A video has surfaced this week showing an alleged interview with the commander of the Syrian based hacker group “Syrian Electronic Army” (SEA). In the video the speaker claims that the SEA hacker group can hack any website that posts false information about Syria within just a few hours.

The SEA has gained notoriety by hacking several western news company websites and social media outlets. One of their favorite tactics to gain access seems to be via social engineering. From reports, the group sends very believable e-mails containing booby trapped links.

Though most of the attacks seem to be more nuisance type attacks, the SEA did successfully defaced a US Marine Corps recruiting site last month. I doubt they are on the top list of targets for retaliation by US Cyber Command, as our forces are more concerned with attacking military and infrastructure type targets. But messing with the Marines probably isn’t the wisest thing to do.

What I am curious of though is if the US would ever escalate to kinetic attacks on hacker group leaders. Earlier this month one of Iran’s cyber commanders was executed, presumably by Israeli forces.

Time will tell I guess…

Did Israeli Mossad Assassinate an Iranian Cyber Commander?

Mossad Logo, Translated Text says, "Where no wise direction is, a people falleth; but in the multitude of counsellors there is safety." Pr 11:14
Mossad Logo, Translated Text says, “Where no wise direction is, a people falleth; but in the multitude of counsellors there is safety.” Pr 11:14

Mojtaba Ahmadi, a commander of Iranian cyber forces has been apparently assassinated at close range by two people on a motorcycle. With similar assassinations taking place in Iran, one has to ask, “Was this an Israeli operation?”

According to reports, Ahmadi was shot two times in the heart at close range by two unknown assailants.

“I could see two bullet wounds on his body and the extent of his injuries indicated that he had been assassinated from a close range with a pistol,” an eyewitness told a Revolutionary Guard backed website.

The attack involving assailants on motor bikes sounds like a tactic used several times against Iranian Nuclear and Missile Scientists. Six key Iranians have been assassinated since 2007. And for years Iran and other nations have accused the Mossad of the strikes.

We may never know who was actually responsible, but with cyber attacks coming from Iran and with Iran’s nuclear threat against Israel, it would seem that they might have taken things into their own hands.

And that may now include physically targeting Iran’s cyber warriors.