Pro-Russian Forces Break into Ukraine Govt Buildings – Steal Servers

Donetsk Pro-Russian Intruders

Cyber attacks can be a troublesome thing, there are firewalls to ease past and layers of defense to bypass. And then if you do find a way through, your exploit is not always guaranteed to work. But there is another option… You could just break into the target building and steal the servers.

With Russian troops massed on Ukraine’s border many analysts are saying that they could attack at any moment. But it would seem Russia might be content at the moment to foment unrest in Ukraine’s Eastern areas where there is a strong pro-Russia sentiment.

As Russia sent troops with no unit insignias visible into the Crimean Peninsula to confiscate warships and surround bases, they are now sending security forces into border providences to seed unrest from the inside.

Organized groups of several hundred people representing Russian security agencies have arrived in eastern Ukraine from neighboring Russia,” said Yulia Tymoshenko, former Ukrainian prime minister

On Monday night masked pro-Russian protesters looted the Donetsk Province government administration building and were seen removing servers from the building.

But why would they take file servers?

With Government servers in hand, it would not take long to recover all the information from them. It would be much quicker than trying to siphon the data over long distance network lines.

In most cases, physical access equals total access. And once the data is obtained, the attackers would then have a plethora of personal information, account information and important data including sensitive Government documents and communications.

This information would be invaluable to an occupying force as it would most likely reveal which individuals in the government are for your cause and which ones are against it. They could also recover credentials from the servers that could be used to attack other government systems.

It would seem that the server hard drives will end up in Russian intelligence hands very soon, if they are not already.

Advertisements

Russian “Cyber” Snake attacking Ukrainian Systems

Snake BAE

Everyone is expecting Russia to attack Ukrainian computer systems, but the truth may be that they have been doing so right along. One alleged Russian based cyber espionage tool named “Snake” has been active in the Ukraine and other places (even the US) since 2005.

Snake is named after Ouroboros in Ancient Greek mythology, and it was usually displayed as a snake or a dragon eating its own tail. The inference is that of something that is constantly re-creating itself.

Snake infections have been located in several countries – the US Department of Defense have been breached by an earlier version of the program. But as of 2013, the espionage tool usage seems to be aggressively targeting systems in the Ukraine:

Snake samples

BAE systems have recently released a report on Snake. According to the report, the tool seems to have originated from a nation that could fund sophisticated and expensive attack tools.

Martin Sutherland, Managing Director, BAE Systems Applied Intelligence said, “What this research once more demonstrates, is how organised and well-funded adversaries are using highly sophisticated tools and techniques to target legitimate organisations on a massive scale.”

And, “Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously.”

Snake allows remote access to an infected system, can hide and ex-filtrate pilfered data, seeks to infect other systems, uses stealthy communication techniques, has a rootkit section and can even bypass security features of 64 bit Windows systems.

A couple tell tail clues found during analysis, including time zone information and the language used in some lines of code seem to point to Russia as the tool creator. And with he increased attacks on the Ukraine within the last year makes Russia look even more the culprit.

BAE System’s report covers:

  • How the malware communicates,
  • The distinctive architectures which have evolved over the years,
  • The use of novel tricks to by-pass Windows security,
  • How it hides from traditional defensive tools.

Check out the full report on BAE’s website.

Cyber Conflict in the Crimea – Russia already on the Offensive

updated 3/4/2014 -As Russian troops surround military bases in Ukraine, the attacks in the cyber realm have already begun. Ukraine lawmakers are reporting that Russians are attacking their mobile phones.

I confirm that an IP-telephonic attack is under way on mobile phones of members of Ukrainian parliament for the second day in row,” said Valentyn Nalivaichenko, head of Ukraine’s SBU security service.

At the entrance to (telecoms firm) Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation.

Russia, looking more and more like Cold War Soviet Union under Putin, has moved combat troops across the Crimean Peninsula. The move is very reminiscent of the Russian invasion of Georgia in 2008.

And as Russian troops attacked Georgia on the ground, they also flooded them with cyber attacks. This has led many wondering when Russia’s very capable cyber forces would begin attacking the Ukraine’s Infrastructure.

Well, it would seem the moves have already begun.

On Friday, Ukraine’s largest telecom company announced that voice and data connectivity between Crimea and the rest of Ukraine had been interrupted. Remember that this also happened in Georgia when Russian troops invaded.

Though it would seem from reports that instead of using cyber attacks to accomplish this, Russian troops physically cut and sabotaged power and communication lines.

Also, the propaganda machine seems to be in full swing as Pro-Ukraine messages and sites have been blocked on Russian social media sites. News media has been involved too.

There seems to be a marked difference between the English and Russian version of news site RT.com, with the English version being very critical of US and Ukraine, while the Russian version is very different. This hasn’t seemed to escape the attention of pro-Ukraine hackers, as RT.com was apparently hacked on Sunday.

The word “Nazi” was inserted in several places on the English version of the main page:

RT.com acknowledged that they had been hacked, and the page was restored within a short amount of time.

But will Ukraine be as susceptible to Russian cyber attacks as Georgia was? It would appear that though not a member of NATO, Ukraine has recently worked with them to address security issues.

In November NATO and partner members examined cyber security strategies in Ukraine. Volodymyr Porodko, Deputy Chairman of the Security Service of Ukraine stressed its importance, “The relevance of cyber security as a component of national security is driven by the global tendency of unlawful activity being transferred into the virtual realm. This problem does not concern only the interests of the state and society as a whole, but has a direct bearing on every individual.”

But has enough been done to protect Ukrainian infrastructure from Russian hackers?

According to reports, Ukraine does have a capable cyber force and will likely pull a lot of support from western hacktivists. And Russia does have more critical online systems than Ukraine.

Only time will tell how this will play out, but for now, all eyes are on the Crimea.

Compromised Google, Facebook, Twitter Password is the Least of your Problems

American news media and blog sites have been flooded with warnings from cyber do-gooders for everyone to change their Google, Facebook, Yahoo and Twitter passwords after more than 2 million accounts have been compromised.

But if your system was one that was compromised, changing your password is the least of your worries.

Trustwave Spiderlabs announced on Tuesday that a Russian Pony Botnet server has been identified that had stolen credentials for about 2 million accounts. But this isn’t that big of a deal to Americans as of these, the mass majority were from systems in the Netherlands:

Only a tenth of a percent of systems affected were in America, for a grand total of 1,943 accounts!

And boys and girls, this is a Russian botnet server, which means that if your account is one that has been compromised by the botnet, guess what?

Your machine is most likely still infected with a keylogging, account stealing Trojan!

You may want to scan it for viruses and get that botnet client off your system!

This is not the only Pony Botnet Server out there either. In June SpiderLabs found a smaller one that had 650,000 credentials on it.

And while we are talking passwords, unbelievably, it looks like people are still using simple passwords on their social media accounts.

Here are a list of the top 10 passwords used according to SpiderLabs Analysis:

The number one password used was “123456”…

Crazy…