The head of Ukraine’s cybersecurity agency was in Las Vegas this week, at Black Hat, one of the largest hacking conferences in the world. He said he was there to promote the idea that "we should be united to create some kind of cyber coalition to counter the threats."Victor Zhora, the deputy head of the State Service of Special Communications and Information Protection, denounced Russian’s operations, calling them "cyber war crimes," while praising his country’s defenses.
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
“Since most [Russian] kinetic operations focused on civilian infrastructure and cyber operations supportive of that are exactly the same type of thing, hitting civilian IT infrastructure,” Zhora told Motherboard. “These cases we can treat them as war crimes in cyberspace.”Zhora argued that the International Criminal Court (ICC) should prosecute these types of cyberattacks, those that support real-world operations against civilian targets, and those that hit civilian internet infrastructure. “It should be a good idea to combine all of them to provide enough evidence as proof, and send them to the ICC and change the procedures and let them prosecute these cybercrimes as war crimes,” he concluded. Zhora said he came to Black Hat, one of the biggest cybersecurity conferences in the world, to rally international support to his country’s on the cyber front.“I'm here to send some messages to the community, and just to remind that cybersecurity is a global task,” Zhora said. “It's a global task. We should be united to create some kind of cyber coalition to counter the threats.”He said that he also came to share Ukraine’s experience in the last few months, including deflecting a Russian attack that had the goal of turning off the power grid. The other goal of his trip, he said, was to improve collaboration with Ukraine’s international partners, including the U.S.—he said he had more than 20 meetings in two days—and to raise awareness of the threats to critical infrastructure that Ukraine is facing.
On April 12, Russian government hackers broke into one of Ukraine’s energy companies, trying to cause a blackout that would have hit two million people. With the help of cybersecurity firm ESET, Ukraine’s government and the energy company were able to stifle the attack, and prevent the hackers from turning off the lights.
Zhora said that this was due to several reasons. One, the Russians launched the attack when most of the company’s workstations were off, preventing the hackers from wiping them. Second, he said that it was because his agency provided “rapid response” after getting tipped by ESET that there was an attack ongoing, and reached out to the targeted company right away. “We detected malware immediately when we gained access to [the company’s] network. And we succeeded in mitigating this malware in all network components including the [Operational Technology] network,” Zhora said, referring to OT networks, which are those that directly interface with industrial sensors and machines. When hackers take control of the OT network, they can cause physical real-world damage such as turning off the power grid.
Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.
“We succeeded not even in hours, in minutes,” he said, adding that the Russians have tried to cause blackouts since then, but failed every time. After mitigating the attack, Zhora said that in less than 12 hours they shared the forensic data to other companies, with the goal of helping them be ready in case they were attacked as well. Zhora attributed this success in part to because Ukraine has been under attack for eight years, ever since Russia successfully turned off the lights in two cyberattacks in 2015 and and 2016. This has given his agency the opportunity to learn and improve the country’s defenses, both in the public and private sectors. “They tested us a lot,” Zhora said. And they will certainly continue to do so until the war is over. But it appears that Zhora and his colleagues are ready for the challenge.