Add to collection(s) Add to saved
  1. No category
Uploaded by Evan Anderson

A paper on Cyberattacks in Ukraine

advertisement 
The history of cyberattacks causing damage to infrastructure is a short one, having only recently
become a viable way to wage war, or simply wreak havoc. This is the first publicly acknowledged
successful cyberattack on a power grid. In the year 2015, a Russian group of hackers known as
‘Sandworm’ attacked a Ukrainian power grid, and disrupted the power supply to nearly a quarter million
Ukrainian civilian homes, during the brutal Eastern European winter.
This is certainly not the first attack by Sandworm, as they have been involved in cyber attacks
since 2004. Sandworm has been a cyberespionage and cyberwarfare group supporting the Russian
military in operations across the world, from the aforementioned Ukrainian power grid to the Vulkan
files leak, a set of emails and other documents that exposed the Russian company Vulkan as a surrogate
for the Russian Federal Security Service, Their version of the FBI, as a way to censor domestic social
media, perform espionage, and interfere in foreign affairs. In short, Sandworm is not only a means for
Russia to attack foreign entities that they disapprove of or are at war with. It is also a tool for the Russian
federal government to spy on, deter, and oppress their own people.
Previous attacks by Sandworm have been largely effective, primarily against their own people,
even going so far as performing cybercrime against the Russian people as a means for fundraising for the
government. However, across the pond here in the USA, Sandworm has not been nearly as effective at
attacking anything of significance. They mainly target corporations and citizens, hoping to extort
information or money. Another common tactic is to phish company emails in order to gain access to
proprietary information on corporate computers. In places such as factories for Gas Turbine Engines,
which are embargoed by the US for import to Russia or any of it’s neighbors, or for Factories or
developmental centers for Missile Guidance and Control, both of which we have here in Orlando, are
particularly common targets for these types of hack emails. These companies comply with US law
pertaining to Export Control, meaning that the US government has determined that entities with a
interest against the US should never have knowledge of these things, making them an obvious target for
hacking for the Russian government. I have personal experience with this, as I work in that Gas Turbine
Engine factory, and we do not allow foreign nationals from any nation within the grounds of the factory
specifically for this reason. As such, it is common practice in these places to have phishing email
identification trainings, as well as test emails, meant to be harmless reminders of the dangers of falling
for a phishing attack, but nevertheless ending up proving how easy it is for an entire network to fall from
the lax judgement of a single employee.
Sandworm is clearly a Russian sanctioned group of hackers, and is in fact part of the Russian
military intelligence agency known as GRU, or Glavnoye Razvedyvatelnoye Upravlenie, or in English,
Chief Intelligence Office. As such, any criminal or war activity conducted by Sandworm comes directly
from the Russian government and should be treated as such.
The purpose of the 2015 Ukrainian attack on the power grid was simply to try and prove that the
Russian government had the capability to cause discomfort to huge swaths of the Ukrainian population
during the harsh winter, and to threaten further, presumably more damaging actions against both the
civilian population and the military complex of Ukraine. The mode of the attack was largely consistent
with what I spoke of in earlier paragraphs. The first wave of attacks came as a corporate phishing email,
hoping to gather credentials and passwords to corporate computers in a rather mundane way. Again
showing that huge data networks are only as strong as their weakest link, or their most gullible
employee. The second wave of the attack was to gain control of the SCADA for this particular
corporation, the SCADA being the Supervisory Control and Data Acquisition program consisting of
computers, control systems, graphical user interfaces, networked data, and process overviews for the
entire conglomerate of substations and power provider systems in the Ivano-Frankivsk Oblast, a region
of Ukraine containing nearly 230,000 people. Having gained control of the data and control interface for
the entire region, the Russian Federation, spearheaded by Sandworm, chose to simply turn off power to
these people and cause great harm due to the lack of electric heating common in the area. The company
that provided this power was called Prykarpattyaoblenergo, which consisted of thirty substations,
seven of which were 110 kilovolt substations, the rest being 35 kilovolt substations, obviously a
rather important bit of infrastructure for the people living in this area.
However the attack was not limited to Prykarpattyaoblenergo, two other Ukrainian power
providing companies were attacked, although with a lesser effect. Chernivtsioblenergo was one
company, and Kyivoblenergo were attacked and tracked the IP address of the attack to computers
within the Russian Federation, meaning that it was almost certainly the cause of the Sandworm
hacker group.
Another aspect of the attack was a disabling or destruction of IT infrastructure, like UPSs
(Uninterruptible power supplies), internet Modems, Remote Terminal Units (which control the
substations from the main power station), and commutators. In addition to this, files and other data
stored on servers and workstations were deleted by the attack, further contributing to lasting effects
and downtime. Also, DDoS attacks on the call center connected to the stations were executed,
denying consumers information on the attack, sewing chaos, and likely contributing to unrest across
the region. As the cherry on top, the emergency power at the utility company’s operation center was
cut off, throwing off the operators and causing more damage to the systems that may have relied on
being powered at all times.
The main reason that this attack was possible was mainly attributed to the fact that Ukraine
was still running their power grid on unusually and incredibly dilapidated hardware and software,
likely from the Soviet era, which the Russian Federation has understandably a great understanding
of. Because of this, the greater region and the rest of the world has little reason to worry about a
similar attack being effective. However, as of 2022, the weakness of the system still has not been
patched, and the safety of the Ukrainian people that the stations serve largely relies on the ability
and training of the operators. Another reason this attack was successful was the timing. The group
attacked during the holiday season, relying on the skeleton crew of operators to be unable to react
quickly to the threat. Regardless, the attack was only able to cut off power for a maximum of six
hours, or a minimum of a single hour. After the attack, the stations and substations were fixed with
Russian parts and the Russian software still has not been changed, meaning another attack in the
current Russian advance may be likely.
In total, nearly Seventy-Three Mega Watt Hours of energy was lost, and not supplied to the
users in Ukraine, with a projected cost of the attack totaling nearly 2,065,900 Euros lost at a rate of
28.3 Euros per kilowatt hour. This attack had further lasting effects on the Ukrainian infrastructure.
Mostly due to the loss of the data on the servers of the station.
What sets this attack apart from others is it being the first large scale cyberattack that was
effective against infrastructure. In 2013, Iranian hackers were able to hack a dam in New York,
seizing control of the floodgates, however damage was not done, and it was deemed an ineffective
and small-scale attack. This makes what happened in Ukraine groundbreaking and the start of a new
strategy of warfare for the history books.
However, despite the groundbreaking damage that this attack did, it has had little further
attempts or development in recent history. This is largely due to the lack of security that the
Ukrainian facility had, and the weaknesses that the Russian Federation and hacker group new how
to abuse, since their systems are nearly identical, owing to the Soviet Union building the entire
infrastructure for both countries. This means that outside the Russian zone of influence, the old
Soviet Bloc, these types of attacks would almost certainly be ineffective. This does not mean that the
world and cybersecurity experts should not heed this warning and learn what they can from the
attack. This was an act of war on a civilian population and should be treated as such, and sufficient
measures should be taken to prevent this attack from being repeated in Ukraine, or anywhere else in
the world.
References:
Allianz “Expert risk article” (June, 2016) https://www.agcs.allianz.com/news-andinsights/expert-risk-articles/cyber-attacks-on-critical-infrastructure.html
Hulquist, John (2016) “Sandworm team and the Ukrainian Power Authority Attacks”
https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html
https://en.wikipedia.org/wiki/Vulkan_files_leak
https://en.wikipedia.org/wiki/2015_Ukraine_power_grid_hack#:~:text=On%2023%20December
%202015%2C%20hackers,the%20electricity%20supply%20to%20consumers.
Related documents
Chapter 2 UNDERSTANDING FORMAL INSTITUTIONS: POLITICS, LAWS, AND ECONOMICS
Chapter 2 UNDERSTANDING FORMAL INSTITUTIONS: POLITICS, LAWS, AND ECONOMICS
ABSTRACT THESIS: STUDENT:
ABSTRACT THESIS: STUDENT:
the news Городки
the news Городки
Study in Russia this Summer HSE Summer School in Russian Studies
Study in Russia this Summer HSE Summer School in Russian Studies
Resume of Raisa Kulikova (English to Russian, Russian to English
Resume of Raisa Kulikova (English to Russian, Russian to English
The generous International Travel Award helped me to travel to... my research at the 'Russian-French Links in Biology and Medicine'...
The generous International Travel Award helped me to travel to... my research at the 'Russian-French Links in Biology and Medicine'...
Download
advertisement