A chilling Russian cyber aim in Ukraine: Digital dossiers

Apr 27, 2022, 9:09 AM | Updated: Apr 28, 2022, 12:00 pm
FILE - People crowd under a destroyed bridge as they try to flee, crossing the Irpin river on the o...

FILE - People crowd under a destroyed bridge as they try to flee, crossing the Irpin river on the outskirts of Kyiv, Ukraine, Tuesday, March 8, 2022. Russia's relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection. (AP Photo/Felipe Dana, File)

(AP Photo/Felipe Dana, File)

BOSTON (AP) — Russia’s relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection.

Ukrainian agencies breached on the eve of the Feb. 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month earlier, a national database of automobile insurance policies was raided during a diversionary cyberattack that defaced Ukrainian websites.

The hacks, paired with prewar data theft, likely armed Russia with extensive details on much of Ukraine’s population, cybersecurity and military intelligence analysts say. It’s information Russia can use to identify and locate Ukrainians most likely to resist an occupation, and potentially target them for internment or worse.

“Fantastically useful information if you’re planning an occupation,” Jack Watling, a military analyst at the U.K. think tank Royal United Services Institute, said of the auto insurance data, “knowing exactly which car everyone drives and where they live and all that.”

As the digital age evolves, information dominance is increasingly wielded for social control, as China has shown in its repression of the Uyghur minority. It was no surprise to Ukrainian officials that a prewar priority for Russia would be compiling information on committed patriots.

“The idea was to kill or imprison these people at the early stages of occupation,” Victor Zhora, a senior Ukrainian cyber defense official, alleged.

Aggressive data collection accelerated just ahead of the invasion, with hackers serving Russia’s military increasingly targeting individual Ukrainians, according to Zhora’s agency, the State Service for Special Communications and Information Protection.

Serhii Demediuk, deputy secretary of Ukraine’s National Security and Defense Council, said via email that personal data continues to be a priority for Russian hackers as they attempt more government network breaches: “Cyberwarfare is really in the hot phase nowadays.”

There is little doubt political targeting is a goal. Ukraine says Russian forces have killed and kidnapped local leaders where they grab territory.

Demediuk was stingy with specifics but said Russian cyberattacks in mid-January and as the invasion commenced sought primarily to “destroy the information systems of government agencies and critical infrastructure” and included data theft.

The Ukrainian government says the Jan. 14 auto insurance hack resulted in the pilfering of up to 80% of Ukrainian policies registered with the Motor Transport Bureau.

Demediuk acknowledged that the Ministry of Internal Affairs was among government agencies breached Feb. 23. He said “a small part” of the ministry’s data was stolen “but so far no case of its use has been established.” He did not provide specifics. Security researchers from ESET and other cybersecurity firms that work with Ukraine said the networks were compromised months earlier, allowing ample time for stealthy theft.

The data collection by hacking is a work long in progress.

A unit of Russia’s FSB intelligence agency that researchers have dubbed Armageddon has been doing it for years out of Crimea, which Russia seized in 2014. Ukraine says it sought to infect more than 1,500 Ukrainian government computer systems.

Since October it has tried to breach and maintain access to government, military, judiciary and law enforcement agencies as well as nonprofits, with a primary goal of “exfiltrating sensitive information,” Microsoft said in a Feb. 4 blog post. That included unnamed organizations “critical to emergency response and ensuring the security of Ukrainian territory,” plus humanitarian aid distribution.

Post-invasion, hackers have targeted European organizations that aid Ukrainian refugees, according to Zhora and the cybersecurity firm Proofpoint. Authorities have not specified which organizations or what may have been stolen.

Yet another attack, on April 1, crippled Ukraine’s National Call Center, which runs a hotline for complaints and inquiries on a wide array of matters: corruption, domestic abuse, people displaced by the invasion, war veteran benefits. Used by hundreds of thousands of Ukrainians, it issues COVID-19 vaccine certificates and collects callers’ personal data including emails, addresses and phone numbers.

Adam Meyers, senior vice president of intelligence at the cybersecurity firm CrowdStrike, believes the attack may, like many others, have a greater psychological than intelligence-gathering impact — aiming to degrade Ukrainians’ trust in their institutions.

“Make them scared that when the Russians take over, if they don’t cooperate, the Russians are going to know who they are, where they are and come after them,” Meyers said.

The attack knocked the center offline for at least three days, center director Marianna Vilshinska said: “We couldn’t work. Neither phones nor chatbots worked. They broke down all the system.”

Hackers calling themselves the Cyber Army of Russia claimed to steal personal data on 7 million people in the attack. However, Vilshinska denied they breached the database with users’ personal information. “They didn’t get any valuable information,” she said.

She confirmed that a contact list the hackers posted online of more than 300 center employees was genuine as well as a spreadsheet with employee passwords. But she said other files the hackers posted — listing 3 million names and phone numbers and 1 million addresses — were not from the center.

Spear-phishing attacks in recent weeks have focused on military, national and local officials, aimed at stealing credentials to open government data troves. Such activity relies heavily on Ukraine’s cellular networks, which Meyers of CrowdStrike said have been far too rich in intelligence for Russia to want to shut down.

On March 31, Ukraine’s SBU intelligence agency said it had seized a “bot farm” in the eastern region of Dnipropretrovsk that was controlled remotely from Russia and sent text messages to 5,000 Ukrainian soldiers, police and SBU members urging them to surrender or sabotage their units. Agency spokesman Artem Dekhtiarenko said authorities were investigating how the phone numbers were obtained.

Gene Yoo, CEO of the cybersecurity firm ReSecurity, said it likely was not difficult: Subscriber databases of major Ukrainian wireless companies have been available for sale by cybercriminals on the dark web for some time — as they are for many countries.

If Russia is successful at taking control of more of eastern Ukraine, stolen personal data will be an asset. Russian occupiers have already collected passport information, a top Ukrainian presidential adviser tweeted recently, that could help organize separatist referendums.

Ukraine, for its part, appears to have done significant data collection — quietly assisted by the U.S., the U.K., and other partners — targeting Russian soldiers, spies and police, including rich geolocation data.

Demediuk, the top security official, said the country knows “exactly where and when a particular serviceman crossed the border with Ukraine, in which occupied settlement he stopped, in which building he spent the night, stole and committed crimes on our land.”

“We know their cell phone numbers, the names of their parents, wives, children, their home addresses,” who their neighbors are, where they went to school and the names of their teachers, he said.

Analysts caution that some claims about data collection from both sides of the conflict may be exaggerated.

But in recordings posted online by Ukrainian Digital Transformation Minister Mikhailo Fedorov, callers are heard phoning the far-flung wives of Russian soldiers and posing as Russian state security officials to say parcels shipped to them from Belarus were looted from Ukrainian homes.

In one, a nervous-sounding woman acknowledges receiving what she calls souvenirs — a woman’s bag, a keychain.

The caller tells her she shares criminal liability, that her husband “killed people in Ukraine and stole their stuff.”

She hangs up.


AP data journalist Larry Fenn in New York and Inna Varenytsia in Kyiv, Ukraine, contributed to this report.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Associated Press

Official: Germans using too much gas to avoid energy crisis

BERLIN (AP) — Germans are using too much gas to avoid a potential energy “emergency” this winter, the head of Germany’s national network regulator warned Thursday. “Gas consumption increased by too much last week,” said Klaus Mueller, head of Germany’s network agency. With the reduction in natural gas flows from Russia amid the war in […]
1 day ago
Associated Press

Ukraine leader says Putin wouldn’t survive nuclear attack

CANBERRA, Australia (AP) — Ukraine President Volodymyr Zelenskyy said on Thursday it was “hard to say” whether the risk of nuclear war had increased with his military’s territorial gains, but he remains confident his Russian counterpart would not survive such as escalation in hostilities. Zelenskyy was addressing the Lowy Institute international think tank in Sydney […]
1 day ago
FILE - Emergency personnel work at the site of a train which was derailed in Santiago de Compostela...
Associated Press

Spain: Train crash driver says he couldn´t avert accident

MADRID (AP) — The driver of a train that crashed in Spain in 2013, killing 80 passengers and injuring 145 others, told a court Thursday that he had braked but couldn´t avoid the accident. He said there had been no signals warning him to reduce speed before the curve where the crash occurred. Spain’s state […]
1 day ago
Associated Press

Gambia urgently recalls syrups blamed for 66 child deaths

BANJUL, Gambia (AP) — Gambia has launched an urgent door-to-door campaign to remove cough and cold syrups blamed for the deaths of more than 60 children from kidney injury in the tiny West African country. Speaking to The Associated Press, the Director of Health Dr. Mustapha Bittaye confirmed the wave of child deaths from acute […]
1 day ago
French President Emmanuel Macron delivers a speech at the Sub-Prefecture in Saint-Nazaire after a v...
Associated Press

France fights winter shortages with new energy-saving drive

PARIS (AP) — “Every gesture counts” is the watchword of a French government energy-saving drive unveiled Thursday to get the country through the winter without gas from Russia and closer to European Union targets of reaching climate neutrality by 2050. The French push for “energy sobriety,” months in the planning, dovetails with gas- and electricity-saving […]
1 day ago
A medical attendant disinfects the rubber boots of a medical officer before leaving the Ebola isola...
Associated Press

CDC, WHO, Uganda to host regional meeting as Ebola spreads

NAIROBI, Kenya (AP) — The Africa Centers for Disease Control and Prevention says Uganda next week will host a ministerial meeting on the outbreak of the Sudan strain of the Ebola virus which has no proven vaccine and has caused alarm in the East Africa region. Acting director Ahmed Ogwell told journalists on Thursday the […]
1 day ago

Sponsored Articles

Anacortes Christmas Tree...

Come one, come all! Food, Drink, and Coastal Christmas – Anacortes has it all!

Come celebrate Anacortes’ 11th annual Bier on the Pier! Bier on the Pier takes place on October 7th and 8th and features local ciders, food trucks and live music - not to mention the beautiful views of the Guemes Channel and backdrop of downtown Anacortes.
Swedish Cyberknife Treatment...

The revolutionary treatment of Swedish CyberKnife provides better quality of life for majority of patients

There are a wide variety of treatments options available for men with prostate cancer. One of the most technologically advanced treatment options in the Pacific Northwest is Stereotactic Body Radiation Therapy using the CyberKnife platform at Swedish Medical Center.
Work at Zum Services...

Seattle Public Schools announces three-year contract with Zum

Seattle Public Schools just announced a three-year contract with a brand-new company to the Pacific Northwest to assist with their student transportation: Zum.
Swedish Cyberknife 900x506...

June is Men’s Health Month: Here’s Why It’s Important To Speak About Your Health

According to the Centers for Disease Control and Prevention, men in the United States, on average, die five years earlier than women.

Anacortes – A Must Visit Summertime Destination

While Anacortes is certainly on the way to the San Juan Islands (SJI), it is not just a destination to get to the ferry… Anacortes is a destination in and of itself!

Ready for your 2022 Alaskan Adventure with Celebrity Cruises?

Celebrity Cruises SPONSORED — A round-trip Alaska cruise from Seattle is an amazing treat for you and a loved one. Not only are you able to see and explore some of the most incredible and visually appealing natural sights on the planet, but you’re also able to relax and re-energize while aboard a luxury cruise […]
A chilling Russian cyber aim in Ukraine: Digital dossiers