Ukraine security services say ‘too early’ to identify cyber attack culprits

It is “too early” to identify the culprits behind a small wave of unsophisticated cyber attacks that targeted Ukraine on Tuesday, according to a state security official.

Ilya Vityuk, who heads Ukraine‘s security service cyber department, told journalists that their only suspect was Russia, although this wasn’t a formal attribution.

He said officials detected “a trace of foreign intelligence services” in connection with the attacks, which are ongoing although no longer impacting online services.

Cyber, war and Ukraine: What does recent history teach us to expect?

Ministry of defence websites and two of the country’s banks were unable to provide online services – alongside reports of ATM services being down – as a result of a distributed denial of service (DDoS) attack.

DDoS attacks are among the least sophisticated type of online attack. They overload network resources with connection requests so that the service can’t respond to them all and effectively goes down.

They are often conducted by lone hackers, although such attackers lack the resources to continue the attack for a long period. Ukraine says Tuesday’s attack is ongoing, but that the state authorities have been able to overcome them.

DDoS attacks are incapable of accessing any data on the network itself and so cannot steal data, although they have been used as distraction techniques while more serious data thefts occur.

During the public briefing, one official acknowledged this potential, but said the authorities had not received any reports of data theft or destruction.

Regarding the link to a foreign intelligence service, Mr Vityuk explained: “An individual hacker or a group of hackers cannot afford to spend such money. Such attacks are carried out by states through special services and special infrastructure.”

“And today we know that the only country that is interested in such… attacks on our state, especially against the backdrop of massive panic about a possible military invasion, the only country that is interested is the Russian Federation,” he added.

Mr Vityuk said that there may be a connection to cyber security incidents in January which featured website defacements – later described as cover for more destructive cyber activities – by a hacking group that has been linked to Belarus, which has close relations with Russia.

Sergey Demidyuk, deputy secretary of Ukraine’s National Security and Defense Council, said: “We consider this attack to be informational and psychological against Ukrainians.”

John Hultquist, vice president of intelligence analysis at cyber security company Mandiant, said: “Though we’ve anticipated disruptive Russian attacks against Ukraine, we’ve seen no evidence of responsibility at this time, and denial of service attacks are notoriously difficult to attribute.”

However he noted with curiosity that the Ukrainian cyber police had indicated “Ukrainians had received fraudulent SMS messages claiming that ATMs were malfunctioning”, and wondered whether this was intended to drive people to use their online banking services to amplify the impact of the attack.