Ukrainian parliamentary election interference (2014)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date October 2014 shortly before the Ukrainian parliamentary elections were held.
Suspected Actor A pro-Russian hacktivist group called CyberBerkut with suspected ties to the GRU hacker group known as APT28 (or Fancy Bear) was allegedly responsible for the attacks.[1]
Target and Method Four days before the national vote, the Ukrainian central election system was compromised and critical files were deleted, rendering the vote-tallying system inoperable; three days before the national vote, CyberBerkut released exfiltrated data onto the internet as proof of the success of the operation.[2]

Malware, which would have portrayed ultra-nationalist candidate Dmytro Yarosh as the winner with 37 percent of the vote and candidate Petro Poroshenko as having 29 percent of the vote, was installed.[2]

Shortly after polls closed, the website of the Ukrainian Central Election Commission, which organized the elections, was shut down. Ukrainian security officials characterized the operation as a distributed denial-of-service (DDoS) attack, which can slow down or disable a network by flooding it with communications requests.[2]

Purpose The Central Election Commission described the attack as "just one component in an information war being conducted against our state".[3] The attack can be seen as part of the ongoing conflict between Russia and Ukraine, which had started with the annexation of the Crimean Peninsula by Russia in February-March 2014.[4]
Result The vote-tallying system was restored, using backups, three days before the national vote.[2]

Ukrainian cybersecurity personnel were able to remove the malware 40 minutes before election results went live, preventing it from releasing erroneous results.[2]

Election results were blocked for two hours and the final tally was delayed.[2] Nonetheless, Ukrainian officials announced that they had prepared for the possibility of a DDoS attack and used a backup to restore the entire system.[3]

Aftermath Russian media announced that Dmytro Yarosh had won the election with 37 percent of the vote and that Petro Poroshenko had obtained 29 percent of the vote, despite such erroneous results never having been publicly released by Ukrainian officials.[2]

In 2015, Ukraine was subject to another cyber operation conducted against the Ukrainian power grid.

In 2018, Ukrainian officials noted that they were planning to upgrade their information technology infrastructure prior to the 2019 presidential election in order to address a range of cyber security threats that they had expected to face.[5]

Analysed in Scenario 01: Election interference