Ukrainian parliamentary election interference (2014): Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
m (adding category:DDoS) |
No edit summary |
||
| Line 4: | Line 4: | ||
|- |
|- |
||
! scope="row"|Suspected Actor |
! scope="row"|Suspected Actor |
||
|A pro-Russian hacktivist group called ' |
|A pro-Russian hacktivist group called 'CyberBerkut' with suspected ties to the GRU hacker group known as APT28 (or Fancy Bear) was allegedly responsible for the attacks.<ref>A Greenberg, [https://www.wired.com/story/russia-election-hacking-playbook/ 'Everything We Know About Russia's Election-Hacking Playbook'] ''Wired'' (6 September 2017).</ref> |
||
|- |
|- |
||
! scope="row"|Target and Method |
! scope="row"|Target and Method |
||
| |
|Four days before the national vote, the Ukrainian central election system was compromised and critical files were deleted, rendering the vote-tallying system inoperable; three days before the national vote, CyberBerkut released exfiltrated data onto the internet as proof of the success of the operation.<ref name="CSMonitor">M Clayton, [https://www.csmonitor.com/World/Passcode/2014/0617/Ukraine-election-narrowly-avoided-wanton-destruction-from-hackers 'Ukraine election narrowly avoided "wanton destruction" from hackers'] ''CS Monitor'' (17 June 2014).</ref> |
||
Malware, which would have portrayed ultra-nationalist candidate Dmytro Yarosh as the winner with 37 percent of the vote and candidate Petro Poroshenko as having 29 percent of the vote, was installed.<ref name="CSMonitor" /> |
|||
Shortly after polls closed, the website of the Ukrainian Central Election Commission, which organized the elections, was shut down. Ukrainian security officials characterized the operation as a distributed denial-of-service (DDoS) attack, which can slow down or disable a network by flooding it with communications requests.<ref name="CSMonitor" /> |
|||
|- |
|- |
||
! scope="row"|Purpose |
! scope="row"|Purpose |
||
|The Central Election Commission described the attack as "just one component in an information war being conducted against our state". <ref>[https://news.yahoo.com/hackers-target-ukraines-election-website-204128284.html 'Hackers target Ukraine's election website'] AFP (25 October 2014).</ref> The attack can be seen as part of the ongoing conflict between Russia and Ukraine, which had started with the annexation of the Crimean Peninsula by Russia in February-March 2014.<ref>See, eg, [http://www.rulac.org/browse/conflicts/international-armed-conflict-in-ukraine 'International armed conflict in Ukraine'] ''Rule of Law in Armed Conflicts'' (12 September 2017).</ref> |
|The Central Election Commission described the attack as "just one component in an information war being conducted against our state". <ref name="AFP">[https://news.yahoo.com/hackers-target-ukraines-election-website-204128284.html 'Hackers target Ukraine's election website'] AFP (25 October 2014).</ref> The attack can be seen as part of the ongoing conflict between Russia and Ukraine, which had started with the annexation of the Crimean Peninsula by Russia in February-March 2014.<ref>See, eg, [http://www.rulac.org/browse/conflicts/international-armed-conflict-in-ukraine 'International armed conflict in Ukraine'] ''Rule of Law in Armed Conflicts'' (12 September 2017).</ref> |
||
|- |
|- |
||
! scope="row"|Result |
! scope="row"|Result |
||
|The vote-tallying system was restored, using backups, three days before the national vote.<ref name="CSMonitor" /> |
|||
|Ukrainian officials announced that they were prepared for this case and used a backup to restore the entire system.<ref>[https://news.yahoo.com/hackers-target-ukraines-election-website-204128284.html 'Hackers target Ukraine's election website'] AFP (25 October 2014).</ref> |
|||
Ukrainian cybersecurity personnel were able to remove the malware 40 minutes before election results went live, preventing it from releasing erroneous results.<ref name="CSMonitor" /> |
|||
Election results were blocked for two hours and the final tally was delayed.<ref name="CSMonitor" /> Nonetheless, Ukrainian officials announced that they had prepared for the possibility of a DDoS attack and used a backup to restore the entire system.<ref name="AFP" /> |
|||
|- |
|- |
||
! scope="row"|Aftermath |
! scope="row"|Aftermath |
||
|Russian media announced that Dmytro Yarosh had won the election with 37 percent of the vote and that Petro Poroshenko had obtained 29 percent of the vote, despite such erroneous results never having been publicly released by Ukrainian officials.<ref name="CSMonitor" /> |
|||
| ⚫ | |||
| ⚫ | |||
In 2018, Ukrainian officials noted that they were planning to upgrade their information technology infrastructure prior to the 2019 presidential election in order to address a range of cyber security threats that they had expected to face.<ref>OSCE, [https://www.osce.org/odihr/elections/ukraine/407657?download=true 'Ukraine: Presidential Election 31 March 2019 - ODIHR Needs Assessment Mission Report'] (21 December 2018) 7.</ref> |
In 2018, Ukrainian officials noted that they were planning to upgrade their information technology infrastructure prior to the 2019 presidential election in order to address a range of cyber security threats that they had expected to face.<ref>OSCE, [https://www.osce.org/odihr/elections/ukraine/407657?download=true 'Ukraine: Presidential Election 31 March 2019 - ODIHR Needs Assessment Mission Report'] (21 December 2018) 7.</ref> |
||
|- |
|- |
||
! scope="row"|Analysed in |
! scope="row"|Analysed in |
||
Revision as of 09:40, 9 June 2021
| Date | October 2014 shortly before the Ukrainian parliamentary elections were held. |
|---|---|
| Suspected Actor | A pro-Russian hacktivist group called 'CyberBerkut' with suspected ties to the GRU hacker group known as APT28 (or Fancy Bear) was allegedly responsible for the attacks.[1] |
| Target and Method | Four days before the national vote, the Ukrainian central election system was compromised and critical files were deleted, rendering the vote-tallying system inoperable; three days before the national vote, CyberBerkut released exfiltrated data onto the internet as proof of the success of the operation.[2]
|
| Purpose | The Central Election Commission described the attack as "just one component in an information war being conducted against our state". [3] The attack can be seen as part of the ongoing conflict between Russia and Ukraine, which had started with the annexation of the Crimean Peninsula by Russia in February-March 2014.[4] |
| Result | The vote-tallying system was restored, using backups, three days before the national vote.[2]
|
| Aftermath | Russian media announced that Dmytro Yarosh had won the election with 37 percent of the vote and that Petro Poroshenko had obtained 29 percent of the vote, despite such erroneous results never having been publicly released by Ukrainian officials.[2]
In 2018, Ukrainian officials noted that they were planning to upgrade their information technology infrastructure prior to the 2019 presidential election in order to address a range of cyber security threats that they had expected to face.[5] |
| Analysed in | Scenario 01: Election interference |
- ↑ A Greenberg, 'Everything We Know About Russia's Election-Hacking Playbook' Wired (6 September 2017).
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 2.6 M Clayton, 'Ukraine election narrowly avoided "wanton destruction" from hackers' CS Monitor (17 June 2014).
- ↑ 3.0 3.1 'Hackers target Ukraine's election website' AFP (25 October 2014).
- ↑ See, eg, 'International armed conflict in Ukraine' Rule of Law in Armed Conflicts (12 September 2017).
- ↑ OSCE, 'Ukraine: Presidential Election 31 March 2019 - ODIHR Needs Assessment Mission Report' (21 December 2018) 7.