Cyber Warfare Techniques That Were Used In The Ukraine/Russian Conflict

1. Ukraine / Russian Conflict Cyber Warfare

2. (Introduction):

This report is aimed at giving the reader a better understanding of the cyber warfare techniques that were used in the Ukraine / Russian conflict. It will introduce them to successful cyber-attacks that were used and improve their knowledge of what is possible in the world of cyber warfare.

3. (Objective):

The objective of this report is to present the Ukraine/ Russian conflict regarding cyberwarfare with evidence and facts from both sides and independent reports and news stories. While mainly focusing on the large malware and ransomware attacks known as Petya / NotPeyta, It will hopefully shed some light on the secretive side of government actors using cyber warfare as a tool.

4. (Relevance to paper’s topic, Assumptions, Body of the paper, discussions of key issues, relevant facts evidence.):

The cyber-attack we will be looking at in this report will be the Petya and Not Petya attacks which occurred around 2016 / 2017. While assumptions of who created and released the malware have been made (Fancy Bear and Sandworm) being the biggest suspects with ties working closely with GRU, Russian military intelligence organizations have not claimed reasonability and may never will. What we do know is a similar malware was created by U.S. National security Agency, it was used in a global attack but primarily targeting Ukraine. How Petya works and spreads as follows the email purporting to be a job applicant’s resume arrives in your inbox. There are two files an image of a young man (the job applicant photo) and an executable file with “PDF” in the file name. Once you click on that file Petya makes changes to your Windows User Access Control. Next you will see the Windows CHKDSK screen you expect to see after a system crash, at this point Petya is working on making your files unreachable. It then installs its own boot loader, overwriting the affected system’s master boot record. The master file table is encrypted which is part of the file system which serves as a road map to finding files in the hard drive, so they appear to be lost. The ransomware now demands a Bitcoin payment of $300 US in order to decrypt the hard drive. After Petya become rampant in June of 2016, a new variant emerged called NotPetya. Though NotPetya virus superficially resembles Petya in serval ways: It encrypts the master file table and flashes up a screen requesting a Bitcoin payment as Petya did. They differ in several ways NotPetya spreads on its own, while the original Petya required the victim to download it from a spam email, launch it and give it admin permission. NotPetya exploits several different methods to spread without human intervention. The original infection vector appears to be via a backdoor planted in M.E.doc, an accounting software package that’s used by almost every company in Ukraine. It also used an exploit Eternal Blue develop by the United States NSA to take advantage a flaw in the Windows implementation of the SMB protocol. The most shocking part about NotPetya that it isn’t ransomware, it has the same screen informing the victim to decrypt their files if they send Bitcoin to a specified wallet. The screen includes an identifying code that allows the attackers to know who has paid up, but on computers affected with NotPetya this number is randomly generated, and the process of encrypting the data damages it beyond repair. The fact that it saw an abrupt and radical improvement over Petya ancestor implies a creator with a lot of resources – such as a state intelligence. Here is some evidence by Symantec Corporation published on June 27 showing who was affected by Petya, it shows Ukraine was the main target.

More Evidence to link this massive cyber-attack to cyber-warfare is as follows it was reported on the June 27 of the cyber-attack, a top Ukrainian military intelligence officer was killed in a car blast in Kiev. Also following this incident on the same day, a colonial of Ukraine’s Security services was killed in another car bomb attack. A quote from the secretary of National Security and defense council of Ukraine Oleksandr Turchynov said. “It’s no accident that the terrorist act (killing a military officer in Kiev) coincided with a massive cyber-attack, which also has a Russian trace”. Oleksandr Turchynov has been also quoted as saying “also involved was the hosting service of an internet provider, which the SBU (Ukraine’s state security service) has already questioned about cooperation with Russian intelligence agencies”. Leaving no doubt who he thinks is the main suspect in these widespread cyber-attacks. The push back on these allegations have been meet with denial with Russia pointing out that NotPetya variant infected many Russian computers as well.

5. (conclusion)

The conclusion of this report was to show the devastation that cyber warfare can have on a nation-state. Mikko Hypponen, chief research officer at Finnish InfoSEC firm F-secure, said “i believe that NotPetya was the single most expensive computer security incident in history”. The data seem to support this sentiment, With Ukraine’s cyber Police reported on the 27 to 28 June 1508 persons and companies informed the police of having their computer equipment blocked by an encrypting virus. While the Primary targets were Ukrainian financial, energy and governments sectors, its indiscriminate design caused it to spread further. In conclusion, it is estimated to have caused over 1.2 Billion dollars in total damage worldwide. So, what’s the future of cyber-warfare look like it’s possible that cyber weapons such as Petya / NotPetya will become a more common feature of low intensity between nations because they can cause confusion and chaos. It is also unlikely that a war would ever be fought purely with digital weapons because they are too expensive and hard to control and of limited impact. This doesn’t mean cyberwarfare is irrelevant rather that cyberwarfare capability will be part of pretty much every military engagement from now on.

6. (Reference)

1. Aljazeera. 2019. Al Jazeera News. [ONLINE] Available at: https://www.aljazeera.com. [Accessed 1 February 2017]
2. Britannica. 2014. Malaysia Airlines flight 370 disappearance. [ONLINE] Available at: https://www.britannica.com. [Accessed 8 May 2014]
3. The strategy bridge. 2019. Hybrid Warfare and Why the West Must Win There. [ONLINE] Available at: https://thestrategybridge.org. [Accessed 29 April 2019]
4. Wikipedia. 2017. Petya (malware). [ONLINE] Available at: https://en.wikipedia.org/wiki/Petya_(malware). [Accessed 27 August 2018]

Quote from

• Unian. 2017. Kyiv to step up counter-terrorism security after cyber-attacks, car blast. [ONLINE] Available at: https://www.unian.info/society/2000341-kyiv-to-step-up-counter-terrorism-security-after-cyber-attacks-car-blasts.html. [Accessed 28 June 2017].

Link to research information.

• https://studentbhtafeedu-my.sharepoint.com/:f:/g/personal/bhi1200392_student_bhtafe_edu_au/Eh3GvI37DIdJoVfxD-ozHDIB_KwAnH4Lk5cJqhmttEJmpQ?e=8ouwZU