Yagun alluded to a
number of cyber attacks against the Central
Election Commission, particularly targeting the election analytics system
that aggregates voter data. Yagun said that at least one detainee was
cooperating with the authorities.
It is still
not confirmed that the suspects in custody were behind the May 22 hacking
of the CEC server – just three
days before early presidential
and local elections – which the
SBU earlier reported had the elements of an inside
job.
“The attack came from the Internet, but somebody partially switched off
the defense system from the inside,” one government security
source told the Kyiv Post on the condition of anonymity because of sensitivity
of the issue.
Earlier, Volodymyr Zverev, head of the State Service for Special Communication
and Information Security, said that a virus had destroyed all of the internal data of the CEC on May 22 – and that this virus was
let into the system by a person who knew the system passwords.
Data compromised included the
personal emails of CEC members and technical documents related to the operation
of the CEC’s election analytics system. According to Zverev, all data was restored from backup by 4 p.m.
of May 22.
The virus was unleashed into the system from
the computer of a CEC system administrator and the passwords “were entered correctly
from the first attempt,” reported
Zverev. He blamed Kaspersky antivirus software for failling to
recognize the virus. Kaspersky Lab, a Russian software company, said in a commentary
for Itexpert.org.ua
that they are ready to help in investigating the attack.
The CEC’s election
analytics system is working normally after the attack, CEC head Mykhailo
Okhendovsky told journalists on May 25: “The system has been working, it’s
working now, and it will work. If today there are failures, we do not intend to
hide it, we intend to speak openly about it,” reported Interfax-Ukraine.
Okhemdovsky
told reporters it is possible to monitor the status of the election analytics
system by visiting the CEC website, which uses the system’s data for updates. However, throughout the day of May
25, visiting the elections section of CEC website resulted in a “404 Not Found” error. By 7 p.m.
the website, including the “elections” section, was once again accessible.
A hacker
group calling themselves the CyberBerkut, in homage to the special police unit
loyal to ousted former President Yanukovych, took credit for the attack. The
group claimed to have infiltrated the CEC’s digital infrastructure and to have disabled
the election analytics system. The group has uploaded personal emails of
election commission staff and the technical specifications of the CEC’s
analytical system that aggregates voting data to a public file sharing server.
“We, the CyberBerkut, claim
that we have access to the CEC communications system at all times,” read
the group’s statement on its website www.cyber-berkut.org on May 25. As of election day, however, the group’s
website claimed only to have released emails of regional officials and to have blocked
the cell phones of some election commission staff.
Maxim Savanevskiy, founder of the independent cyber analysis
portal Watcher.com.ua, said that no major damage was
inflicted on the CEC servers. “I don’t see a pervasive roblem, no one has reported that the
system’s work has been compromised, this was basically an
access issue,” Savanevskiy said. He added that access passwords to many servers in the
system must be changed,
but concluded it was a problem that could be fixed
overnight.
Beyond the hacking
group’s Berkut moniker, there is reason to think that the attack could trace
back to the fugitive Yanukovych administration. Victoria
Siumar, deputy National Security and Defense Council secretary, says that the
previous government was
prepared to tamper with the 2015 election results and that the CEC
computer system could have been programmed with built-in vulnerabilities to facilitate
hacking.
“They created an alternative server at
the National Security Council, in the War Room,” she said. The server was
supposed to process all data coming into the CEC in real time, delivering skewed
results to the CEC servers. It
is not the first time President Yanukovych faces such allegations. When
Yanukovych and his allies rigged the 2004 presidential
election in his favor, their
tactics included a similar system that exploited vulnerabilities in a data transit server. The
popular 2004 Orange Revolution that followed reversed the
result and brought Viktor Yushchenko to presidency following a new vote.
You can also highlight the text and press Ctrl + Enter