Ukraine finally battens down
its leaky cyber hatches after attacks
Send a link to a friend
[August 01, 2017]
By Matthias Williams
KIEV (Reuters) - When the chief of
Microsoft Ukraine switched jobs to work for President Petro Poroshenko,
he found that everyone in the office used the same login password. It
wasn't the only symptom of lax IT security in a country suffering
crippling cyber attacks.
Sometimes pressing the spacebar was enough to open a PC, according to
Dmytro Shymkiv, who became Deputy Head of the Presidential
Administration with a reform brief in 2014.
Today discipline is far tighter in the president's office. But Ukraine -
regarded by some, despite Kremlin denials, as a guinea pig for Russian
state-sponsored hacks - is fighting an uphill battle in turning pockets
of protection into a national strategy to keep state institutions and
systemic companies safe.
As in many aspects of Ukrainian life, corruption is a problem. Most
computers run on pirated software, and even when licensed programs are
used, they can be years out of date and lack security patches to help
keep the hackers at bay.
Three years into the job, Shymkiv is leading the fight back. He has put
together a team, led by a former Microsoft colleague, doing drills,
sending out email bulletins to educate staff on new viruses and doing
practice hacks offsite.
In the early days, staff complacency and resistance to change were as
much a problem as insecure equipment.
"I remember the first weeks when we forced people to do a password
change," Shymkiv told Reuters. "My team heard all kind of screams and
disrespectful messages ... Over three years, it's a different
The team's small office has a screen with dials, charts and a green
spider web showing activity on the network. If there is an attack, a
voice shouts "major alarm!" in English, a recording the team downloaded
Eliminating bad practices and introducing good ones is the reason,
Shymkiv believes, why the presidential administration was immune to a
June 27 virus that spread from Ukraine to cause disruption in companies
as far away as India and Australia.
But the country still has a long way to go. Since 2014 repeated cyber
attacks have knocked out power supplies, frozen supermarket tills,
affected radiation monitoring at the stricken Chernobyl nuclear power
plant, and forced the authorities to prop up the hryvnia currency after
banks' IT systems crashed.
Even Poroshenko's election that year was compromised by a hack on the
Central Election Commission's network, trying to proclaim victory for a
far-right candidate -- a foretaste of alleged meddling in the 2016 U.S.
Ukraine believes the attacks are part of Russia's "hybrid war" waged
since protests in 2014 moved Ukraine away from Moscow's orbit and closer
to the West. Moscow has denied running hacks on Ukraine.
Shymkiv said the task is to "invest in my team, and upgrade them, and
teach them, and connect them with other organizations who are doing the
"If you do nothing like this, you probably will be wiped out," he added.
The head of Shymkiv's IT team, Roman Borodin, said the administration is
hit by denial-of-service (DDoS) attacks around once every two weeks, and
by viruses specifically designed to target it. The hackers seem mainly
interested in stealing information from the defense and foreign
relations departments, Borodin told Reuters in his first ever media
HONOR AT STAKE
Bruised by past experiences, Ukraine is protecting itself better.
Finance Minister Oleksandr Danylyuk told Reuters his ministry overhauled
security after a hack in November crashed 90 percent of its network at
the height of budget preparations.
Officials couldn't log into the system that manages budget transactions
for 48 hours, something that played on Danylyuk's mind as he addressed
the Verkhovna Rada or parliament.
"Imagine that, knowing this, I went to the Verkhovna Rada to present the
budget - the main financial document on which 45 million people live -
and at the same time I was thinking about how to save not only the
document itself, but also the honor of the ministry," he said.
"I understood that if I showed even the slightest hint of our
nervousness, the organizers of the attack would achieve their goal."
Consultants uncovered familiar weaknesses: the budget system operated on
a platform dating from 2000, and the version of the database management
system should have been upgraded in 2006.
The ministry is introducing new systems to detect anomalies and to
improve data protection. "We're completely revising and restructuring
the ministry's IT landscape," Danylyuk said.
[to top of second column]
Ukrainian Cyber Police Chief Serhiy Demedyuk speaks during an
interview with Reuters in Kiev, Ukraine June 23, 2017. REUTERS/Valentyn
The ministry emerged unscathed from the June 27 attack. Others weren't so lucky:
Deputy Prime Minister Pavlo Rozenko tweeted a picture of a crashed computer in
the cabinet office that same day.
Ukraine is also benefiting from help from abroad.
A cyber police force was set up in 2015 with British funding and training in a
project coordinated by the Organization for Security and Co-operation in Europe
While Ukraine is not a NATO member, the Western alliance supplied equipment to
help piece together who was behind the June attack and is helping the army set
up a cyber defense unit.
Ukraine shares intelligence with neighboring Moldova, another ex-Soviet state
that has antagonized Moscow by moving closer to the West and complains of
persistent Russian cyber attacks on its institutions.
"At the beginning of this year we had attacks on state-owned enterprises. If it
were not for cooperation with the guys from Moldova, we would not have
identified these criminals," Serhiy Demedyuk, the head of the Ukrainian cyber
police, told Reuters.
Demedyuk said the attack had been staged by a Russian citizen using a server in
Moldova, but declined to give further details.
LAYING DOWN THE LAW
While there has been progress in some areas, Ukraine is still fighting
entrenched problems. No less than 82 percent of software is unlicensed, compared
with 17 percent in the United States, according to a 2016 survey by the Business
Software Alliance, a Washington-based industry group.
Experts say pirated software was not the only factor in the June attack, which
also hit up-to-date computers, but the use of unlicensed programs means security
patches which could limit the rapid spread of such infections cannot be applied.
Ukraine ranked 60 out of 63 economies in a 2017 survey on digital
competitiveness by the International Institute for Management Development. The
low ranking is tied to factors such as a weak regulatory framework.
Another problem is that Ukraine has no single agency in charge of ensuring that
state bodies and companies of national importance, such as banks, are protected.
This surfaced on June 27, when the NotPetya virus penetrated the company that
produces M.E.Doc, an accounting software used by around 80 percent of Ukrainian
"Locally, the weak spot is accounting, but more generally it is the lack of
cyber defenses at a government level. There aren't agencies analyzing risks at a
government level," said Aleksey Kleschevnikov, the owner of internet provider
Wnet, which hosted M.E.Doc's servers.
Valentyn Petrov, head of the information security department at the National
Security and Defence Council, said the state cannot interfere with companies'
"It's a total disaster from our perspective," he told Reuters. "All state
companies, including state banks, have suffered from attacks, and we really have
no influence on them - neither on issuing regulations or checking how they
fulfill these regulations."
Poroshenko signed a decree in February to improve protection of critical
institutions. This proposed legislation to spell out which body was in charge of
coordinating cyber security and a unified methodology for assessing threats.
The law failed to gather enough votes the day before parliament's summer recess
in July, and MPs voted against extending the session. Shymkiv called that a "big
He added that in many ministries and firms, "we've seen very little attention to
the IT infrastructures, and it's something that's been lagging behind for
Attitudes can be slow to change. Borodin said a policy at the administration to
lock computer screens after 15 minutes of inactivity was greeted with
indignation. One staffer pointed out that their room was protected by an armed
The staffer said "'I have a guy with a weapon in my room. Who can steal
information from this computer?'" Borodin recounted.
(Additional reporting by Pavel Polityuk, Jack Stubbs, Natalia Zinets and
Margaryta Chornokondratenko in Kiev, Eric Auchard in Frankfurt and David
Mardiste in Tallinn; editing by David Stamp)
[© 2017 Thomson Reuters. All rights
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.