SlideShare uma empresa Scribd logo

Viktor Zhora - Cyber and Geopolitics: Ukrainian factor

OWASP Kyiv
OWASP Kyiv

Hidden details of some high profile hacks of the last 3 years from the guy, who happens to deal with geopolitical cyber-attacks for a living. Follow Viktor on Twitter: https://twitter.com/VZhora

Tecnologia
1 de 31
Baixar para ler offline
Cyber and Geopolitics: Ukrainian factor Victor Zhora UISG, Member of Board
Agenda • Election’s Hack – Cyberberkut – First messages – Versions • DNC Hack – Circumstances – Results • Press and follow-up
Election hack, 22-25/05/2014 Phases • “Elections” System destruction/disruption • Displaying of fake election results • DDoS attack on CEC website
Cyberberkut, 23/05/2014
Nalyvaichenko, 23/05/2014 • "Yesterday, an infected program was destroyed. On May 25, the virus had to destroy the election results. The virus has been eliminated, the software has been replaced.”
CERT-UA
Versions • Malware (Uroboros, Sofacy ???) • Insider • Cisco 0-day • Web shell • SOESoftware
Version #1: Sofacy
Version #1: Sofacy • Nikolay Koval: “The technical aspects of this hack also tell us something very important: the hackers were professionals. Beyond disabling the site and successfully displaying incorrect election results, CERT-UA discovered advanced cyber espionage malware on the CEC network (Sofacy/APT28/Sednit).” • My question: which one? Sofacy, X-agent…?
Version #2: Cisco 0-day • Cyberberkut: “We hacked CEC network via 0-day vulnerability in Cisco ASA”
Version #3: Web shell, SOESoftware • Web shell had been probably used for placing of a Yarosh picture and changing of a content according to circumstances • Web server logs show only several connections, shell wasn’t widely used • Persistent access had been arranged long before elections
Yarosh picture
Yarosh picture • Nikolay Koval: “On 25 May – election day – 12 minutes before the polls closed (19:48 EET), the attackers posted on the CEC website a picture of Ukrainian Right Sector leader Dmitry Yarosh, incorrectly claiming that he had won the election. This image was immediately shown on Russian TV channels.”
WSJ, 09/11/2015 • Margaret Coker, Paul Sonne
US Media
2016 Democratic National Committee email leak, 22/07/2016 • 19,252 emails and 8,034 attachments leaked to and subsequently published by WikiLeaks • Idea of leaked emails: sabotage Bernie Sanders’ election campaign • 08/11/2016 – Election Day • 09/12/2016 - the CIA told that the US Intelligence Community concluded Russia conducted operations during the 2016 U.S. election to prevent Hillary Clinton from winning the presidency
DNC Hack • “Guccifier 2.0” (Romanian???) claimed to be the source of the leaks • CrowdStrike, Fidelis Cybersecurity, Mandiant, SecureWorks, and ThreatConnect, and the editor for Ars Technica, stated the leak was part of a series of cyberattacks on the DNC committed by two Russian intelligence groups
DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts”
DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities”
DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “The USIC and the Department of Homeland Security (DHS) assess that it would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion. This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place. States ensure that voting machines are not connected to the Internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process”
DNC Hack • 14/10/2016, Joe Biden, NBC News – “…the U.S. would respond to these attacks at the time of our choosing, and under the circumstances that have the greatest impact.”
Time, 07/11/2016 • Simon Shuster
Time, 07/11/2016 • Idea #1: UCA appears as an independent player • Idea #2: binding UCA activity to foreign intelligence, presumably US one
New York Times, 16/08/2017 • Andrew A. Kramer, Andrew Higgins
New York Times, 16/08/2017 • Idea #1: “Profexer”, the Ukrainian hacker, developed malware (P.A.S. web shell) used in the DNC Hack • Idea #2: binding Ukrainian hackers to Fancy Bear/ Cosy Bear • “The mirror of the hard drive (from CVK – VZ) went to the F.B.I., which had this forensic sample when the cybersecurity company CrowdStrike identified the same malware two years later, on the D.N.C. servers”
The Washington Times, 21/08/2017 • Dan Boylan, DNC hack theories considered extreme and fringe now entering mainstream – Idea: not a hack, but a leak by the insider – Ray McGovern, CIA veteran “There is clear evidence that some of the DNC emails given to WikiLeaks contained superimposed Russian language formatting. Essentially, they were synthetically tainted with Russian fingerprints”
Crowdstrike, 22/12/2016 • “In late June and August 2016, CrowdStrike Intelligence provided initial reporting and technical analysis of a variant of the FANCY BEAR implant X- Agent that targeted the Android mobile platform2. CrowdStrike identified this X- Agent variant within a legitimate Android application named Попр-Д30.apk”
Goal #1: We’re under attack!!!
Goal #2: You’re in danger too!
Goal #3: Invest in Ukraine!
To be continued… • Wired, Andy Greenberg, 06/09/2017

Recomendados

War between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber spaceWar between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber space
uisgslide
 
GovSec Joyal New Threat Matrix
GovSec Joyal New Threat MatrixGovSec Joyal New Threat Matrix
GovSec Joyal New Threat Matrix
Paul Joyal
 
Cyber attacks in Ukraine
Cyber attacks in UkraineCyber attacks in Ukraine
Cyber attacks in Ukraine
Nick Bilogorskiy
 
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
- Mark - Fullbright
 
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
Matthew Kurnava
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Maria Parra
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
Pierluigi Paganini
 
Digital divide final ppt
Digital divide final pptDigital divide final ppt
Digital divide final ppt
Rowshan begum
 

Recomendados

War between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber spaceWar between Russia and Ukraine in cyber space
War between Russia and Ukraine in cyber space
uisgslide
 
GovSec Joyal New Threat Matrix
GovSec Joyal New Threat MatrixGovSec Joyal New Threat Matrix
GovSec Joyal New Threat Matrix
Paul Joyal
 
Cyber attacks in Ukraine
Cyber attacks in UkraineCyber attacks in Ukraine
Cyber attacks in Ukraine
Nick Bilogorskiy
 
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...
- Mark - Fullbright
 
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...On How the Darknet and its Access to SCADA is a Threat to National Critical I...
On How the Darknet and its Access to SCADA is a Threat to National Critical I...
Matthew Kurnava
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Maria Parra
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
Pierluigi Paganini
 
Digital divide final ppt
Digital divide final pptDigital divide final ppt
Digital divide final ppt
Rowshan begum
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
Scott Dickson
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh20
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Sai praveen Seva
 
2016 us election cyber attack
2016 us election cyber attack2016 us election cyber attack
2016 us election cyber attack
Sean Rezvani
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
Maira Asif
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
Space Defense Newsletter
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
Adv Prashant Mali
 
Lim JUS 394 Cyberterrorism
Lim JUS 394 CyberterrorismLim JUS 394 Cyberterrorism
Lim JUS 394 Cyberterrorism
merlyna
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
shaympariyar
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
Commonwealth Telecommunications Organisation
 
RSTREET17
RSTREET17RSTREET17
RSTREET17
Steven Titch
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
Sameer Paradia
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
Shubhrat Mishra
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Hiren Selani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Abhay Vijay
 
https://uii.io/Oneconflict
https://uii.io/Oneconflicthttps://uii.io/Oneconflict
https://uii.io/Oneconflict
Lucas395677
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
ThreatConnect
 

Mais conteúdo relacionado

Mais procurados

A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
Scott Dickson
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh20
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Sai praveen Seva
 
Lim JUS 394 Cyberterrorism
Lim JUS 394 CyberterrorismLim JUS 394 Cyberterrorism
Lim JUS 394 Cyberterrorism
merlyna
 

Mais procurados (20)

Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
2016 us election cyber attack
2016 us election cyber attack2016 us election cyber attack
2016 us election cyber attack
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
Lim JUS 394 Cyberterrorism
Lim JUS 394 CyberterrorismLim JUS 394 Cyberterrorism
Lim JUS 394 Cyberterrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
RSTREET17
RSTREET17RSTREET17
RSTREET17
 
Cyber war
Cyber warCyber war
Cyber war
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 

Semelhante a Viktor Zhora - Cyber and Geopolitics: Ukrainian factor

Select a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdfSelect a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdf
nishadvtky
 
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
Pw Carey
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
sunnysmith
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
ArjunKumar684595
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 

Semelhante a Viktor Zhora - Cyber and Geopolitics: Ukrainian factor (20)

https://uii.io/Oneconflict
https://uii.io/Oneconflicthttps://uii.io/Oneconflict
https://uii.io/Oneconflict
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
 
Cyber securityincidents 2016
Cyber securityincidents 2016Cyber securityincidents 2016
Cyber securityincidents 2016
 
Select a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdfSelect a recent Internet scandaleventnews media happening. Describ.pdf
Select a recent Internet scandaleventnews media happening. Describ.pdf
 
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
 
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...
Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...
Full Sail University, Graphic Design BS — 01 Digital Literacy — 2.5: Research...
 
Several major cyber attack weapons exposed in the United States.doc
Several major cyber attack weapons exposed in the United States.docSeveral major cyber attack weapons exposed in the United States.doc
Several major cyber attack weapons exposed in the United States.doc
 
G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...
G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...
G32 Wiki Leaks Social Media & Whistleblowers The Future Of It Auditing A ...
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
 
Privacy in the Information Age
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information Age
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
 
Several major cyber attack weapons exposed in the United States.docx
Several major cyber attack weapons exposed in the United States.docxSeveral major cyber attack weapons exposed in the United States.docx
Several major cyber attack weapons exposed in the United States.docx
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
 
Cyber Threats to Human Rights
Cyber Threats to Human RightsCyber Threats to Human Rights
Cyber Threats to Human Rights
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifel
 

Mais de OWASP Kyiv

Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
OWASP Kyiv
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
OWASP Kyiv
 

Mais de OWASP Kyiv (20)

Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
 
Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
 
Threat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat DragonThreat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat Dragon
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
 
Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
 
Ivan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git PushIvan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git Push
 
Dima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL PinningDima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL Pinning
 
Yevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth PhishingYevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth Phishing
 
Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?
 
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 PlansVlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
 
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand ExperienceRoman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
 
Ihor Bliumental - WebSockets
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSockets
 
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
 
Andriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsAndriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tips
 
Vlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All LoveVlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All Love
 
Volodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya InvestigationVolodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya Investigation
 
Ihor Bliumental - Collision CORS
Ihor Bliumental - Collision CORSIhor Bliumental - Collision CORS
Ihor Bliumental - Collision CORS
 
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web DevelopersLidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Viktor Zhora - Cyber and Geopolitics: Ukrainian factor

  • 1. Cyber and Geopolitics: Ukrainian factor Victor Zhora UISG, Member of Board
  • 2. Agenda • Election’s Hack – Cyberberkut – First messages – Versions • DNC Hack – Circumstances – Results • Press and follow-up
  • 3. Election hack, 22-25/05/2014 Phases • “Elections” System destruction/disruption • Displaying of fake election results • DDoS attack on CEC website
  • 5. Nalyvaichenko, 23/05/2014 • "Yesterday, an infected program was destroyed. On May 25, the virus had to destroy the election results. The virus has been eliminated, the software has been replaced.”
  • 7. Versions • Malware (Uroboros, Sofacy ???) • Insider • Cisco 0-day • Web shell • SOESoftware
  • 9. Version #1: Sofacy • Nikolay Koval: “The technical aspects of this hack also tell us something very important: the hackers were professionals. Beyond disabling the site and successfully displaying incorrect election results, CERT-UA discovered advanced cyber espionage malware on the CEC network (Sofacy/APT28/Sednit).” • My question: which one? Sofacy, X-agent…?
  • 10. Version #2: Cisco 0-day • Cyberberkut: “We hacked CEC network via 0-day vulnerability in Cisco ASA”
  • 11. Version #3: Web shell, SOESoftware • Web shell had been probably used for placing of a Yarosh picture and changing of a content according to circumstances • Web server logs show only several connections, shell wasn’t widely used • Persistent access had been arranged long before elections
  • 13. Yarosh picture • Nikolay Koval: “On 25 May – election day – 12 minutes before the polls closed (19:48 EET), the attackers posted on the CEC website a picture of Ukrainian Right Sector leader Dmitry Yarosh, incorrectly claiming that he had won the election. This image was immediately shown on Russian TV channels.”
  • 14. WSJ, 09/11/2015 • Margaret Coker, Paul Sonne
  • 16. 2016 Democratic National Committee email leak, 22/07/2016 • 19,252 emails and 8,034 attachments leaked to and subsequently published by WikiLeaks • Idea of leaked emails: sabotage Bernie Sanders’ election campaign • 08/11/2016 – Election Day • 09/12/2016 - the CIA told that the US Intelligence Community concluded Russia conducted operations during the 2016 U.S. election to prevent Hillary Clinton from winning the presidency
  • 17. DNC Hack • “Guccifier 2.0” (Romanian???) claimed to be the source of the leaks • CrowdStrike, Fidelis Cybersecurity, Mandiant, SecureWorks, and ThreatConnect, and the editor for Ars Technica, stated the leak was part of a series of cyberattacks on the DNC committed by two Russian intelligence groups
  • 18. DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts”
  • 19. DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities”
  • 20. DNC Hack • 06/10/2016, Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security – “The USIC and the Department of Homeland Security (DHS) assess that it would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion. This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place. States ensure that voting machines are not connected to the Internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process”
  • 21. DNC Hack • 14/10/2016, Joe Biden, NBC News – “…the U.S. would respond to these attacks at the time of our choosing, and under the circumstances that have the greatest impact.”
  • 23. Time, 07/11/2016 • Idea #1: UCA appears as an independent player • Idea #2: binding UCA activity to foreign intelligence, presumably US one
  • 24. New York Times, 16/08/2017 • Andrew A. Kramer, Andrew Higgins
  • 25. New York Times, 16/08/2017 • Idea #1: “Profexer”, the Ukrainian hacker, developed malware (P.A.S. web shell) used in the DNC Hack • Idea #2: binding Ukrainian hackers to Fancy Bear/ Cosy Bear • “The mirror of the hard drive (from CVK – VZ) went to the F.B.I., which had this forensic sample when the cybersecurity company CrowdStrike identified the same malware two years later, on the D.N.C. servers”
  • 26. The Washington Times, 21/08/2017 • Dan Boylan, DNC hack theories considered extreme and fringe now entering mainstream – Idea: not a hack, but a leak by the insider – Ray McGovern, CIA veteran “There is clear evidence that some of the DNC emails given to WikiLeaks contained superimposed Russian language formatting. Essentially, they were synthetically tainted with Russian fingerprints”
  • 27. Crowdstrike, 22/12/2016 • “In late June and August 2016, CrowdStrike Intelligence provided initial reporting and technical analysis of a variant of the FANCY BEAR implant X- Agent that targeted the Android mobile platform2. CrowdStrike identified this X- Agent variant within a legitimate Android application named Попр-Д30.apk”
  • 28. Goal #1: We’re under attack!!!
  • 29. Goal #2: You’re in danger too!
  • 30. Goal #3: Invest in Ukraine!
  • 31. To be continued… • Wired, Andy Greenberg, 06/09/2017