Independent. Dynamic. Involved.

The Crimean Cyber-Troubles Ramp-Up

By Peter Rietveld and Diederik Perk.

Levels of intensity are on the rise in the Crimea crisis with cyber-warfare being one of its main drivers. Dozens of networks in the Ukraine are infected, government systems among them, with malicious software that secretly performs surveillance, sustains privileged access to networks and databases and may even opt to shut systems down altogether.[1] Alongside this advanced piece of malware, DoS and DDoS attacks continue to overwhelm servers hosting public and governmental platforms. Confirmed reports claim Ukrainian Members of Parliament have had their mobile phones disabled due to IP-based attacks.[2] Most disturbingly, attacks that have not been registered yet, are posing the biggest threats.

Forensic analysis of the malware now known as Snake provides indications that the source destination is near Moscow, owing to instances of Russian language and a time stamp deduced from its programming.[3] This many-headed monster previously surfaced in successful attacks on military systems in the U.S. Its signature has since been listed in antivirus software. Despite even receiving a status of notoriety, having been discussed in Foreign Affairs magazine by its referral name Agent.BTZ, the makers have been able to elude protective measures by bringing in new components. As we ventured in a previous post, in the Russian Federation professional cyber criminals apparently act as mercenary forces supporting the Kremlin by directing their malware tools on Ukrainian systems.


The cyber-aggression is not entirely one-sided, given that Anonymous is #OpRussia continues to leak state documents.[4] The Americans will actively monitor the impact of the snake. In private circles they may even welcome a further escalation, all the while watching and learning what the intentions and capabilities of Putin’s henchmen are. Quite plausibly, the NSA will be directed to employ its trick book, and this time vis-à-vis a sizeable and worthy opponent.[5]

In their tracks NATO is posturing. A partnership with Ukraine that includes exchanges of cyber security practices, should make NATO a player that is privy to inside information. Dutch Defense minister Hennis – Plasschaert recently stated NATO was close to including cyber-attacks within the territory of member-states as an article 5 casus belli.[6] Facts on the ground show Lithuania is being hit hard by attacks attributed to Snake, meaning that a cyber-intervention shouldn’t be too far away. Despite that in reality, obviously it’s not going to happen. Even it were somehow possible to jump in the middle of that arena, nothing could be done short of physical destruction of Russian hardware.

‘Everyone more exposed’

In such a stalemate, the risk turns again towards Western-Europe. Measures, if only symbolic, will need to be taken and NATO may get its way with an emboldened mandate to patrol the cyber domain.[7] Now the U.S. military and financial dominance within the organization will provide a blueprint as to what can be expected. In short, NSA’s monitors return, and this time they’ll bring an invite.

Beyond what effect such a fatal blow may have in terms of privacy and civil liberties, it will obfuscate the information security market to its detriment. When a small sample of vendors are privy to critical information about security issues, which under the guise of Official Secret Acts cannot be shared, it will hinder the security community in becoming knowledgeable. Sharing attack vectors, best-practices and lessons learned are the fuel to our security engine, and hence, our security.

But all may not be lost. Not yet, anyway. There is more to it than hoarding information. An information overload generally results in a lack of actionable intelligence. In crisis situations one should not be mesmerized by the snake’s eyes while it’s constricting your room for maneuvering to crush you. Therefore, make sure to monitor your systems, upkeep patching and keep your ear to the ground, but don’t miss the chance to be proactive in activating your organizational landscape. Preparation is key. Contact your security vendors on how they plan to deal with the Crimea issues, keep in touch with your supply chain and partner organizations on whether anything out of the ordinary occurs, and even lobby your political representative to fill this gap in national security.

All these actions may help close the information gap: not sharing the information is not a matter of policy and bad intentions, more a habit.

Your organization will definitely be at a disadvantage when it is multinational, since cyber defense is molded in the frame of nation states. In this case you may be at the mercy of NATO’s blue helmets. And don’t forget about the NSA, you won’t find a more attentive listener.

Confidental Infomation