Figure 1: Russian Channel One television coverage of fake election results
Saturday, May 31, 2014
Wapack Labs, under a project named "8-ball" maintains watch over cyber activities between Russia and the Ukraine in an effort to warn Red Sky Alliance and the FS-ISAC members of impending threats to their businesses and interests in the area. We've authored reports of Telephony Denial of Service (TDoS) attacks and details involving the CyberBerkut group and their tools.
Additional reporting suggests multiple coordinated tactics used to sway the election. Telephone Denial of Service (TDoS) attacks were used in an attempt to block phones of the electoral commissions Another report suggested redirection of traffic from the electoral commission to a different IP address. A DDoS was run from Ukrainian servers operated by a Russian citizen. And Russian botnets were believed use to deny access to results other than those being shown on Russian Channel One.
Did Russia attempt to sway the Ukrainian presidential election? You make the call. Certainly the increase in cyber activity suggests an attempt to influence. Regardless, at the strategic level Wapack Labs "Project 8-ball" is offering continued Russia/Ukraine situational awareness to Red Sky Alliance members and others. At a tactical level, we've published detailed workings of tools used and indicators/rules that may be placed in intrusion detection systems and other layers of their defense in depth to help protect our members and customers who are operating in the area.
Rick will be posting next week. I'm taking a week off, flyfishing with an old friend in what we're calling "Advanced Persistent Trout". I'm placing my email on 'Out of Office' today. If you need to contact us, please contact Jim McKee or Rick Gamache for membership questions.
Have a great week!