Bombs and hackers attack Internet providers in Ukraine. ‘Hidden heroes’ are risking their lives to keep their country online


They fix the internet at It bombed buildings, found rogue operators providing the Russians with mobile communications and thwarted the intruders. Ukrainian carriers and their employees are hailed as heroes in the war with Russia.


On the tense streets of Kyiv, under the shelled streets of Kharkiv, in the rubble-strewn ruins of Moripol, in shelters and basements and in collapsed base stations, Ukrainian Internet technicians are busy. Their employers – whether they are giants serving half the country’s 40 million people like a telecom company Kyivstar or smaller players like Triolan, which serves nearly a million people — saw digital infrastructure targeted by both missiles and hackers, and flat-line equipment in the early days of the Russian invasion and threatening connectivity throughout the following days and weeks.

Pictures sent to Forbes By Kyivstar show what the conditions are. Despite the terrain and obliterated internet wires, black data centers, curfews, lack of light, and the threat of death from above, brokers are going out and restarting the internet so that Ukrainians can stay in touch with each other and get information beyond the borders, to shed light Over the dark world that befell their nation. Their government calls them the “hidden heroes” of war, as they enter dangerous places to replace and upgrade equipment.

As their technicians risk their lives to keep Ukraine online, once competing telecoms companies band together to help keep the lines open. Last week, Kyivstar, Vodafone Ukraine and Lifecell launched “national roaming”, which means subscribers can quickly switch to the network of other operators if their main provider goes down.

They also help law enforcement identify rogue operators who are helping Russians in the country stay in touch. On Tuesday, the country’s security services said a “pirate” had been arrested for providing “occupiers with mobile communications in Ukraine”. Authorities announced on Telegram that the hacker facilitated up to 1,000 calls in a single day, many of them from the Russian leadership in Moscow. According to a telecom company source, this latest case was a misrepresentation of what is known as “recast” fraud, in which a hacker can provide calls to Ukraine and hide the original number, charging the caller and bypassing any bans or additional charges from the telecom provider. The communications employee said this was a common scam technique adapted for wartime.

And while the bombs are effective enough in eliminating connectivity, it is clear that Ukraine’s enemies felt compelled to employ hackers to try to hit citizens offline as well. in the last days, Forbes You learned more about a sustainable online operation targeting telecom service providers in Ukraine. Last week, it emerged that the systems in Triolan had been reset to factory settings as the hackers struck for the second time, the first blow when Russia launched its attack on February 24. Triolan Day is updating users on Telegram as it progresses. On Tuesday, another 200 homes in Kyiv regained internet, in Kharkiv 474. “Renovation work is underway,” an employee of Triolan said, adding that “other providers also have problems, but we can’t assess the scale.”

Another small provider – Vinasterisk – was targeted and suffered a major outage earlier this month, according to NetBlocks, which has been tracking internet outages in Ukraine. (Forbes He was unable to reach any Vinasterisk employees for comment.) Although it has not yet been linked to the war in Ukraine, Viasat, which provides some satellite internet services in the country, was hit by a cyber attack in late February that disrupted some of its services. .

However, no other carrier has reported any serious deterioration in services from a cyber attack. Collectively, the companies, for the most part, repelled the attacks, just as they quickly recovered from the physical destruction.

“There are ongoing attacks at CSPs, some of which, in our estimation, likely come from sophisticated actors,” said Matt Olney, director of threat intelligence in Cisco’s Talos Division of Cybersecurity. Olney, whose team has been helping organizations in Ukraine with cyber defense for the past eight years since the annexation of Crimea, added that “while it is difficult to provide full attribution at the pace of operations, there are elements of some of these attacks that make more relevant to what Following: Stealth level, Demonstrate an understanding of internal systems and architecture.

“So far the Ukrainian defenses seem to be coping well with good coordination between targets and government support.”

Neither Ukrainian government agencies nor ISPs targeted have attributed the cyber attacks to a military or intelligence agency. Such is the accidental complexity—particularly during a time of chaotic conflict—that they were reluctant to point to Russia, though it would be the obvious suspect.

“There is no doubt that our opponent tried to investigate all Internet service providers,” said Victor Zora, deputy head of the State Service for Special Communications and Information Protection. Zahra added that they were unable to cause any serious breach.

And telecoms companies are similarly optimistic about fending off Russian hackers. “All modern warfare is mixed. Cyberattacks and deep counterfeiting are the types of weapons today,” said Yuri Prokopenko, Director of Cyber ​​Security at Kyivstar. His company has better resources than most companies to fend off attacks, with its latest results in 2020 showing $850 million in revenue for this General.” Our company is able to respond to any type of cyber threat. Moreover, since Russia began invading Ukraine and escalating the war, Kievstar has taken additional serious measures to ensure cyber security.

“Today our employees are successfully working remotely from different cities of Ukraine and other countries, using secure equipment and communication channels. The network is protected from any known and unknown cyber threats. Personal data of Kyivstar employees, as well as our subscribers and customers, are under reliable protection. “

Speaking later during a press conference, Zahra said, “This war is probably the first case in history when the importance of communications, and keeping them online, is so high. Perhaps this explains why Ukraine continues to successfully resist this aggression.”

Just as it remains vigilant and vigilant in the face of airstrikes and bombing, Ukraine will have to keep its guard up in the cyber world. There was a collective stupor at Russia’s veiled approach to the cyber side of its war. But attacks are escalating. According to data released by cybersecurity firm Check Point on Tuesday, average weekly attacks per organization in Ukraine, across all industries, has risen by 20% since the beginning of the conflict.

There may be excessive spillage from the war. Intrusion attempts at government institutions worldwide increased by 21%.