Ukraine finally battens down its leaky cyber hatches after attacks

KIEV – When the chief of Microsoft Ukraine switched jobs to work for President Petro Poroshenko, he found that everyone in the office used the same login password. It wasn’t the only symptom of lax IT security in a country suffering crippling cyber attacks.

Sometimes pressing the spacebar was enough to open a PC, according to Dmytro Shymkiv, who became Deputy Head of the Presidential Administration with a reform brief in 2014.

Today discipline is far tighter in the president’s office. But Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

As in many aspects of Ukrainian life, corruption is a problem. Most computers run on pirated software, and even when licensed programs are used, they can be years out of date and lack security patches to help keep the hackers at bay.

Three years into the job, Shymkiv is leading the fight back. He has put together a team, led by a former Microsoft colleague, doing drills, sending out email bulletins to educate staff on new viruses and doing practice hacks offsite.

In the early days, staff complacency and resistance to change were as much a problem as insecure equipment.

“I remember the first weeks when we force people to do a password change,” Shymkiv told Reuters. “My team heard all kind of screams and disrespectful messages … Over three years, it’s a different organization.”

The team’s small office has a screen with dials, charts and a green spider web showing activity on the network. If there is an attack, a voice shouts “major alarm!” in English, a recording the team downloaded from YouTube.

Eliminating bad practices and introducing good ones is the reason, Shymkiv believes, why the presidential administration was immune to a June 27 virus that spread from Ukraine to cause disruption in companies as far away as India and Australia.

But the country still has a long way to go. Since 2014 repeated cyber attacks have knocked out power supplies, frozen supermarket tills, affected radiation monitoring at the stricken Chernobyl nuclear power plant, and forced the authorities to prop up the hryvnia currency after banks’ IT systems crashed.

Even Poroshenko’s election that year was compromised by a hack on the Central Election Commission’s network, trying to proclaim victory for a far-right candidate — a foretaste of alleged meddling in the 2016 U.S. presidential election.

Ukraine believes the attacks are part of Russia’s “hybrid war” waged since protests in 2014 moved Ukraine away from Moscow’s orbit and closer to the West. Moscow has denied running hacks on Ukraine.

Shymkiv said the task is to “invest in my team, and upgrade them, and teach them, and connect them with other organizations who are doing the right things”.

“If you do nothing like this, you probably will be wiped out,” he added.

The head of Shymkiv’s IT team, Roman Borodin, said the administration is hit by denial-of-service (DDoS) attacks around once every two weeks, and by viruses specifically designed to target it. The hackers seem mainly interested in stealing information from the defence and foreign relations departments, Borodin told Reuters in his first ever media interview.