Ukraine aspires to be part of the West, but remains firmly in the Russian Internet world, leaving the country exposed to Russia’s cyberattacks and espionage.
According to a report by PrivatBank, Ukraine’s largest commercial bank, a total of 64 percent of all email accounts in Ukraine are registered with Russian services like Mail.ru and Yandex.
Only in Lviv and Kyiv is the market share of Russian providers less than 50 percent. In many eastern regions, more than three quarters of all email accounts are on Russian websites. Furthermore, vKontakte remains as Ukraine’s most popular social media platform and as the most second visited website after Google, according to statistics from Alexa.
The Russian companies with their servers mostly in Russia are subject to what is called as the System for Operative Investigative Activities,’ or SORM.
SORM requires Russian Internet service providers, which connect Internet users to the servers of the websites they are visiting, to give Russian intelligence services direct access to monitor their data traffic.
Pierluigi Paganini, the founder of Security Affairs, told the Kyiv Post that, “In this way (the Federal Security Service) FSB is able to track every users’ transactions, email communications, and online browsing.”
Furthermore, on Sept. 1, a law came into force in Russia that requires companies to store the information of their Russian customers on servers based in the country. How the vaguely worded law will be implemented is still unclear, but if properly implemented, it prevents Russian companies from dodging surveillance by relocating their servers abroad and thus consolidates Russia’s cyber-espionage capabilities.
When for example, a person accesses their VKontakte account, the data goes through Internet service providers to the Russian servers and then back. Some of the data is encrypted, making it harder to analyze, but Glib Paharenko, the director of the Open Web Application Security Project Ukraine branch, told the Kyiv Post that there are numerous ways Russian intelligence services could access it, either by requesting for the information or by intercepting the data traffic as it goes through numerous transit points.
Russia is, of course, not the only country actively monitoring the internet and its capabilities go far beyond officially implemented measures, including hacking and malware campaigns. According to Paharenko, “War with Russia shows that their military use cyber component a lot. They analyse all communications by mobile phones, even sending missiles to locations of VIP subscribers or WIFI points, which are triangulated using different methods. Social media content is used to prosecute Ukrainians if they’re caught on Russian or occupied territories. Russia can know almost each step of Ukrainian decision-makers.”
Worryingly, in Pahaerenko’s opinion, the Ukrainian government has been poorly prepared for the cyber threat. The responsible agency, Special Service of Information Security is in need of reform as it lacks competent professionals who would be fluent in English and acquainted with the most modern practices. Shockingly, some of the security standards of the agency are badly outdated and date back to the Soviet Union.
Paharenko also recommends IT audits for different government agencies to test if their protections are sufficient, establishment of nation wide crisis management plan, the protection of critical infrastructure and cleaning the Ukrainian segment of the internet from malware. Paganini further adds that, “Obviously, politicians, military personnel, and employees of private companies belonging to strategic industries (i.e. Energy, research) need to avoid Russian email services.”
The cyber segment is a crucial element in Russia’s hybrid war against Ukraine and as long Ukraine remains in Russia’s Internet sphere, it is vulnerable to attacks and espionage, which can paralyze critical infrastructure and worse.