What caused the largest cyberattack on Ukrainian registries: three versions

Not only the Ministry of Justice is responsible, but also the State Special Communications Service

A cyberattack on state registers is "a serious breach, for which not only the Ministry of Justice is responsible, but also the State Special Communications Service, which is obliged to protect, and all other bodies: the Security Service, the National Police, but mainly the systems are certified by the State Special Communications Service, which for some reason purchases drones instead of protecting state registers, and the like," said Vadym Chernysh, head of the SENSS Security Research Center, on the air of Espresso.

Monopoly of service providers

GovTech expert and co-founder of Strimco, Roman Lansky, believes that one of the main reasons leading to such incidents is vendor lock-in — the monopoly of service providers.

“Many Ukrainian agencies work with their designated contractors, who abuse their unique position by deliberately monopolizing access to systems,” Lansky noted in a conversation with DOU.

According to him, some companies create services on rare technologies, such as Elixir, avoid transferring documentation or simply block access for other contractors.

"They deliberately make it difficult to transfer passwords and accesses, which actually paralyzes the operation of the systems. Such a monopoly limits opportunities for competition and can also create an environment for corrupt agreements between suppliers and customers," he says.

This leads to situations where authorities are dealing with outdated systems that are not updated or modernized.

"If there is no chance of competition, there is no incentive for radical changes in systems. Even the most modern technologies that were used to develop systems 15-20 years ago are no longer effective or safe enough in modern conditions. In addition, if there is dependence on a company, it is extremely difficult to force it to comply with certain security standards," Lansky emphasized.

According to Lansky's estimate, about half of government systems depend to one degree or another on monopoly providers or specific people who control the systems.

Another specialist familiar with the issue told DOU on condition of anonymity that in a similar situation, the registers of the Ministry of Justice, since the State Enterprise "NAIS" depend on one developer. Data on the Prozorro platform indicate that the key registers of the Ministry of Justice, the Unified State Register and the Central Administrative Court are handled by the company "MEDIRENT SOLUTIONS" LLC. This supplier has previously appeared in scandals regarding the Pension Fund and the Ministry of Social Policy.

"In the Pension Fund, this vendor received over 400 million hryvnias in just four years. This money was spent without tenders and went solely to support registers. The situation is complicated by the fact that many programs are funded by international donors, not the state. For example, according to the report of the Accounting Chamber, this same company is developing the EIISS systems of the Ministry of Social Policy," the interlocutor says.

There are similar examples in other ministries. In the National Health Service of Ukraine, almost all solutions are developed by one supplier. An anonymous expert noted that, accordingly, product safety control is complicated. It is impossible to change the supplier if the agency identifies safety problems that the developer refuses to fix.

Bribery or phishing

The reason for the large-scale cyberattack on state registers could have been both phishing and bribery of employees who had access to these registers. This is the opinion of Oleksandr Fedienko, head of the subcommittee on cyber security, government communications, and cryptographic information protection of the Verkhovna Rada Committee on National Security, Defense, and Intelligence.

"There may be components of recruiting an employee of this institution, there may be a multi-level mechanism of inserting some kind of flash drive so that it reaches the person's internal perimeter and is turned on. There may be phishing of the computers of all employees, who may be working with a closed loop, remotely, which is prohibited in principle. Therefore, this is definitely not Vasya, Petya and someone else. This is a clearly, coolly planned cyber attack, which could have been carried out taking into account a sufficiently systematic organization," Fedienko said in a comment to Radio Liberty.

The deputy says that, according to his information, the databases were saved, so the registers can be restored.

"If they have images somewhere (data archive - ed.), which, I hope, is good, this information was confirmed to me from closed sources, I think that in a week or two, they will begin to gradually, gradually recover," Oleksandr Fedienko emphasized.

Hackers from the Russian Federation "hacked" the Ministry of Justice registers. Which ones are not working, when to expect restoration and whether personal data was leaked. Analysis

On the topic

Hackers from the Russian Federation "hacked" the Ministry of Justice registers. Which ones are not working, when to expect restoration and whether personal data was leaked. Analysis

UPD. “The registers of the Ministry of Defense are operating normally.” The Central Data Protection Office assures that “Oberig” was not damaged by the cyberattack. And the Deputy Minister of Defense noted that “Rezer+” and “Army+” are also working, but then deleted her post

On the topic

UPD. “The registers of the Ministry of Defense are operating normally.” The Central Data Protection Office assures that “Oberig” was not damaged by the cyberattack. And the Deputy Minister of Defense noted that “Rezer+” and “Army+” are also working, but then deleted her post

Read the country's main IT news in our Telegram

On the topic

Read the country's main IT news in our Telegram