It is so cliche to say “someone was ahead of his time”, until it’s not. I have always been enamored with Eric Blair (aka George Orwell) fan. He was and in a big way.
His masterpiece book, completed on the remote Island of Jura in 1948, literally killed him. The fact he finished it was in itself a miracle, having been written with the atrocities of Hitler Germany in the
Orwell wrote this book to ensure the future that almost became because of Hitler could never come to pass. Just under 75 years later, that promise is threatened. Parallels have been drawn between the novel’s subject matter and instances of mass surveillance, totalitarianism and violations of all individual freedoms and freedom of expression.
Now those with evil intent collect “dossiers” on those they want to victimize – digitally. Before, it was a religion, a color or word of mouth based on an accuser of assumed credibility. Now algorithms can assimilate those that have committed “thought crimes”, tipping off the “thought police” to a non-conformer.
Why would the Russians go after personal auto insurance policies? That’s dumb…
“The Ukrainian government says the Jan. 14 auto insurance hack resulted in the pilfering of up to 80% of Ukrainian policies registered with the Motor Transport Bureau.”
…or is it? Think about the amount of data that you give to an insurer, broker, PEO etc on an insurance application…
“Yet another attack, on April 1, crippled Ukraine’s National Call Center, which runs a hotline for complaints and inquiries on a wide array of matters: corruption, domestic abuse, people displaced by the invasion, war veteran benefits. Used by hundreds of thousands of Ukrainians, it issues COVID-19 vaccine certificates and collects callers’ personal data including emails, addresses and phone numbers.”
Not for profits and social service centers? why? They have no money, but they have an even deeper layer of data on the individual to include health. Want to target a person of not on the team, a good place to start a plan.
I mean they could’nt just use that combined with facebook, instagram and other externally available information, right? Wrong.
and yes, this is a two-way street now…
“Ukraine, for its part, appears to have done significant data collection — quietly assisted by the U.S., the U.K., and other partners — targeting Russian soldiers, spies and police, including rich geolocation data.
Demediuk, the top security official, said the country knows “exactly where and when a particular serviceman crossed the border with Ukraine, in which occupied settlement he stopped, in which building he spent the night, stole and committed crimes on our land.”
Couple highlights of the full article below from the Associate Press yesterday. This is real. Scary.
A chilling Russian cyber aim in Ukraine: Digital dossiers
BOSTON (AP) — Russia’s relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection.
Ukrainian agencies breached on the eve of the Feb. 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month earlier, a national database of automobile insurance policies was raided during a diversionary cyberattack that defaced Ukrainian websites.
The hacks, paired with prewar data theft, likely armed Russia with extensive details on much of Ukraine’s population, cybersecurity and military intelligence analysts say. It’s information Russia can use to identify and locate Ukrainians most likely to resist an occupation, and potentially target them for internment or worse.
“Fantastically useful information if you’re planning an occupation,” Jack Watling, a military analyst at the U.K. think tank Royal United Services Institute, said of the auto insurance data, “knowing exactly which car everyone drives and where they live and all that.”
As the digital age evolves, information dominance is increasingly wielded for social control, as China has shown in its repression of the Uyghur minority. It was no surprise to Ukrainian officials that a prewar priority for Russia would be compiling information on committed patriots.
“The idea was to kill or imprison these people at the early stages of occupation,” Victor Zhora, a senior Ukrainian cyber defense official, alleged.
Aggressive data collection accelerated just ahead of the invasion, with hackers serving Russia’s military increasingly targeting individual Ukrainians, according to Zhora’s agency, the State Service for Special Communications and Information Protection.
Serhii Demediuk, deputy secretary of Ukraine’s National Security and Defense Council, said via email that personal data continues to be a priority for Russian hackers as they attempt more government network breaches: “Cyberwarfare is really in the hot phase nowadays.”
There is little doubt political targeting is a goal. Ukraine says Russian forces have killed and kidnapped local leaders where they grab territory.
Demediuk was stingy with specifics but said Russian cyberattacks in mid-January and as the invasion commenced sought primarily to “destroy the information systems of government agencies and critical infrastructure” and included data theft.
The Ukrainian government says the Jan. 14 auto insurance hack resulted in the pilfering of up to 80% of Ukrainian policies registered with the Motor Transport Bureau.
Demediuk acknowledged that the Ministry of Internal Affairs was among government agencies breached Feb. 23. He said “a small part” of the ministry’s data was stolen “but so far no case of its use has been established.” He did not provide specifics. Security researchers from ESET and other cybersecurity firms that work with Ukraine said the networks were compromised months earlier, allowing ample time for stealthy theft.
The data collection by hacking is a work long in progress.
A unit of Russia’s FSB intelligence agency that researchers have dubbed Armageddon has been doing it for years out of Crimea, which Russia seized in 2014. Ukraine says it sought to infect more than 1,500 Ukrainian government computer systems.
Since October it has tried to breach and maintain access to government, military, judiciary and law enforcement agencies as well as nonprofits, with a primary goal of “exfiltrating sensitive information,” Microsoft said in a Feb. 4 blog post. That included unnamed organizations “critical to emergency response and ensuring the security of Ukrainian territory,” plus humanitarian aid distribution.
Post-invasion, hackers have targeted European organizations that aid Ukrainian refugees, according to Zhora and the cybersecurity firm Proofpoint. Authorities have not specified which organizations or what may have been stolen.
Yet another attack, on April 1, crippled Ukraine’s National Call Center, which runs a hotline for complaints and inquiries on a wide array of matters: corruption, domestic abuse, people displaced by the invasion, war veteran benefits. Used by hundreds of thousands of Ukrainians, it issues COVID-19 vaccine certificates and collects callers’ personal data including emails, addresses and phone numbers.
Adam Meyers, senior vice president of intelligence at the cybersecurity firm CrowdStrike, believes the attack may, like many others, have a greater psychological than intelligence-gathering impact — aiming to degrade Ukrainians’ trust in their institutions.
“Make them scared that when the Russians take over, if they don’t cooperate, the Russians are going to know who they are, where they are and come after them,” Meyers said.
The attack knocked the center offline for at least three days, center director Marianna Vilshinska said: “We couldn’t work. Neither phones nor chatbots worked. They broke down all the system.”
Hackers calling themselves the Cyber Army of Russia claimed to steal personal data on 7 million people in the attack. However, Vilshinska denied they breached the database with users’ personal information. “They didn’t get any valuable information,” she said.
She confirmed that a contact list the hackers posted online of more than 300 center employees was genuine as well as a spreadsheet with employee passwords. But she said other files the hackers posted — listing 3 million names and phone numbers and 1 million addresses — were not from the center.
Spear-phishing attacks in recent weeks have focused on military, national and local officials, aimed at stealing credentials to open government data troves. Such activity relies heavily on Ukraine’s cellular networks, which Meyers of CrowdStrike said have been far too rich in intelligence for Russia to want to shut down.
On March 31, Ukraine’s SBU intelligence agency said it had seized a “bot farm” in the eastern region of Dnipropretrovsk that was controlled remotely from Russia and sent text messages to 5,000 Ukrainian soldiers, police and SBU members urging them to surrender or sabotage their units. Agency spokesman Artem Dekhtiarenko said authorities were investigating how the phone numbers were obtained.
Gene Yoo, CEO of the cybersecurity firm ReSecurity, said it likely was not difficult: Subscriber databases of major Ukrainian wireless companies have been available for sale by cybercriminals on the dark web for some time — as they are for many countries.
If Russia is successful at taking control of more of eastern Ukraine, stolen personal data will be an asset. Russian occupiers have already collected passport information, a top Ukrainian presidential adviser tweeted recently, that could help organize separatist referendums.
Ukraine, for its part, appears to have done significant data collection — quietly assisted by the U.S., the U.K., and other partners — targeting Russian soldiers, spies and police, including rich geolocation data.
Demediuk, the top security official, said the country knows “exactly where and when a particular serviceman crossed the border with Ukraine, in which occupied settlement he stopped, in which building he spent the night, stole and committed crimes on our land.”
“We know their cell phone numbers, the names of their parents, wives, children, their home addresses,” who their neighbors are, where they went to school and the names of their teachers, he said.
Analysts caution that some claims about data collection from both sides of the conflict may be exaggerated.
But in recordings posted online by Ukrainian Digital Transformation Minister Mikhailo Fedorov, callers are heard phoning the far-flung wives of Russian soldiers and posing as Russian state security officials to say parcels shipped to them from Belarus were looted from Ukrainian homes.
In one, a nervous-sounding woman acknowledges receiving what she calls souvenirs — a woman’s bag, a keychain.
The caller tells her she shares criminal liability, that her husband “killed people in Ukraine and stole their stuff.”
She hangs up.
AP data journalist Larry Fenn in New York and Inna Varenytsia in Kyiv, Ukraine, contributed to this report.