Saturday, March 15, 2014

Cyber Berkut and Anonymous Ukraine: Co-opted Hacktivists and Accidental Comedians

"We KiberBerkut declare that today at 18:00
we launched an attack on NATO resources: 
On March 15, 2014 Cyber Berkut (KiberBerkut) launched a DDoS attack against these NATO websites:
  • http://ccdcoe.org
  • http://nato.int
  • http://nato-pa.int
Those who favor Ukrainian independence and closer ties with the EU would have no reason to attack NATO. Cyber Berkut, as it turns out, doesn't belong to that group. They are staunch supporters of the former President Viktor Yanukovych who fled to Russia last month and they hate Yulia Tymoshenko who was freed from prison on Feb 22. Cyber Berkut has also called for the release of 70 Pro-Russian activists and Governor Pavel Gubarev in the city of Donetsk.

Cyber Berkut's website has claimed responsibility for launching attacks which interfered with mobile phone service for "neo-fascist groups" which support the revolution, and they've hacked about 100 or more Ukrainian websites since they began on March 3, 2014.

Cyber-Berkut.org is hosted in San Francisco by CloudFlare and the WHOIS data is privacy-protected.

Source: Robtex



The choice of the word "Berkut" may give a clue as to who's behind the group's activities. Berkut is the name of a special police force within the Ministry of Internal Affairs who used terrorist tactics against anyone who threatened Yanukovych's Presidency, especially those who supported the Euromaiden revolution . Translated, Berkut is golden eagle, which figures prominently on the Berkut logo as well as the logo used by Cyber Berkut. Notice the similarity between the two (Berkut Special Police is on the left):
Cyber Berkut (@cyberberkut1) is not the only pro-Russia "hacktivist" group working against Ukrainian independence. Anonymous Ukraine (@FreeUkraineAnon on Twitter) is another. In fact, they attacked the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) website back on November 7, 2013 as well as Estonia's Ministry of Defense website (Estonia is where the CCDCOE headquarters are). 

On March 14, the Voice of Russia announced that Anonymous Ukraine has obtained emails from US Army Assistant Army Attaché Jason P. Gresh to a senior official of the General Staff of the Ukrainian Army named Igor Protsuyuk which describe a U.S. false flag attack against Ukraine:
By tomorrow, the 15th of March 2014, the United States, through its agents in Ukraine, will begin a series of false flag attacks on targets in Ukraine which have been designed to make it look as if they were carried out by the Special Forces of the Russian Federation.
 The article then goes on to reprint the text of three emails. The one that Gresh supposedly wrote reads like it came out of a Matt Helm spy movie from the 60s:
Ihor,
Events are moving rapidly in Crimea. Our friends in Washington expect more decisive actions from your network.
I think it's time to implement the plan we discussed lately. Your job is to cause some problems to the transport hubs in the south-east in order to frame-up the neighbor.
It will create favorable conditions for Pentagon and the Company to act.
Do not waste time, my friend.
Respectfully,
JP
Jason P. Gresh
Lieutenant Colonel, U.S. Army
Assistant Army Attaché
U.S. Embassy, Kyiv
Tankova 4, Kyiv, Ukraine 04112
(380-44) 521 - 5444 | Fax (380-44) 521 – 5636
I mean - really? "It will create favorable conditions for Pentagon" sounds remarkably like: "We don't need computer weapon to kill moose and squirrel" (Adventures of Rocky and Bullwinkle). Finding this was really the highlight of my night. I'm still laughing.

Back to Cyber Berkut - considering the group's strong pro-Russia position, it came as a surprise when I read one journalist after another repeat the claim that Cyber Berkut attacked 40 Russian websites. There's no mention of any attacks against Russian websites at Cyber-Berkut.org, nor would any such attacks make sense. The group is pro-Russian, just like Yanukovych.

This is a textbook example of how Anonymous with its anarchist framework ("we are all Anonymous") can be easily co-opted to support the political agenda of a nation state while appearing to be an opposition movement. And how some journalists who rush to get a story out without doing any fact-checking can perpetuate the hoax.

A careful study of the ongoing Russia-Ukraine conflict including the creation and use of hacktivist groups by one or more security services is essential for cyber warfare researchers, practitioners, lawyers, and policymakers. That's why I've invited Professor Anna Vassilieva: Director, Russian Studies Program, Monterey Institute of International Studies and other regional experts to speak at Suits and Spooks San Francisco in April. Anna's topic is "Russia and Ukraine: What's True and What's New". As we've seen with Cyber Berkut and Anonyumous Ukraine, the truth doesn't come that easy.

RELATED

Russian Cyber Warfare Capabilities in 2014 (We aren't in Georgia anymore)


5 comments:

  1. This obviously forged communication between the Assistant US Army Attache at the US Embassy in Kiev has the embassy's address as Ulitsa Tankova, 4. In October 2011- more than two years ago - that street was re-named Ulitsa Sikorskogo in honor of the famous aircraft and helicopter designer Igor Sikorsky who grew up in Kiev, fled to the US after the Russian Revolution in 1917 and founded the Sikorsky helicopter company. Obviously, the pro-Russian, pro-Yanukovych hackers who put up this information on-line could not stand to write the name of Sikorsky, who for most of the Soviet era was a non-person "enemy of the people" as punishment for having fled Bolshevik-ruled Russia, so they use a name that has been out of use since before Putin was even "re-elected" Russian president. Not very clever and very unprofessional. I hope these are not real Russian or Ukrainian intelligence officers running these kind of fabrications because it shows very little intelligence and even worse tradecraft.

    ReplyDelete
  2. Thanks, Reuben, for finding that very interesting flaw in that faked email. Much appreciated!

    ReplyDelete
  3. Jeffrey - you are very welcome. The only people more unprofessional and lacking in competence than the post- Soviet spook agencies are the growing armies of US Government goons who seem to be able to shoot at anyone for any reason - even in they have had no training at all - and are getting away with murder. Check out this case in particular: http://www.washingtonpost.com/news/the-watch/wp/2014/02/23/jury-awards-more-than-2-million-to-family-of-pastor-killed-by-narcotics-task-force

    ReplyDelete
  4. wow you know very little about ukraine! in general: those who support nato in ukraine are ignorant poor agricultural people from west ukraine who hate industrial east ukraine and want to join eu to have "european values"-they have nothing to lose,but east have a lot to lose if we join nato and eu!
    so please, we both know whats going on...

    ReplyDelete
  5. Cyber Berkut are real patriots,who have brain and dont want to sell ukrainian land to NATO and ukrainian market to EU,we're not that stupid.
    South-East is not retarded as West Bandera Ukraine.
    "I'm sorry" to open this Truth,which you will never see in west or u.s. media.
    (even greystone or blackwaters sucked it the East. Oh yeah: "there were no mercenaries from u.s!."...sure! Lmao )

    ReplyDelete