Ukrainian parliamentary election interference (2014) — Citizens for Voting Integrity New York

COMMENT: (Ukraine: Fancy Bear) This is a reminder from 2014 of the potential of Russian hackers to infiltrate election systems. As Robert Mueller answered in a question about whether Russians are still working to undermine our US elections, “They are doing it as we speak.” To protect our vote count from cyberattack, there must be paper ballots hand marked by the voter and paper poll books. In New York, support S309/A1115 to ban printer-scanner voting machines that can change or invalidate ballots. Allegra Dengler

https://cyberlaw.ccdcoe.org/wiki/Ukrainian_parliamentary_election_interference_(2014)
Ukrainian parliamentary election interference (2014)

Date October 2014 shortly before the Ukrainian parliamentary elections were held.

Suspected Actor A pro-Russian hacktivist group called CyberBerkut with suspected ties to the GRU hacker group known as APT28 (or Fancy Bear) was allegedly responsible for the attacks.[1]

Target and Method Four days before the national vote, the Ukrainian central election system was compromised and critical files were deleted, rendering the vote-tallying system inoperable; three days before the national vote, CyberBerkut released exfiltrated data onto the internet as proof of the success of the operation.[2]

Malware, which would have portrayed ultra-nationalist candidate Dmytro Yarosh as the winner with 37 percent of the vote and candidate Petro Poroshenko as having 29 percent of the vote, was installed.[2]

Shortly after polls closed, the website of the Ukrainian Central Election Commission, which organized the elections, was shut down. Ukrainian security officials characterized the operation as a distributed denial-of-service (DDoS) attack, which can slow down or disable a network by flooding it with communications requests.[2]

Purpose The Central Election Commission described the attack as "just one component in an information war being conducted against our state".[3] The attack can be seen as part of the ongoing conflict between Russia and Ukraine, which had started with the annexation of the Crimean Peninsula by Russia in February-March 2014.[4]

Result The vote-tallying system was restored, using backups, three days before the national vote.[2]

Ukrainian cybersecurity personnel were able to remove the malware 40 minutes before election results went live, preventing it from releasing erroneous results.[2]

Election results were blocked for two hours and the final tally was delayed.[2] Nonetheless, Ukrainian officials announced that they had prepared for the possibility of a DDoS attack and used a backup to restore the entire system.[3]

Aftermath Russian media announced that Dmytro Yarosh had won the election with 37 percent of the vote and that Petro Poroshenko had obtained 29 percent of the vote, despite such erroneous results never having been publicly released by Ukrainian officials.[2]

In 2015, Ukraine was subject to another cyber operation conducted against the Ukrainian power grid.

In 2018, Ukrainian officials noted that they were planning to upgrade their information technology infrastructure prior to the 2019 presidential election in order to address a range of cyber security threats that they had expected to face.[5]

Analysed in Scenario 01: Election interference

• ↑ A Greenberg, 'Everything We Know About Russia's Election-Hacking Playbook' Wired (6 September 2017).
• ↑ Jump up to:2.0 2.1 2.2 2.3 2.4 2.5 2.6 M Clayton, 'Ukraine election narrowly avoided "wanton destruction" from hackers' CS Monitor (17 June 2014).
• ↑ Jump up to:3.0 3.1 'Hackers target Ukraine's election website' AFP (25 October 2014).
• ↑ See, eg, 'International armed conflict in Ukraine' Rule of Law in Armed Conflicts (12 September 2017).
• ↑ OSCE, 'Ukraine: Presidential Election 31 March 2019 - ODIHR Needs Assessment Mission Report' (21 December 2018) 7.