How Hackers Exposed Ukraine's Vulnerability
Ukrainian president-elect Petro Poroshenko inherits a country ruined by years of corrupt and incompetent rule. What happened to the computer network of the country's central election commission three days before the ballot shows what a mess Ukraine is now -- and that Ukrainians are trying to fix it.
On May 23, a hacker group calling itself CyberBerkut -- after the now-disbanded Berkut riot police force that fought against protesters in Kiev last winter -- announced it had "destroyed the computer network infrastructure" of the election commission using a vulnerability in its Cisco-built firewall. The group, which had already perpetrated a number of cyber attacks on official Ukrainian and North Atlantic Treaty Organization servers, believes the vote was illegal. "Holding elections in a country torn apart by civil war is criminal," the hackers wrote on their site.
CyberBerkut posted files online proving that it had broken into the election commission's network. The documentation in these files appears convincing: It includes network maps, system logs and other material only available to administrators, as well as the contents of election commission members' mailboxes. "Special thanks for an engrossing quest to the wonderful admins who keep network access data in text files on their desktops," the hackers teased.
As far as such reports go, this one is not about the usual hacker braggadocio but about contempt for shoddy work done on the cheap. The hackers found, among other things, that the commission was using unactivated -- and thus probably pirated -- copies of Microsoft Windows.
Late on May 24, avakov.com, the personal site of Ukraine's acting interior minister Arsen Avakov, reported that the country's electronic election system was ruined and vote-counting would have to be done by hand. Official Russian news agencies seized on the statement and ran with it until Avakov issued a denial on Facebook, saying his site had itself been hacked. "It's business as usual at the Central Election Commission, the election has started and it will take place no matter how enemies of Ukraine try to disrupt it," he wrote.
The election did go ahead: Hand-counting votes was always the default procedure and electoral rolls, at least, did not seem to be affected. The breach shows, however, how much of the country's critical infrastructure is shoddily maintained.
Ukraine, with a large offshore programming industry, has an army of 250,000 IT experts, but the public sector cannot afford the best because salaries are laughable. After the overthrow of President Viktor Yanukovych in late February, the new government tried to recruit new bureaucrats from the private sector, but many of those approached about taking up high-profile jobs in ministries and public companies -- including some people I know -- refused, because the salaries offered were too small to survive on. Those who agreed say openly they cannot do this out of patriotism forever. "I think my salary is about $1,000 per month," former investment managerMaxim Blank, now deputy head of Ukraine's railroad monopoly, Ukrzaliznytsa, told Focus magazine. "I have already told my family that I won't be bringing home a salary for a year. We have savings, we can afford this for a year at least."
Poroshenko won what many Ukrainians call the fairest election since the country gained its independence. Even though turnout in the rebellious eastern regions was a tiny fraction of their populations -- only 49,291 people showed up to vote in the Donetsk region, population 4.3 million -- no attempts to rig the vote were reported. CyberBerkut, after perusing election officials' emails, found no evidence of any plans to mess with the outcome. It was reduced to publishing silly tidbits, such as election commission head Mykhailo Okhendovsky's correspondence concerning the renovation of his home.
Poroshenko will now be focused on dealing with the eastern separatist rebellion and finding common ground with Russia so that the Kremlin will stop destabilizing Ukraine. That, however, is no more important in the long run than fixing the country's weak, inefficient, thieving bureaucracy. The new president can count on the enthusiasm of people like Blank, but it won't last forever -- not much longer than their personal savings, at least.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author on this story:
Leonid Bershidsky at firstname.lastname@example.org
To contact the editor on this story:
Marc Champion at email@example.com