Aid groups help Ukraine deal with both cyber and physical threats

By Sean Lyngaas, CNN

Employees of Insecurity Insight, a non-profit organization based in Switzerland, received a series of malicious links and pornographic material on their mobile phones after publishing a report last month on Russian attacks on hospitals in Ukraine.

The phishing messages were “on a scale we’ve never experienced” and came as staff members spent late nights documenting the destruction of war, Christina Wille, director of Insecurity Insight, told CNN. She suspects it was an (unsuccessful) attempt to dissuade her team from reporting on Russia’s war in Ukraine.

It’s just one example of a series of digital threats facing aid organizations as Russian President Vladimir Putin shows no signs of ending his brutal war on Ukraine.

In several other cases, malware has been used to target charities and aid organizations working in Ukraine “to confuse and disrupt” the delivery of medical supplies, food or clothing, according to Amazon Web. Services, cloud computing from Amazon. division.

Humanitarian groups responding to the war remain focused on the physical safety of civilians and their employees. But overwhelmed aid organizations have also had to wonder how closely the physical security of Ukrainians is tied to the cybersecurity of their data.

Cybersecurity experts fear that crooks or spies could use the data exposed during the Russian war to re-victimize people in the future, by extorting or surveilling them. And many organizations lack the resources to recover from a serious breach.

“There’s your immediate safety, your safe life, and then there’s actually, ‘How can cyberattacks repeat this harm over time with data?'” said policy manager Klara Jordan. to the CyberPeace Institute, an organization that works to protect humanitarian aid. pirate groups.

“Who protects humanitarian organizations?

It is not known how many humanitarian organizations responding to the war in Ukraine have suffered cyber attacks. There are only anecdotal reports of incidents, documenting them is complicated by the chaos of war, and aid workers are understandably reluctant to discuss specific cases.

A Ukrainian cybersecurity specialist, Vadym Hudyma, said several civil society groups in Ukraine had managed to avoid major disruptions by preemptively reducing their online footprint on the eve of the Russian invasion.

“These organizations have held up pretty well against these cyberattacks on websites,” said Hudyma, co-founder of Digital Security Lab Ukraine, an organization that helps secure the online accounts of journalists and activists.

But for aid organizations in Ukraine and abroad, there are not enough people like Hudyma.

“The most vulnerable are protected by humanitarian organisations, but who protects humanitarian organisations? said Adrien Ogée, CEO of CyberPeace Institute. “Many of these NGOs [non-government organizations] don’t even monitor their networks… They don’t even know when they’re under attack.

Some NGOs are “worried that the Russians may get their hands on [computer] servers,” Ogée said, referring to data physically stored in Ukraine that may contain information about political activists, refugees or donors.

Ogée and his colleagues are trying to fill the cybersecurity resource gap with a program that connects NGOs around the world, including those working on Ukraine, with experts to mitigate the impact of possible incidents. of hacking. The CyberPeace Institute was able to help Wille, the director of Insecurity Insight, assess hacking attempts targeting her organization, she said.

Help with the basics of cybersecurity (strong passwords, backed up data, and another layer of authentication for logins) can significantly reduce the likelihood of an organization being hacked.

The alternative, Ogée said, is unacceptable. NGOs working in Ukraine and other war zones that fail to secure the data they process “potentially create the conditions for further attacks”, he argued.

There is also the risk that an already endemic environment of misinformation around aid work in Ukraine will be amplified by hacking.

In late February, hackers attempted to hack into the email accounts of European government officials “involved in managing the logistics of refugees fleeing Ukraine”, according to cybersecurity firm Proofpoint, which uncovered the incident.

Proofpoint investigators suspect Belarusian state hackers may be behind the activity. One theory is that attackers could try to use intelligence collected on refugees in NATO countries “which could be used to channel anti-refugee sentiment” in Europe, said Ryan Kalember, executive vice president of Proofpoint’s cybersecurity strategy.

Cyberactivity and the Geneva Conventions

There is a meticulous project, involving thousands of investigators across Ukraine, to collect information on potential war crimes. There is no equivalent effort to catalog potential violations of international law in cyberspace during the war in Ukraine.

One reason is that any alleged crime in cyberspace, of course, pales in comparison to the impact of mass killings.

But jurists and lawyers always pay special attention to it.

Cyberattacks on humanitarian and emergency response organizations in Ukraine “raise serious concerns under the Geneva Convention,” Microsoft Chairman Brad Smith said on February 28, four days after the start of the war. last Russian war in Ukraine.

Tilman Rodenhäuser, legal adviser to the International Committee of the Red Cross, went further.

Cyber ​​espionage — which involves hiding in computer systems and gathering intelligence, rather than disrupting the systems — against humanitarian organizations responding to a war could also violate international law, Rodenhäuser told CNN.

The Red Cross, he said, has a mandate to visit prisoners of war and interview them about their treatment.

“This confidentiality is protected by the Geneva Conventions,” Rodenhäuser added. “Thus, conducting espionage against such data would be very difficult to reconcile” with this legal obligation.

The Red Cross itself was hacked by unidentified hackers in November, an act uncovered by the aid organization in January. The personal information of half a million of the world’s most vulnerable people was exposed to the attacker, and the incident temporarily halted a global Red Cross program aimed at reuniting refugees with their families.

The cyberattack “did not have a substantial impact” on the work of the Red Cross program in Ukraine, Red Cross spokesman Jason Straziuso told CNN. But it “could have impacted our ability to reconnect families separated … around the Ukraine crisis” had the Red Cross not made “immediate repairs” to its IT systems, he said in an email.

There is no evidence that the hack was related to the ensuing war in Ukraine. But that characterizes the brazenness of computer intrusions targeting aid groups.

“Humanitarian organizations should be respected and protected online because they are offline,” Rodenhäuser said.

The-CNN-Wire
™ & © 2022 Cable News Network, Inc., a WarnerMedia company. All rights reserved.