Topics
Latest
AI
Amazon
Image Credits:Kris Tripplaar/Chainalysis
Apps
Biotech & Health
clime
Image Credits:Kris Tripplaar/Chainalysis
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
convenience
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
privateness
Robotics
Security
Social
place
inauguration
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
get hold of Us
Ukraine’s cyber police talks crypto, ransomware and documenting war crimes after Russia’s invasion
On February 24 , 2022 , Russian forces invaded Ukraine . Since then , living in the country has change for everyone .
For the Ukrainian forces who had to defend their country , for the regular citizen who had to stand firm invading power and constant shelling , and for the Cyberpolice of Ukraine , which had to shift its stress and priorities .
“ Our obligation change after the full graduated table state of war started , ” read Yevhenii Panchenko , the chief of partition of the Cyberpolice Department of the National Police of Ukraine , during a talk on Tuesday in New York City . “ Modern directives were put under our responsibleness . ”
During the talk at the Chainalysis LINKS conference , Panchenko enjoin that the Cyberpolice is comprised of around a thousand employee , of which about forty cartroad crypto - related crime . The Cyberpolice ’s responsibleness is to combat “ all manifestations of cyber criminal offence in cyberspace , ” enunciate Panchenko . And after the war bulge out , he state , “ we were also responsible for the active struggle against the aggression in net . ”
Panchenko sat down for a widely - ranging interview with TechCrunch on Wednesday , where he verbalise about the Cyberpolice ’s novel responsibilities in wartime Ukraine . That include dog what war criminal offence Russian soldiers are committing in the country , which they sometimes station on societal media ; monitor the menstruation of cryptocurrency funding the warfare ; endanger disinformation campaign ; investigating ransomware attacks ; and training citizens on ripe cybersecurity practice .
The following transcript has been blue-pencil for transience and clearness .
TechCrunch : How did your task and that of the police change after the invasion ?
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
It almost totally changed . Because we still have some regular tasks that we always do , we ’re responsible for for all the spheres of cyber investigation .
We take to relocate some of our units in different home , of track , to some hard arrangement because now we need to work separately . And also we added some new labor and Modern areas for us of responsibilities when the war lead off .
From the inclination of the newfangled tasks that we have , we crave entropy about Russian soldier . We never did that . We do n’t have any experience before February 2022 . And now we seek to pick up all the evidence that we have because they also adapted and start up to hide , like their social media pages that we used for recognise people who were taking part in the bigger invading effect that Russians used to get our metropolis and kill our multitude .
Also , we are responsible for for identifying and look into the cases where Russian drudge do attacks against Ukraine . They round our substructure , sometimes DDoS [ distributed denial - of - service attacks ] , sometimes they make defacements , and also attempt to cut off our info in general . So , it ’s quite a different arena .
Because we do n’t have any cooperation with Russian law enforcement , that ’s why it ’s not easy to sometimes identify or look for information about IP speech or other things . We want to retrieve new way to cooperate on how to exchange data with our intelligence services .
Some units are also responsible for maintain the vital base in the cyber sphere . It ’s also an important task . And today , many attacks also aim decisive infrastructure . Not only projectile , but hackers also seek to get the datum and ruin some resource like electrical energy , and other thing .
When we think about soldiers , we think about real world actions . But are there any crimes that Russian soldiers are committing online ?
[ Russia ] use social media to sometimes take pictures and publish them on the internet , as it was common in the first leg of the war . When the warfare first started , likely for three or four month [ Russian soldier ] publish everything : videos and photograph from the metropolis that were busy temporarily . That was evidence that we pick up .
And sometimes they also make videos when they pip in a metropolis , or use storage tank or other vehicle with really big shooter . There ’s some grounds that they do n’t choose the target , they just every which way photograph around . It ’s the video that we also collected and included in probe that our office is doing against the Russians .
In other words , looking for grounds of war crimes ?
Yes .
How has the ransomware landscape painting in Ukraine changed after the invasion ?
It ’s exchange because Russia is now not only focalize on the money side ; their main prey is to show citizen and believably some public sector that [ Russia ] is really effective and strong . If they have any access on a first stage , they do n’t deep dive , they just ruin the resources and endeavor to blemish just to show that they are really strong . They have really effective hackers and groups who are responsible for for that . Now , we do n’t have so many cases tie in to ransom , we have many cases related to disruption onslaught . It has changed in that way .
Has it been more difficult to discern between pro - Russian criminal and Russian governing hacker ?
Really hard , because they do n’t wish to look like a government bodily structure or some units in the military . They always see a really fancy name like , I do n’t know , ‘ Fancy Bear ’ again . They hear to cover their real nature .
But we see that after the warfare started , their militaries and intelligence service of process begin to organize groups — maybe they ’re not so good and not so professional as some group that wreak before the warfare started . But they organize the groups in a monolithic [ scale ] . They start from growing new partners , they give them some little tasks , then see if they are effective and truly succeed in a diminished portion of IT knowledge . Then they move forth and do some new tasks . Now we can see many of the software they also publish on the internet about the results . Some are not touch to what governments or intelligence grouping did , but they write that intelligence . They also practice their own media resources to raise the impact of the attempt .
What are pro - Russian hacking groups doing these daylight ? What activities are they focused on ? You mentioned critical substructure defacements ; is there anything else that you ’re tracking ?
It start out from basic onrush like DDoS to destroy communication and seek to demolish the channels that we use to communicate . Then , of course , disfigurement . Also , they collect datum . Sometimes they publish that in open reservoir . And sometimes they belike take in but not apply it in disruption , or in a way to show that they already have the access .
Sometimes we know about the position when we prevent a criminal offence , but also attack . We have some sign of compromise that were probably used on one political science , and then we share with others .
[ Russia ] also create many psyops channels . Sometimes the attack did not succeed . And even if they do n’t have any evidence , they ’ll say “ we have admission to the system of military social structure of Ukraine . ”
How are you going after these cyberpunk ? Some are not inside the land , and some are inside the country .
That ’s the worst thing that we have now , but it ’s a situation that could exchange . We just need to pull in all the evidence and also provide investigation as we can . And also , we inform other law enforcement agencies in area who join forces with us about the player who we identify as part of the groups that committed attacks on Ukrainian soil or to our critical substructure .
Why is it important ? Because if you talk about some regular soldier from the Russian army , he will probably never amount to the European Union and other countries . But if we talk about some smart guys who already have a spate of cognition in offensive hacking , he prefers to move to warmer places and not work from Russia . Because he could be recruited to the army , other things could happen . That ’s why it ’s so crucial to collect all evidence and all selective information about the person , then also prove that he was involved in some flak and share that with our partners .
Also because you have a long store , you’re able to hold back and possibly identify this hacker , where they are in Russia . You have all the information , and then when they are in Thailand or somewhere , then you may move in on them . You ’re not in a hurry needs ?
They assail a sight of our civil base . That warfare law-breaking has no prison term loss . That ’s why it ’s so important . We can look 10 years and then halt him in Spain or other country .
Who are the cyber volunteers doing and what is their function ?
We do n’t have many hoi polloi today who are volunteers . But they are really smart people from around the world — the United States and the European Union . They also have some knowledge in IT , sometimes in blockchain analysis . They help oneself us to ply depth psychology against the Russians , collect data about the notecase that they use for fundraising campaigns , and sometimes they also inform us about the new form or new group that the Russians make to organize their bodily process .
It ’s important because we ca n’t enshroud all the things that are happen . Russia is a really expectant country , they have many chemical group , they have many multitude involved in the state of war . That case of cooperation with volunteers is really crucial now , particularly because they also have a honorable noesis of local language .
Sometimes we have military volunteer who are really airless to Russian - speaking country . That helps us realize what on the dot they are doing . There is also a community of IT guys that ’s also convey with our volunteers directly . It ’s important and we really like to invite other people to that natural action . It ’s not illegal or something like that . They just supply the info and they can tell us what they can do .
What about pro - Ukrainian hackerslike the Ukraine IT Army . Do you just let them do what they want or are they also likely targets for investigation ?
No , we do n’t collaborate at once with them .
They also have a lot of impact with that , because if they launder and take money from our citizen , we could help . And that ’s why we include those activities , so we proactively react to stories that we received from our citizens , from our partners about new types of fraud that could be happening on the internet .
And also we provide some training for our citizens about cyber hygiene and cybersecurity . It ’s also important today because the Russians hacker not only target the critical infrastructure or government structures , they also seek to get some information of our people .
For example , Telegram . Now it ’s not a big job but it ’s a newfangled challenge for us , because they first send interesting stuff , and inquire people to communicate or interact with bot . On Telegram , you’re able to create bots . And if you just typecast twice , they get access to your account , and change the act , change two - factor assay-mark , and you will lose your account .
Is sham done to kindle finances for the war ?
Can you tell me more about Russian fundraising ? Where are they doing it , and who is giving them money ? Are they using the blockchain ?
There are some benefit and also disadvantages that crypto could give them . First of all , [ Russians ] use crypto a mickle . They make almost all sort of pocketbook . It set off from Bitcoin to Monero . Now they understand that some case of crypto are really dangerous for them because many of the exchanges cooperate and also confiscate the store that they collect to facilitate their military .
How are you going after this type of fundraising ?
If they apply crypto , we judge the address , we make some attribution . It ’s our main finish . That ’s also the type of activities that our voluntary help oneself us to do . We are really in effect at that . But if they expend some banks , we only could collect the datum and understand who on the button is creditworthy for that campaign . Sanctions are the only skilful mode to do that .
What is cyber resistor ?
Cyber electrical resistance is the prominent challenge for us . We wanted to play that cyber resistance in cyberspace for our users , for our imagination . First of all , if we talk about drug user , we bulge from breeding and also sharing some advice and noesis with our citizens . The approximation is how you could react to the attacks that are expected in the future .
How is the Russian government using crypto after the encroachment ?
Russia did n’t transfer everything in crypto . But they adapted because they saw that there were many sanctions . They make new mode to launder money to prevent attribution of the addresses that they used for their infrastructure , and to pay or take in funds . It ’s really easy in crypto to make many computer address . Previously they did n’t do that as much , but now they use it often .
