Ukraine negligent to cyberattack; U.S. possibly in same boat

Ukraine negligent to cyberattack; U.S. possibly in same boat

Ukraine negligent to cyberattack; U.S. possibly in same boat

The Kremlin is considering all options over the looming conflict with Ukraine. As the threat of amassing 100,000 Russian troops at the border heightens, some serious cyberthreats and information gathering are under way against Ukraine and the rest of the world.

American Family News spoke to Andrew Jenkinson, CEO of cybersecurity company Cybersec Innovation Partners (CIP). The U.K.-based expert says his company's preliminary research showed that nearly 100 Ukraine government websites have "suboptimal, insecure, and Not Secure positions." Each one of them, he contends, is "easily exploitable if they have not already been compromised." As many as 70 websites were recently defaced and injected with malicious code, he notes.

The Ukrainian government is solely responsible for the vulnerability of their "digital doors being left open," according to the cyber security expert – and many of those "open doors" have been vulnerable to attack for months or longer.

Russia's dangerous 'shadow' not new to resilient, proud people of Ukraine

Steve Jordahl, Chad Groening

The tense standoff in Ukraine, where Russian troops are amassed across the border, is drawing the concerns of a national security analyst and the prayers of a children’s choir director.

Bob Maginnis, a retired U.S. Army intelligence officer, tells AFN he is concerned about reports President Joe Biden could be sending U.S. troops to allied NATO countries that border Ukraine.

“Ukraine’s not part of NATO. We don’t have a treaty with them,” he points out.

Meanwhile, the Russians have assembled more than 100,000 troops near the Ukraine border, he says, and now Russian troops are deployed in neighboring Belarus, too. Those are “massive” numbers of troops that outnumbered U.S. forces would be facing if the standoff turns into a war.

Back in the United States, Connie Fortunato says she knows the mood of Ukraine because she has traveled there for more than 20 years for her organization, Music Camp International.

“They have lived under this shadow,” she says of Russia’s power and influence. “There’s a strong awareness in Kiev. And I think that they, perhaps, see their strengths in the way we do not see it.”

What is needed most, she says, is prayers: for Ukraine and for Russia, for the leaders of both countries, and for the diplomats trying to resolve the standoff without any more bloodshed.  

“I would pray for those,” she says, "who are trying to lead a dialogue away from aggression.”

"When [CIP] initially looked at the URL address for the Ministry of Foreign Affairs of Ukraine," he explains, "the subdomain was visibly Not Secure, as could be seen to the left of the address bar at the time."

The Ukraine Cyber Security Command Centre also displayed a Not Secure position, he laments, likening the scenario to "a case of the blind leading the blind."

When a site is designated as Not Secure, "it's a warning that the domain itself is not protected and cannot be trusted," Jenkinson explains. Hackers could have easily stolen information from the Ukraine ministry's website for many months, he says, pointing out that government email accounts that are outsourced to Microsoft could been compromised in the process.

"Such a breach could be used for nefarious purposes, like revealing confidential government information," he adds.

Whether it was a Russian hacker or a proxy hacker, Jenkinson says "whomever was responsible for this attack likely used a number of simple tactics to breach Ukraine's government websites, since they were negligent in implementing basic security measures for their protection."

Interestingly, through years of observation, Jenkinson says other entities like the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the National Cyber Security Council, and many others are "guilty of ignoring many of the standard security measures that need to be put in place to stifle hacking attempts."

Without basic protection, Jenkinson says cyberattacks and ransomware attacks from "nefarious actors" will always have one outcome – "mainly that the hacker will be the victor."

Until governments around the world take security seriously, Jenkinson expects these incidents to continue to happen.

Editor's Note: Andrew Jenkinson is author of the book "Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber ​​Warfare."