State-sponsored Hacking Suspected in Ukraine (and Everywhere Else)

Ray Walsh

Ray Walsh

February 22, 2017

State-sponsored hacking is out of control. Last week the UK announced that in the last three months alone, 188 high-level cyberattacks (including high-profile state targets) have been perpetrated by hackers. In the Czech republic, a recent government hack that affected diplomats’ email accounts has been chalked up to the Russian government. In India, it has just been revealed that as many as 700 government websites may have been hacked between 2013 and 2016. Add to that the now infamous Clinton and DNC hacks and you have quite the list of recent political hacks. Is it really any surprise?

State secrets are immensely valuable. Whether it be by ally or foe, hacking sensitive state secrets offers the potential for enormous strategic advantages. Bearing in mind that allies have been found to be spying on each other time and time again (and that it is even done cooperatively as part of the 5 Eyes agreement), how can we doubt that it is happening between enemies?

Common sense tells us that if hacking and espionage are occurring, then Donald Trump was probably being more realistic when he called on Putin to “release the rest of the emails,” than he was when he denied Russia’s involvement in the DNC hack. Having said that, it is also true that the perpetrator could have been anyone. Because proxies and social engineering are tools that can be employed by any hacker to frame another country.

guccifer 2.0 back

When the Guccifer 2.0 hack hit the press, digital clues suggested Russian origins. Those clues, however, were circumstantial (the attack appeared to have been committed by someone using a Russian keyboard, amongst other things). The reality, however, is that whoever committed the hack may have just wanted to frame Russia in order to keep the pressure off themselves. As such, Trump was not necessarily wrong when he said it could have been ‘someone sitting on their bed that weighs 400 lbs.’

Hacking Minds

Hacking elections is commonly perceived to mean hacking polling machines. However, the Clinton debacle proved that if you hack enough dirt on a politician and leak it to the world, it can be enough to stir up a huge well of emotions that changes the course of an election.

Using the media – and careful timing – leaked documents can cause citizens to lose trust in a particular political party or candidate. Target both effectively, and a candidate that was a ‘shoe in’ to win an election (as was considered the case with Clinton by many) can have their entire campaign dismantled before their eyes.

brain hacking

This is social engineering of an entirely different nature, and of a magnitude that has hitherto been largely unmentioned. Essentially, it is the use of hacked information to hack people’s minds (and the result of an election, in the process).

Data as a Currency

We are living in an age when data is both power and money. At a recent Twitter event organized by @STOPTHNKCONNECT (#chatSTC), the responses from the digital privacy community were unanimous: data should be considered a form of currency. Everyone’s data holds inherent value (which is why everyone should seek to control their digital footprint, and be unwilling to part with their data without proper reward).

Data is power and money. It is both the opportunity to know and the opportunity to affect those who you know. With that in mind, it should come as no surprise that it is not just politics that state hackers have their eye on.

data is money

Recently, researchers have unearthed a hacking operation that harvested 600 gigabytes of data from around 70 targets. Rather than political, these targets were from the industrial, technology, science, and media industries. According to cybersecurity firm CyberX, the hacking campaign used malware to steal screenshots, documents, and passwords, from high-level targets. The campaign, which is being referred to as “BugDrop,” even used people’s microphones to record conversations.

Attack Vector

The cyber attacks were initiated using infected Microsoft Word documents sent in phishing emails. Once infected, the data was harvested and sent to Dropbox, where it was collected by the hackers. CyberX made the following comments about the hack:

“Operation BugDrop is a well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources. In particular, the operation requires a massive back-end infrastructure to store, decrypt, and analyze several GB per day of unstructured data that is being captured from its targets. A large team of human analysts is also required to manually sort through captured data and process it manually and/or with Big Data-like analytics.”

Hacking Ukrainian Infrastructure

The vast majority of the 70 targets, on this occasion, were located in Ukraine. Amongst those targets were: a firm that makes remote monitoring systems for oil and gas pipelines; an NGO that monitors human rights, counter-terrorism, and cyberattacks on Ukrainian critical infrastructure; an engineering firm; a scientific research institute; and the editors of a Ukrainian newspaper. The high level of sophistication used in the attacks is causing suspicion that it may have been a state-sponsored operation. From CyberX’s blog:

“Skilled hackers with substantial financial resources carried out Operation BugDrop. Given the amount of data analysis that needed to be done on [a] daily basis, we believe BugDrop was heavily staffed. Given the sophistication of the code and how well the operation was executed, we have concluded that those carrying it out have previous field experience.”

Similarities to a Past Attack

Although not definitely linked, the attack vector of using macros hidden in Word documents to infect machines is very similar to an attack that took place last year in Ukraine. At that time, the electrical grid was hacked, causing blackouts for 80,000 people in the Ivano-Frankivsk region of Ukraine.

Whether this hack was state-sponsored is yet to be discovered. However, it is further evidence of the severity of well-organized institutionalized hacking, which is now at epidemic levels. With nations suffering so many hacks, there is no wonder that Germany and France (which both have elections this year) are afraid that their countries will also fall victim to hackers. No matter which way you look at it, state-sponsored hacking is here to stay.

Opinions are the writer’s own.

Title image credit: Alexander Geiger/

Image credit: Wichy/

Image credit: mageFlow/



Ray Walsh

I am a freelance journalist and blogger from England. I am highly interested in politics and in particular the subject of IR. I am an advocate for freedom of speech, equality, and personal privacy. On a more personal level I like to stay active, love snowboarding, swimming and cycling, enjoy seafood, and love to listen to trap music.

One response to “State-sponsored Hacking Suspected in Ukraine (and Everywhere Else)

  1. I do not understand how a state-sponsored hacking could influence an election (a convention) or a life : jealousy … rancor
    – They know that merkel is a spy of the usa since the beginning : she did not have been hacked, she gave her code.
    – They know that a vote has no value in france : it is a rogue state.

    According on my own point of view , i do not consider that state secrets are immensely valuable :
    there are so few and such insignificant.
    high-profile state targets are certainly a hoax, a joke of the media.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exclusive Offer
Get NordVPN for only
Get NordVPN for only