"Ukraine is an advanced country". How Ukrainians respond to Russian attempts to break cyber defense

Aerorozvidka ("aerial reconnaissance") is a team of hundreds of members that came into being in 2014 and in six years turned into a non-governmental organization (NGO). Aerorozvidka specialists help the Security and Defense Forces of Ukraine implement IT, robotic, and network-centric solutions to fight the enemy. The team calls itself "an example of the direct involvement of civil society in repelling aggression against Ukraine."

"The most vulnerable link in cyber defense is a human," says Ruslan Prylypko, head of the Aerorozvidka IT department. Liga.Tech talked to him about the vulnerability of Ukrainian defenders in cyberspace, the Delta system, and ways to make the military more secure from cyberattacks.

How military IT experts want to protect information

In the spring, Aerorozvidka launched the Cyber Resilience project as a response to the challenge posed by enemy cyberterrorism. According to Ruslan Prylypko, it includes attacks on military systems, such as Delta. "These systems play an important role in the war, and Russian attacks are constant and do not abate.

The main element of the project is FIDO2 keys. This is the second factor of authentication for Delta users, i.e. a supplement to the password and login, which will increase the security of using the system. The Cyber Resilience project provides for the free distribution of keys to Delta users.

Users can fill out an application and receive this key, register it in the system and further protect their account, as well as use the key to protect their cyberspace: other accounts, mail, and social networks. "You can also protect them from phishing attacks or password theft," Ruslan adds. The project participants include the Ministry of Digital Transformation, Yubico and Hideez, which produce the keys, and Nova Poshta, which delivers them.

"We are trying to accumulate as many of these keys as possible, they are quite expensive in fact, and ensure that Delta users get them," explains Prylypko.

According to an interlocutor, the key will work in addition to the username and password, which can be spied on, stolen, or written down somewhere. Ruslan Prylypko compares the key to an Internet banking login, where the service sends a message with a code to be entered in addition to the password. "We are replacing it with a cryptographic key that cannot be intercepted, so to speak. You have to have it in your hands and insert it into a device that has either a USB or NFC interface," the expert notes. The key is cryptographically protected and cannot be falsified, and it also fulfills its main task of protecting against phishing attacks.

"That is, if you don't have this key, you won't be able to log into this account, even if you enter your username and password," Ruslan explains.

Who needs it

The number of users and statistics are classified data that the system's developer — the Defense Technology Innovation and Development Center — does not disclose. But Aerorozvidka notes that their goal is for all users to have these keys.

"The audience is primarily those military personnel who have access to the system. And the number is as many of these keys as we can find for the donations we get," says Prylypko. "Everything we find, we will pass on to the military." So far, there are not enough keys as there are many more users in the Armed Forces.

He emphasizes the importance of communicating not only with the Ministry of Digital Transformation, which is responsible for many processes, but also with the companies that provide these keys. The average price of one key is $50.

"Financially, it looks like this: some keys are donated to us, we get donations to buy the keys, and we ensure that users get them," Ruslan concludes.

On cyber hygiene for military and attacks on Delta

The second stage of the Cyber Resilience project is the preparation of training and guidelines, simple instructions that will help the military quickly check whether a device is vulnerable and how to protect it.

Ruslan's simplest tips are not to use cracked or downloaded apps from unknown sources, to trust only app stores, as these platforms check for vulnerabilities, and to use antiviruses and complex passwords. They should be different for different accounts, so that a breach in one place does not lead to a loss of information in another. The expert also calls for less sharing of sensitive location information through open communication channels.

According to Prylypko, the recent decision to officially introduce Delta did not affect the number of Russian attacks on the system as it is under constant attack, according to the developers. "The enemy has known about Delta for a long time, and the number of attacks that take place every day is huge. As well as the number of phishing attacks," Ruslan says, adding that the enemy is faking Delta and trying to show users where to go, enter their passwords to seize access. "But it's not that easy anymore, especially if a FIDO key is used.

The Russians also want to discredit Delta, spreading information in various chat rooms that the system is vulnerable.

As an example, using Delta makes Ukraine an advanced country, the expert believes. "You can easily see this when you google how NATO perceives this system," Ruslan explains, referring to its technological aspect.

"The fact that our situational awareness system is located in the cloud is a huge challenge for NATO, because they took a different path. They did not protect the system, but the perimeter. That is, it is without the Internet, there are only trusted users, trusted servers," explains the expert. "When you put your system on the Internet, you have completely different challenges. And NATO and our allies do not have this experience." Prylypko is certain that the Alliance is now watching the development of Ukrainian systems with great interest.