The phishing messages were “on a scale we’ve never experienced” and came as staff members spent late nights documenting the destruction of war, Christina Wille, director of Insecurity Insight, told CNN. She suspects it was an (unsuccessful) attempt to dissuade her team from reporting on Russia’s war in Ukraine.
It’s just one example of a series of digital threats facing aid organizations as Russian President Vladimir Putin shows no signs of ending his brutal war on Ukraine.
Humanitarian groups responding to the war remain focused on the physical safety of civilians and their employees. But overwhelmed aid organizations have also had to wonder how closely the physical security of Ukrainians is tied to the cybersecurity of their data.
Cybersecurity experts fear that crooks or spies could use the data exposed during the Russian war to re-victimize people in the future, by extorting or surveilling them. And many organizations lack the resources to recover from a serious breach.
“Who protects humanitarian organizations?
It is not known how many humanitarian organizations responding to the war in Ukraine have suffered cyber attacks. There are only anecdotal reports of incidents, documenting them is complicated by the chaos of war, and aid workers are understandably reluctant to discuss specific cases.
A Ukrainian cybersecurity specialist, Vadym Hudyma, said several civil society groups in Ukraine had managed to avoid major disruptions by preemptively reducing their online footprint on the eve of the Russian invasion.
“These organizations have held up pretty well against these cyberattacks on websites,” said Hudyma, co-founder of Digital Security Lab Ukraine, an organization that helps secure the online accounts of journalists and activists.
But for aid organizations in Ukraine and abroad, there are not enough people like Hudyma.
“The most vulnerable are protected by humanitarian organisations, but who protects humanitarian organisations? said Adrien Ogée, CEO of CyberPeace Institute. “Many of these NGOs [non-government organizations] don’t even monitor their networks… They don’t even know when they’re under attack.”
Some NGOs are “worried that the Russians may get their hands on [computer] servers,” Ogée said, referring to data physically stored in Ukraine that may contain information about political activists, refugees or donors.
Ogée and his colleagues are trying to fill the cybersecurity resource gap with a program that connects NGOs around the world, including those working on Ukraine, with experts to mitigate the impact of possible incidents. of hacking. The CyberPeace Institute was able to help Wille, the director of Insecurity Insight, assess hacking attempts targeting her organization, she said.
Help with the basics of cybersecurity (strong passwords, backed up data, and another layer of authentication for logins) can significantly reduce the likelihood of an organization being hacked.
The alternative, Ogée said, is unacceptable. NGOs working in Ukraine and other war zones that fail to secure the data they process “potentially create the conditions for further attacks”, he argued.
There is also the risk that an already endemic environment of disinformation around aid work in Ukraine will be amplified by hacking.
Proofpoint investigators suspect Belarusian state hackers may be behind the activity. One theory is that attackers could try to use intelligence collected on refugees in NATO countries “which could be used to channel anti-refugee sentiment” in Europe, said Ryan Kalember, executive vice president of Proofpoint’s cybersecurity strategy.
Cyberactivity and the Geneva Conventions
One reason is that any alleged crime in cyberspace, of course, pales in comparison to the impact of mass killings.
But jurists and lawyers always pay special attention to it.
Tilman Rodenhäuser, legal adviser to the International Committee of the Red Cross, went further.
Cyber espionage — which involves hiding in computer systems and gathering intelligence, rather than disrupting the systems — against humanitarian organizations responding to a war could also violate international law, Rodenhäuser told CNN.
The Red Cross, he said, has a mandate to visit prisoners of war and interview them about their treatment.
“This confidentiality is protected by the Geneva Conventions,” Rodenhäuser added. “Thus, conducting espionage against such data would be very difficult to reconcile” with this legal obligation.
The cyberattack “did not have a substantial impact” on the work of the Red Cross program in Ukraine, Red Cross spokesman Jason Straziuso told CNN. But it “could have impacted our ability to reconnect families separated … around the Ukraine crisis” had the Red Cross not made “immediate repairs” to its IT systems, he said in an email.
There is no evidence that the hack was related to the ensuing war in Ukraine. But that characterizes the brazenness of computer intrusions targeting aid groups.
“Humanitarian organizations should be respected and protected online because they are offline,” Rodenhäuser said.