16:02, 17 мая 2017, Bishkek - 24.kg news agency , Anara MAMYTOVA
At the end of last week, on the morning of May 12, the virtual world shuddered: virus-extortionist WanaCrypt0r 2.0 (aka WCry) attacked computers in many countries of the world.
The first to hit were hospitals in and the largest companies in the field of telecommunications and gas supply in . As the media reported, more than 300,000 attacks were recorded in 150 countries. Developers of antivirus software have already recognized the happenings a massive hacker attack.
According to experts, this is a typical extortion virus that gets to computers through email services with spam. When the letter is opened, the program that encrypts all files on the hard disk is activated, and the offer to send a certain amount in bitcoins to a certain account appears on the desktop. By the way, the malicious program was known as back as in February, but this is its most powerful strain.
It is interesting that the aim of the attackers was to a greater extent the whole organizations, and the main blow was reportedly taken by the state bodies of (the computers of the Russian Ministry of Internal Affairs, the mobile operator Megafon were also infected), and . Having analyzed the situation with cyber attacks in the , experts came to the conclusion that not everything is so simple: exactly the computers of the security agencies and strategic departments were attacked, while considerable funds are being spent on their protection and improvement. A common extortion virus would not be able to penetrate into the system.
The All-Russian base of the Federal Registration Information System was also attacked on the same day, which remained unnoticed for 40–45 minutes.
It is possible that the attackers got access not only to the registration data of citizens and vehicles, but also to the bailiffs' base that was uploaded to it. Russian law enforcers told the media how the attackers could use the downloaded vehicle data. Firstly, these are machines — duplicates, and secondly, it will be more convenient for car thieves to look for cars ordered to them.
And now let’s assume that this virus is just a test ball for checking the efficiency of local IT professionals and how securely protected government systems are. Does this version have the right to exist? Why not?
Moreover, the interactive map of virus infection showed: 's workstations were not an exception. According to the latest information, the computer of Tridas LLC, owned by the wife of the deputy of Parliament Akylbek Japarov, was also attacked. The company confirmed the information.
The country’s main elections will take place in in autumn: citizens will elect the next president. At a recent presentation of the Information and Electoral System (IES), CEC head Nurzhan Shayldabekova said that the new electoral system had managed to nullify the possible election fraud. She particularly noted the work of the electoral system — the introduction of biometric data registration and the automated control system.
The system exists in non-contact automatic mode. The server serves to obtain information from 2,500 polling stations, it does not form the results of elections.
Nurzhan Shayldabekova
The CEC Chairwoman also admitted that during the inter-election period, CEC servers were attacked by hackers, but the current level of protection allowed protecting them. The head of the commission suggested that there was a test hacking attempt before the election day. Nurzhan Shayldabekova with the resistance of a partisan was silent about whether she and members of the Central Electoral Commission had access to server equipment, but admitted that two employees had such a right.
In general, many mistakenly believe that the physical presence of a person in the server room is necessary to interfere with the operation of an intelligent system. So, to demonstrate the equipment, CEC issued an order to form a commission of representatives of the media. Loudly announcing the names of its members, the operators took them to the coveted premises, but strictly forbade taking mobile phones and cameras. Journalists were also shown a journal of visits to the place of information.
To change the operation of the system, and also to completely paralyze it, it is not necessary to enter this specially guarded room.
And all sorts of hacker attacks on government servers is a proof.
By the way, there is a recent example. The day before the presentation of the Central Election Commission, 24.kg news agency reported that the government portal of electronic appeals of citizens kattar.kg was hacked, and the database of the site was deleted. Could you imagine, the applications of citizens from the government portal were deleted!
The press service of the government added that «the staff of the department of letters and reception of citizens, as well as specialists of the Office of the President and Government of the failed to eliminate the problems." What kind of IT specialists are working in strategic departments? Don’t you forget spectacular hacking of the website of the State Committee for National Security?
By the way, domestic websites are mostly attacked by hackers from , Middle East countries, , and only the special services or the same hackers are able to detect their exact location. Cyber geniuses not only hacked the website of Kyrgyz special services — they mocked it by posting an image of an armed man and the flag of the Kurdistan Workers' Party.
The websites of the Ministry of Internal Affairs, the National Olympic Committee, the government media Kyrgyz Tuusu and Slovo Kyrgyzstana, the human rights movement Bir Duyno-Kyrgyzstan, Atatürk-Alatoo International University, car dealers, consulting companies, online shops and other organizations failed to withstand the hacker attacks.
According to Vladislav Tkachev, director of IT audit at the international company Baker Tilly Bishkek, before talking about providing government agencies with an appropriate level of information security, it is necessary to clarify exactly what requirements this level corresponds to.
«Unfortunately, the legal field of the has no significant legislative requirements that could be demanded from the state bodies and their information systems, which process or store critical information," the expert told 24.kg news agency.
Neither the Administrative Code nor the Criminal Code of the Kyrgyz Republic stipulates responsibility for improper information security (IS), or inappropriate storage of data that led to their loss, inaccessibility or disclosure.
Vladislav Tkachev
In his opinion, this is one of the reasons why the level of information security in the country is extremely low, and due attention is not paid to its increase.
On the other hand, there is international experience in risk assessment, management of information security processes and data protection, within which all the necessary standards, recommendations, best practices and requirements have already been developed. Moreover, all these decisions are regularly reviewed, supplemented and improved depending on the changing landscape of cyber threats in the world.
«Commercial companies, without waiting for the adoption of laws and regulations in this area, have been using this experience for a long time, introducing advanced processes and requirements for protection of their data. And, as statistics show, the commercial sector had made the right choice. Speaking about the security of state bodies and their systems, it is necessary to understand what requirements they meet. And proceeding from this, we must draw a conclusion on the level of security of our data," Vladislav Tkachev added.
The state body must pass voluntary certification for compliance with the requirements of an international standard (for example, ISO / IEC 27001: 2013) or obtain an independent auditor’s opinion on compliance with such requirements.
According to Tkachev, information security is not the result, it’s a process, and it is not enough to buy expensive data protection equipment, install an antivirus and, at best, develop several documents on information security. But exactly this happens: the money is being spent, the management notes that the item of «Improvement of IS» plan has been fulfilled, and everything stops there.
Vladislav Tkachev believes that, first of all, it is necessary to create conditions under which the work of all production processes without exception becomes subordinate to the goals of providing information security. Also, one should ensure constant monitoring of processes and their correct work. And, finally, one should constantly assess and re-evaluate the risks, take measures to reduce them to an acceptable level.
«For example, an expensive solution to prevent data leaks will be absolutely useless if for 2,000–3,000 soms you can bribe an operator and get all the necessary information without hacking of the system. Or another example: the penetration of viruses in the network of state bodies becomes possible when officials and civil servants manually activate attached files in e-mails with questionable or suspicious content," Vladislav Tkachev said.
«According to our estimates, hacking of websites occurred for a trivial reason — because of the use of vulnerable software," the expert said. «If there was a process in the departments for the regular and timely updating of the software, then this could be avoided.»
«By the way, the sensational attack of the extortion virus was successful due to the fact that users neglected recommendations and did not update their operating systems on time," the expert added.
As experience shows, the vector of attacks has shifted. And if before hackers attacked exclusively information systems, now the most effective method of penetration is the application of social engineering methods aimed at «hacking» a person. And such attacks can not be prevented by hardware or software.
Kyrgyzstan is saved not because «our system is reliably protected», but because of the fact that «we» are uninteresting to the hackers, not interesting so far.
Newcomers are simply exercising by hacking Kyrgyz websites. And this is eloquently demonstrated by the fact that from January 1 to May 15, 776 websites belonging to various commercial companies, individuals and state agencies have been hacked in .
According to the information of the IT audit department of the international company Baker Tilly Bishkek, on average, 20 websites are successfully hacked every five days in the country, every tenth is hacked repeatedly.
So, before the upcoming presidential election, the specialists of the agencies involved in this event need to secure the information system as much as possible not to have a pale appearance.
It could happen that some wise guy will decide to practice on the electoral system of . In addition to the imperfections of the laws and regulations in this sphere, the issue of personnel is also acute.
One part of the specialists works for a private person and will never agree on the minor sum the state agency can offer them. Other bright minds left the country and are unlikely to return. By the way, does the State Committee for National Security have a list of the people capable of working in cyberspace professionally? If not, there is no point in talking about it at all.