Cyberwarfare meets Traditional Warfare as armed police raid Ukraine’s biggest accounting software firm

Aug 28, 2017
Vote on Hacker News

handcuffs on laptop cyber crime concept

Raiding Intellect Service

Software developers at Intellect Service, Ukraine’s biggest accounting software company (which serves 80% of Ukrainian businesses) had a hard day’s work. It took a dramatic turn as police arrived at the office in pursuit of those behind the Petya/NotPetya attack.
 
The police making a visit was not unexpected, but their method was. One second the employees were sitting at their desks and before they knew it, they were staring down the barrels of a number of weapons. The room was filled with what looked like a small army.
 
Helmet cam footage from the inside an unmarked van shows dozens of heavily armed officers wearing military-grade armour and urban camouflage pulling up outside the offices of the software giant, their faces all hidden by balaclavas. In seconds, they pour out of the van and into the building, shouting instructions to terrified staff. They surged into every room, making people freeze in place and telling them to remain still. Many of the workers raise their hands in the air to show that they are unarmed, hoping to avoid any potentially fatal miscommunication.
 
Though the video would make a fantastic cutscene if paired with the right rock music, it does look rather odd. Dozens of men with assault rifles and heavy Kevlar armour pouring into a building is something you expect to see during a high-level drug raid in Columbia or Mexico. Yet, in this video the officers find no cocaine or AK-47s but lay hands on the servers and hard drives.

White-collar gangs?

 
They don’t encounter hardened gang members but white-collar workers. Most have likely never stared down the barrel of a gun in their entire life, nor expected to do so. Seeing these elite police officers carrying out handfuls of hard drives and standing guard over a server room looks very odd indeed.
 
But it is the perfect symbol of this new world we find ourselves in. Cyberwarfare and cybercrime are no longer protected from the very real consequences of other organised, high-level crime.

The origins of the virus

 
In late June 2017, a computer virus spread throughout the country and affected the energy sector, the banks, the airport and the metro system. Initial thoughts were that it was a ransomware attack. In fact, the virus prefered to enter through companies’ backdoors. To infiltrate their software and rip through their corporate IT infrastructure.
 
It quickly came to light that M.E.Doc, Intellect Service’s flagship accounting software, was at the epicentre of the attack. To assist authorities in their investigation, Intellect Service allowed research into their servers and investigatation. It was soon found that an unknown person had installed malicious code into the company’s software updates. This meant that at least 2000 computers were hit within several minutes of each other.
 
Overwhelming evidence points to Intellect Service having no participation in the attack. All of its staff were totally unaware that they had been compromised. That said, their failure to adequately protect their software meant that they could be held legally liable for many of the damages. Reports indicate that the company had not updated their servers since February 2013.

Culprits on the run

 
The real culprits are still being hunted, but all signs point to Russian interference. There are a number of theories into why Russia would want to unleash such a weapon without a conceivable benefit. To many, this is an exercise in practising cyberwarfare on a large scale in a real-world environment. And it’s against an opponent that is not in a position to strike back. Russia has, of course, denied any and all involvement.
 
Only one thing can be said for certain: the police raids and general fallout is nowhere near over yet. More cyberattacks either in Europe or beyond will be seen before long. It is going to become commonplace for cyberwarfare to meet bombs and bullets in the very near future.
 
If anything, these raids have sent a very clear message to those within the Ukraine who may be engaged in cyberwarfare, cybercrime or cyberespionage. Gone are the days where this white collar crime had a white collar response.
 
A life in organised cybercrime is now more similar to a life in organised crime such as drugs or weapon trafficking. When the law comes for you it comes hard, fast, and heavily armed.