back to article SBU claims Russia was behind NotPetya

Ukraine's security service (SBU), which last week called on international help to trace the “NotPetya” outbreak, has upped the ante, accusing Russia of being the source of the malware. On Saturday, the SBU went public with the claim, saying the outbreak came from the same sources that launched last December's attack on the …

  1. J.Smith

    LIC

    Low Intensity Conflict, it's the order of the day. It's just that some are better at it than others.

    1. An nonymous Cowerd
  2. Anonymous Coward
    Anonymous Coward

    This may be a silly question but how does these viruses and the whatnot know it's the Ukraine and not Crimea? Did they get new IP addresses after the Russians took it?

    1. Anonymous Coward
  3. Lion

    Most Wanted

    Does the Ukraine have enemies other than Russia - have they managed to piss off Poland, Slovakia, Hungary, Romania, Moldova or Belarus that we have not heard anything about?

    Though there may never be indisputable evidence that Russia (FSB) orchestrated the cyber attack(s), it has to be at the top of the list of suspects. The SBU can point the finger, make accusations and Russia denies it all. The actual coders are faceless, so there is no-one to take into custody and throw into prison.

    Crimes have been committed. Since cyber war is a hostile act that can cripple a nation, we may eventually be looking at these crimes as 'war crimes'. Under that designation, the leaders are held to account.

    1. Anonymous Coward
      Anonymous Coward

      Re: Most Wanted

      Poland, Slovakia, Hungary, Romania, Moldova or Belarus

      They have not. However, if anything happens in Ukraine, Russia is automatically and immediately blamed by association. So everyone who is interested in maintaining a low-intensity conflict with Russia is participating in that too. There are business interests in the trillions at stake in maintaining a forever war readiness in USA and NATO. There are personal interests too - if your department was tasked at some point by Ronny The RayGun to perform subversive activities against USSR, nobody ever relieved it off said task. It only grew over time, nicely feeding the kiddies college funds and the analysts' retirement pots.

      So every time it's hit Ukraine should look not just East, but West. Or maybe not. Bait has no say when it is put on the hook.

      1. Dan 55 Silver badge
        Facepalm

        Re: Most Wanted

        It spreads using a bug in a Ukrainian business accountancy software package, who else is it going to be? Some elaborate western false flag which is a cunning plan that is so cunning, it targets the Ukraine, collapses their economy, and lets Russia walk in so the west has them exactly where it wants them?

        Occam's razor and that.

    2. Anonymous Coward
      Anonymous Coward

      Re: Most Wanted

      Apart from Ruissia who has the resources to kick this off and benefit, especially so close to Ukranine's national day it's hard to put anyone else in the frame with becoming a conspiracy theorist.

      The Ukraine should use this to get their inadequate tech security sorted out, even if the power attack didn't spur them on the UK NHS incident should have done.

      If I were Russia, I'd be investigating the companies that got hit to see what they are doing for the Ukraine and how I could disrupt that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Most Wanted

        Apart from Ruissia who has the resources to kick this off and benefit, especially so close to Ukranine's national day it's hard to put anyone else in the frame with becoming a conspiracy theorist.

        Every 3 letter agency in half of the NATO countries presently tasked with damaging Russia as the enemy. An ungodly number of private mercenaries tasked with the same task in order to ensure that the next gigantic slice of pork scheduled to be voted for by the congress is voted for. Anyone who benefits from the current sanctions regime economically. And so on.

        This is the funny part about information warfare - it is cheap and there are lots of soldiers of fortune to be hired.

        That is something Qatar is now learning the hard way. It should have thought 10 times before sponsoring Chechen "freedom fighters" even after everyone else washed their hand of them as well as trying to provide "energy security alternative" to Gasprom. Carefully executed at just the right time, properly planned and surgical.

        Most of the Ukrainian ones - not so sure. Probably half of them are false flags to maintain the conflict in a simmer state. Some of them are also other countries (helly crazy Kim) testing information warfare munitions and strategies safe in the knowledge that they will be attributed to the Russians.

    3. Gordon Pryra

      Re: Most Wanted

      "Under that designation, the leaders are held to account."

      Considering that prior to this Russia just walked over the border and took over, I doubt a little hacking is going to make the UN and through them, the Hague stand up and hold anyone to account for anything .....

      1. Anonymous Coward
        Anonymous Coward

        Just "No"

        "Russia just walked over the border and took over..."

        I'm not having that. It's a grotesque distortion of the truth, amounting in effect to a deliberate lie. Every time such things are said or written, many people who don't know the facts get a strong and incorrect impression. So they end up believing things that are wholly untrue. Sorry if the following is tedious, but the facts MUST be placed on record.

        1. There was a violent revolution in Kiev. Victoria Nuland is known to have admitted nominating Yatsenyuk as the new PM ("Yats is our man") and openly boasted about having spent $5 billion to bring about a colour revolution. The President fled for his life (perhaps remembering vivdly what happened to Saddam Hussein and Qadafi). A new government then took over which even its "President" Poroshenko has publicly admitted was illegitimate. It began persecuting Russians and Russian speakers.

        2. The inhabitants of Crimea - which had been part of Russia since 1781, before the USA existed - voted overwhelmingly to beg the Russian government to readmit them. The Russian government agreed to do so. (Incidentally, Crimea was never legally part of Ukraine - but that's a minor legal issue).

        3. When the Kiev junta sent armoured columns to Lugansk and Donetsk to force the citizens into obedience, the locals put up spirited resistance. Unarmed civilians stood in front of tanks - exactly as in Tian-an-men Square - and they soon armed themselves and fought off the Ukrainian armed forces.

        Russia has never invaded Ukraine. It has accepted the return of Crimea by the overwhelming popular will of its people. And it has provided a lot of military and humanitarian help to Donbas, where at least 10,000 civilians have been murdered by what is supposed to be their own government in Kiev.

        Finally, if Russia had "walked in and taken over" they would have defeated the Ukrainian armed forces in a week at most, and would be in control of Kiev today. Which they aren't - any fool can see that nobody is in control in Kiev.

        1. c0ldr3x

          Re: Just "No"

          Greetings to Russia Today victim.

          Russia was preparing to this conflict long time before it's started by infiltrating country with own agents and weakening security and military from inside.

          President was elected in first round and voted by majority of the population, it's a fact.

          Russia invaded Crimea before referendum and was controlling process from day 0 and there was no independent observers to confirm that this elections was legit.

          Presence of Russian forces in western region is proven and 32000 russian troops was sent home in body bags and it's a fact.

          1. Aitor 1

            Re: Just "No"

            Err, there is a difference between "the truth" and "a part of the truth"

            You are ommiting important parts, as the previous party being ousted in a paid for coup, it being made illegal, dirty ellections, repression, etc. Ukraine is not a democracy right now. Of course the previous administration were proxies too, but does not change my opinion.

            As for the invasion of Crimea, I agree with you. The Crimea vote was as clean as the general ukraine election. This is, not at all!

            As for 32.000 russian troops dead, no way, I dont know where your are geting your facts from, but just think about it... the numbers are so inflated as to seem to come from the onion or north korea... Russia coulkd not withstand that number of casualties. If they thought they could, they would have gone to full war in Ukraine and Syria, and probably elsewhere.

        2. Anonymous Coward
          Anonymous Coward

          Re: Just "No"

          "2. The inhabitants of Crimea - which had been part of Russia since 1781, before the USA existed - voted overwhelmingly to beg the Russian government to readmit them"

          I seem to recall that the referendum was widely condemned as rigged in Russia's favour at the time with many abstaining from voting and the Crimean Tartars basically being excluded from the process.

        3. Omar Smith
          Terminator

          Re: Just "No"

          @Archtech ..

          "I'm not having that. It's a grotesque distortion of the truth, amounting in effect to a deliberate lie .. any fool can see that nobody is in control in Kiev."

          Unfortunately, there are 14 such fools here ..

      2. Anonymous Coward
        Anonymous Coward

        Re: Most Wanted

        Considering that prior to this Russia just walked over the border and took over,

        Err, no it did not. If it did, Russian would have been the official language in Kiev.

        You are seriously underestimating the military difference between Ukriaine and Russia. If Russia wanted to walk over the border (as you are saying), Ukraine army would have been able to put up ~ 24h to 48h of resistance. At most.

        1. Russia took over back over the present Hrushov upon advice of his rabid nationalist wife presented himself for one of his birthdays. While some parts of the population of Crimea boycotted the referendum, the truth is that > 60% of the population there wanted reunification. It is a classic case of "we support seldetermination when it fits our needs". Kosovans can self-determine, Croatians can, Bosniaks can, Scottish can only when we are sure they will not win, Russian speakers are scum and not allowed to do so. That is the gist of it.

        2. The hunta which we sponsored to in an armed revolt to kick the legitimate (albeit corrupt to the bone) government in Kiev suspended and removed all minority rights for Russian speakers which were negotiated by the previous government. Thus it broke the treaty signed by the previous government by which Russia was going to finalize the giveaway of Crimea and leave it as Ukrainian. This is something which western media keeps omitting - Ukraine broke the Crimea treaty first. End of story from there onwards.

        3. Russia tacitly allowed Serbians and Monte Negrin to fight on the Donetsk side. So did Ukraine which allowed Croatians and Bosniaks. That conflict is just a replay of the clusterf*** of 20 years ago by the same players with the same external supporters.

        4. Russia supported Donetsk all right. It had troops there. So did we. I cannot be arsed now, but there was a very cute video on the Guardian showing "Ukrainian" missile trucks firing one of the most indiscriminate weapons of civilian slaughter (the Grad missile launcher) at their enemy and "Donetsk Firefighters" dealing with the aftermath. Wondering why the quotes? The "Ukrainian" missile launchers had foreign number plates. The lazy hohols could not be arsed to even swap them. The resolution of the video was insufficient to decipher from which NATO country, but it was definitely not Ukraine (their military number plate is white on black, these were black on white). Similarly, the "Donetsk Volunteer Firefighters" were wearing uniforms of MChS Russia (which is part of the Russian army) and using a spanking new MChS fire engine with Russian army number plates. So much for "us not intervening" and "no Russian troops in the war zone". Both lies of the same caliber.

        5. Russia absorbed a number of refugees comparable to the "refugee crisis" - 800K a result of the war and found work and accommodation for most of them. While being under sanctions. What did Ukraine do at the same time - vote more rabid anti-non-Ukrainian speaker legislation, declare the exterminators of the Jews in WW2 to be national heroes and transfer 20Bn+ of "aid" we gave them into the pockets of their oligarchs.

        I can continue ranting for a while, but let's put it this way - we sponsored the conflict as a part of our program to keep Russia as "the enemy" to justify more pork wastage. The Ukrainian on both side of the war line are just bait which we have stuck on a hook and have left to wriggle.

  4. Hstubbe
    Coat

    Just install Kaspersky anti-virus, right?

  5. Christian Berger

    Malware doesn't wear a uniform

    Attribution is impossible, unless the attacker was _really_ stupid. Every kind of "evidence" can be faked trivially, particularly by secret services.

    You can smuggle computers from nearly every country, you can disassemble, change and reassemble malware from other attackers to look like them. You can leave in strings in foreign languages. All of that is perfectly within the reach of secret services, or probably even a technologically adept scammer.

  6. Anonymous Coward
    Anonymous Coward

    "SBU claims Russia was behind NotPetya"

    Russia... or "Russians"?

    It makes a huge difference. Most of the harmful attacks on the whole Internet come from North America. But that doesn't necessarily mean Donald Trump wrote and launched the exploits himself.

    1. phuzz Silver badge
      Trollface

      Re: "SBU claims Russia was behind NotPetya"

      We have the best malware! The Best! Other countries will be tired of how much our malware wins.

      1. Dan 55 Silver badge

        Re: "SBU claims Russia was behind NotPetya"

        Yep. I know I'm tired of Windows.

  7. John Smith 19 Gold badge
    Unhappy

    Aren't TeleBots and BlackEnergy organized criminal groups?

    Although in a kleptocracy it's hard to tell where government ends and criminal gangs begin.

    As others have noted it's a cheap way for Russia to disrupt a regime Putin does not like, although the blowback would have been a bit annoying (nothing too serious though, given how well their corporations handled it).

    OTOH Attribution is always tricky. The code is a totally artificial structure. You can treat it as a crime scene but you should always beware that any "accidental" slips may have been staged to decoy forensic investigation. That may sound paranoid until a job goes wrong and you p**s off a lot of people, like WanaCrypt with the Chinese and Russian governments.Then it could be the difference between sleeping soundly at night or digging that bag of fake ID out and starting your retirement early

    1. Rich 11
      Coat

      Re: Aren't TeleBots and BlackEnergy organized criminal groups?

      I thought they were plot elements in the last two Avengers films.

  8. Destroy All Monsters Silver badge

    The SBU eh?

    That's the same SBU that apparently is now involved in an assassination tit-for-that with the self-proclaimed Republics of Donetsk and Lugansk, using car bombs

    Not exactly a bunch of do-gooders. Do we trust them?

    1. Aitor 1

      Re: The SBU eh?

      I would trust them as much as Hamas. So not at all.

  9. Anonymous South African Coward Silver badge

    So whoever was behind this attack will work harder at putting the usual red herrings into the package so as to divert attention to somebody else.

  10. Merrill

    Most likely state-sponsored?

    Nations have been concerned about ranswomware used by criminals and terrorists to collect funds from the victims. One way to counter this is to release ransomware that does not have the ability to decrypt the files after the ransom is paid. This makes victims unwilling to comply with demands in the future, and decreases the effectiveness of future ransomware attacks as an economic crime.

    This appears to be the case with non-Petya. Releasing it in the Ukraine for geopolitical effect is just gravy.

  11. Gordon Pryra

    Ignore all the Crimea crap on this thread

    Does anyone actually believe any of this finger pointing?

    It smells like the "Koreans Pwned the NHS" bullshit that came out the other day as a cover for basic IT mismanagement on a massive scale.

    Viruses have no flag, they follow any route of attack available. The only real occasion of targeted viruses that actually targeted the target ( :) ) was Stuxnet.

    And I am sure that was the Yanks and the Israelis.

    Considering the links between the two countries, its likely Russian business got hit by NotPetya just as hard.

  12. Omar Smith
    Big Brother

    Ukraine's security service said - did they?

    Please stop posting this neocon waffle on a technical website. Is this the same Ukraine that was the victim of a U.S. neocon inspired coup. The same people that were complicit in ousting the democratically elected President Viktor Yanukovych in 2014. All organized out of the U.S. embassy. The U.S military industrial complex is in dire need of an enemy and are desperately trying to provoke the Russians. They care little for the consequences of their actions on their so-called allies. As Assistant Secretary of State Nuland once put it "fuck the E.U".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like