Deputy Prime Minister - Minister of Digital Transformation Mykhailo Fedorov spoke in an interview with RBC about cyber war, friendly hackers, blocking the truth about Ukraine in social networks, circumventing sanctions through "crypto", help from Elon Musk and marriage through a smartphone.
"All night we defended cyberspace. Attacks on all basic information resources have occurred and are occurring non-stop. Now everything is stable. All teams are in place. Let's keep calm and don't panic!" Such was the first position of the Deputy Prime Minister Mykhailo Fedorov in the morning of February 24. While Russian missiles and tanks were attacking Ukrainian cities, enemy hackers were trying to bring down critical infrastructure, the energy and financial sectors, as well as government services.
After two months of the great war, the struggle on this front does not abate. While the Armed Forces repel the invaders "on the ground", the Ukrainian IT army not only protects our cyberspace, but also goes on the counter-offensive. Hundreds of cyber attacks, hacked databases, "proper" websites of government agencies and key enterprises - our IT specialists and cyber volunteers, as well as allies from around the world, continue their work every day.
At the same time, the Ministry of Statistics transmits information about enemy movements from people on the ground to the military, seeks total digital sanctions against the aggressor, fights for the right of Ukrainians to tell the truth about the war in social networks, negotiates new Starlink parties and launches new services in Diya, adjusted for the needs of wartime.
- Every morning we see a report from the General Staff on the state of affairs "on the ground". What is the situation at the beginning of the third month of the war on our cyber fronts?
- Constant attacks by various groups of hackers continue. According to the State Special Communications Service, 430 cyber attacks have already been recorded in these two months, compared to 207 last year. There are a lot of attacks, which may not even always be recorded, on businesses, online stores, and the media. But at the center of these attacks, of course, are government sites, the Diya product ecosystem, the energy sector, and the financial sector.
- At the beginning of the great war and even before it, it was said that our resources were thrown through China in large packets of traffic. Are we now seeing the help of China and their Russian Federation hackers in attacking us?
– These attacks can be hidden and misled as to their origin. We can see that their direction comes from different countries, but it is clear that behind them is the Russian Federation and its hacker groups, which simply use different technologies to hide the traffic.
- In the first weeks, in parallel with cyber attacks, there were a lot of information and psychological operations (IPSO). They talked, in particular, about marks for guiding missiles, they were found everywhere. Was it confirmed that they were being fired upon, or was it panic-mongering?
— Of course, panic was also the goal, but certain technologies were used for targeting. Many communities, various bots were also created in order to transmit information about the movement of our equipment and the location of various infrastructure objects.
There were many similar platforms where Russian agents communicated with those who did something for them for money. But most of them were blocked very quickly. Today we already see that this tool is no longer effective for them, especially since the Security Service of Ukraine is actively working in this direction.
Conversely, our "Enemy" tool, through authorization in "Diya", is now actively used to record the movement of Russian equipment. This is in addition to all other modern tools: from satellite images to reconnaissance. Every day we receive from one thousand to two thousand messages about the location and movement of equipment. It is also an effective tool.
"Evorig" was actively used during the first wave of the offensive, including when the occupiers marched on Kyiv in columns. Currently, the nature of hostilities has changed, and is this tool still effective?
- Today, several regions are under temporary occupation, but there is a constant struggle. It is very important to understand where the enemy is and what he is doing there. Of course, our services are currently working as mobilized and efficient as possible, but when people record in real time, and we are talking about thousands of people, then a comprehensive vision of where the occupiers are and where they are moving appears. And then something constantly happens with them, something good for us (smiles, editor)
This struggle continues, which is why this tool is important today. And in the Donetsk, Luhansk, Zaporizhia, and Kherson regions. People have even learned to distinguish between types of technology, have learned to describe very clearly what is happening, to transmit geolocation, photos and videos. Of course, you have to be very careful, but these orcs are so retarded that they don't even realize that they are constantly under cameras, and everyone knows where they are and what they are doing.
- Regarding IPSO, I still wanted to clarify. A lot of profiles of the same type appear again in social networks, spreading messages about "betrayal" and so on. Is it possible to somehow limit hostile narratives?
— They, of course, use various technologies related to bots, but very quickly all their networks are blocked, including by the Meta corporation, when it comes to Facebook and Instagram. There are no results of these groups, which are engaged in information attacks for the money of the FSB. So, probably, they are simply making money in order to move from Russia to somewhere far away as soon as possible.
We analyze these processes, but we do not see the effectiveness of using such technologies. Especially since our people have already learned to distinguish bots from live accounts.
- On the one hand, you say that Meta reacts quickly to bot networks, and on the other hand, we see a large number of complaints from Ukrainian users and bloggers that their pages are blocked for messages about war. It reaches absurdity, for example, Facebook hides a photo of a broken egg in the colors of the Russian flag.
- I talked to Meta's top management about this issue, asked them to adapt the corporation's policy in social networks regarding Ukraine. So that their analysts and experts analyzed the types of content and its formats that Ukrainians now use to convey the truth, and accounts were not blocked.
I explained to them: if people die in our country, rockets are fired at houses and we publish it, then this is content that should be spread. Because this horror is happening on our streets. Why is this content blocked if so?
I asked for a "green corridor" so that we can quickly apply to unblock our thought leaders and the accounts of citizens who are talking about what's going on here. If Russia spreads fakes, we just tell the truth. I think that such a solution will be. We are constantly in communication 24/7 and gradually these issues are resolved, there are fewer blockades and strikes and they can be removed quickly.
- Maybe it would be easier if the same Meta opened its office here?
- Believe me, I start and end every conversation with them on this very question. I'm sure it will happen soon.
- At the same time, in the first weeks of the great war, there was a wave of rocket attacks on TV towers. Did you understand why the occupiers inflicted them and why they stopped so suddenly?
- They still do not understand how the modern democratic world works, how information spreads, how free normal people think and make decisions.
They themselves believe in the content generated by the propaganda machine inside the Russian Federation. They have a large reach near the central television and all independent media are blocked, in particular on the Internet. That is, there is a total digital and communication dictatorship.
They understand how it works from a signal perspective. But we are a democratic country, and this signal is not so centralized. Our people are maximally synchronized, they understand who the enemy is and what is happening. Therefore, true content appears and spreads very quickly.
The occupiers simply do not understand how the modern communications industry works today. You see what kind of fakes they generate. Here are all these stories about biolabs, drug addicts and neo-Nazis. This is simply madness.
- I remember, even in the first weeks, there was a warning that a "deepfake" was being prepared (forgery of a video using artificial intelligence, - ed.) with President Zelenskyi, who was supposed to announce the surrender.
There was one such "deepfake" walking around somewhere, but it is of the same quality as all the work of cyber groups of the Russian Federation. Maybe it would work for their internal consumer there, but not for our people. Therefore, "deepfake" technologies are actively used, but not on our territory, but on them.
- As on the military front, apparently, after the failure of the blitzkrieg, the enemy is now using different tactics in cyberwar. Which?
- They are now focusing more on the energy sector and critical infrastructure. But all our struggle is aimed at defense in these sectors and counterattacks. They are currently in a difficult situation. If we defended ourselves two years ago, now we are counterattacking and the entire cyber community is focused on finding vulnerabilities, using various vectors of attacks on the infrastructure of the Russian Federation. Now was definitely not the time when they could just sit back and attack in one direction.
— What is our IT army today, who does it consist of, and what are its main goals now?
- There are three key elements of it. These are IT companies that have an understanding of what to do, although previously they were focused only on protecting their infrastructure and that of their customers. Then there is the cyber community and cyber volunteers, defined by our cyber groups. And individual IT specialists or people who have just entered this field quickly figured out, for example, the technologies of DDoS attacks or other attack vectors, they also actively help.
There are public targets that can be seen in the IT army community. It is not just that these sites and these areas appear there on certain days, it is connected with other certain actions. There is also a non-public purpose, most of them, but we cannot talk about it now. Although you could see the defaces (change of content, - ed.) of the Gazprom and Sukhii sites. These are complex attacks that aim not only to gain access to a site or database, but also to spread the truth about what is happening.
- How a victory should look in military terms, on the battlefield, is clear. And how do you see the victory of Ukraine in the cyber war?
- In fact, victories in this direction are already noticeable. More than 80 databases that are critical for the Russian Federation were hacked, they are databases of citizens, businesses, and quite sensitive data. The digital blockade made, for example, such that today VKontakte cannot even buy servers. Their cyber security area has been hit hard by the sanctions. But the main victory will be when their troops leave our territory.
- The hacker group Anonymous became an unequivocal ally of Ukraine in this struggle. Do they coordinate their operations with you?
- Many hacker groups around the world are involved today in order to help Ukraine. Often these are non-public organizations, they hide their real identity and rarely want to communicate with anyone. But I will say that there is more or less synchronized activity with all key groups.
- Cryptocurrencies have become one of the ways around sanctions for Russian political and business elites. For example, they used the largest crypto exchange Binance to the last. Is it possible to cover these loopholes through "crypt"?
- We see various schemes, how they bypass sanctions, through "crypto" or other financial instruments. Therefore, we are trying to find the root of this problem, which organizations are involved in such schemes, and we are working on it. We don't talk about it publicly, so as not to advertise for those who have no idea that it is possible to do this.
Total digital sanctions from all platforms, exchanges and key projects are needed, only then there will be no way to bypass them. But it still works, we see that hundreds of thousands of people are leaving the territory of the Russian Federation, a lot from the IT community, bloggers, people from the cryptosphere. They see that there is no opportunity to work there and there is no point in staying there. Certain ways of circumventing sanctions will still remain, but they are risky. System work allows you to remove key players from the battlefield and significantly complicate the process of withdrawing funds. We have a whole department dedicated to communicating with such crypto companies and doing everything to get them to leave Russia.
- What is our current Starlink network coverage in Ukraine? How many terminals and do we pay for these services, since you recently said that Starlink can now be used by ordinary citizens?
- We have more than 10 terminals throughout Ukraine. Today, they all work free of charge for the teams and facilities where they are hosted. There is a certain time while they can still be used for free, we will decide further. The principle of operation of Starlink is very similar to a powerful router, the territory of the signal distribution depends on the openness of the premises and areas. It is often used in field conditions, where it will work normally for several hundred meters.
- Are they enough for us or do we need more?
- To date, we have met the needs of critical infrastructure and in the medical field. After the deoccupation of Kyiv and Chernihiv regions, new needs appeared due to problems with fixed Internet and mobile towers. Today, many ISPs are asking Starlink to get their entire network up and running. Many small settlements and villages use it to have some sort of connection.
So while the hostilities are going on, we need more terminals. I think we are talking about thousands in addition to what is already there. Communication today is very important for the normal operation of government bodies and critical infrastructure.
- What other developments of Elon Musk do we need now for successful warfare? Maybe there are already some negotiations going on that you can talk about?
- We are in touch, we talk about it, there are certain developments and ideas, but nothing that can be publicly discussed today.
"Diya" is returning old services that were temporarily unavailable due to security issues, the "Enemy" function appeared during the war, submitting an application for housing restoration, and others. Maybe you are planning some new services in the near future?
- We are currently developing and improving services for internally displaced persons (IDPs): obtaining status and payments. We are planning some new social services and fintech products. Our goal remains the same – to digitize all the services that are available in our state, to make them available on the Internet.
Let's prioritize them to understand what we will launch first. For now, we are working on what is already clear to everyone. For example, now we want to transfer "eMalyatko" to the mobile application "Diya", so that a person, when a child is born, can register it from his own smartphone. We would like to make the complex of services for FOP also available on a smartphone, and not only on the portal.
- When will it be possible to get married through a smartphone?
- So far, we have made it possible to submit documents online on the portal. But I think that we will change the philosophy of this service so that you can not only submit documents, but also register a marriage on a smartphone.
- Let's make another clarification for our elderly readers. For example, in Chernihiv, I met a grandmother and grandfather who heard that it is possible to apply for the restoration of a destroyed home through Diya, but they have push-button phones. How to get these services?
- You can submit an application through Tsnap, it's not a problem. Or on the "Action" portal. The philosophy of the digital state is that all citizens have equal access to services. When we launch something online, we do everything we can to make it work offline. This works for most services and certainly for important and sensitive ones such as damaged property information.
Source RBC Ukraine
