Russian hack of Ukrainian databases shows flaws in system, experts say

Ukraine suffered a major Russian cyber attack at the start of December, with Ukrainians finding themselves unable to file legal claims, register marriages or sell autos.

This is because of the recent digitalization of government registries. On December 19, Ukraine’s Justice Ministry announced that a Russian hack of critical government databases had taken them offline. The databases hold sensitive information such as property ownership, biometric data, and tax records.

Ukrainian officials said this week that digital IDs and government services through the Diia app will be restored soon.

“The information space is one of the key directions of the enemy’s attacks,” the country’s State Communications Service (Ukraine’s national cybersecurity agency) told the Kyiv Independent in a statement.

The publication cited experts who commented that Ukraine’s digitization push may have left “shortcuts” that left doors open to cyber attacks, while such attacks can erode public trust in government. This erosion of confidence in the Ukrainian government can feed into a “propaganda war” analysts said, making cyberspace another, if less publicized, front in Russia’s invasion of Ukraine.

The large-scale digitization of government services was shepherded by Digital Transformation Minister Mikhailo Fedorov under president Volodymyr Zelensky’s leadership, and has been popular with Ukranians since it bypassed low-level corruption by regional agencies.

But the technical centralization of the services into one office raises problems of its own. The Kyiv Independent quoted a cybersecurity specialist named Karla Wagner who called the country’s digital infrastructure “overly centralized.” She said, “Centralization and single points of failure are a well-known anti-pattern” and “highly vulnerable.”

Another professional hacker named Mykyta Knysh speculated that “Trembita” – a core data management system that provides the backend for government systems, specifically the Diia digital ID app – may have been the system targeted by Russian hackers. Knysh, who previously worked in cybersecurity for Ukraine’s security services, believes there is a need for a stronger digitized and federalized system of managing data.

Internationally, experts have called to attention the need for greater cybersecurity vigilance for critical infrastructure as State-sponsored cyber attacks are on the increase.

Article Topics

biometric data  |  biometrics  |  data privacy  |  digital government  |  digital ID  |  digital wallets  |  Diia  |  mobile app  |  Russia  |  Ukraine