22 March 2019

Dmytro Hanzhelo about hackers, gadget protection and cybersecurity in Ukraine

IT professionals in public services need to improve their qualifications.

Technologies have filled the entire human space. It evolved to such extent that both the baby and grandparents use at least one gadget. Technology makes life easier in many ways. However, they often cause large-scale conflicts and even cyberwars. The notion of hacking has appeared in the middle of the last century and since then is negatively perceived. “Ukrainian interest” talked to Dmytro Hanzhelo, Chief Executive Officer of Innovations Development Lab and cybersecurity expert in order to dispel the myths around IT specialists, tell you what’s wrong with cybersecurity in Ukraine and how to protect personal gadgets.

You have been working in white hacking for so many years. Tell us about your activities.

I started using a computer in 1992 and since then we are inseparable. Well, it all started out with children’s toys. Then I was curious to know how it was arranged inside. At the same time, I was engaged in radio amateurism, then services and server administration. I deeply explored operating systems and software development too. One thing led to another and now I’m here. White hacking is kind of storybook. It sounds more like a marketing hook invented by mass media. In general, cybersecurity and software development experts are neither white nor black. Actually, the hacker is not a cracker, but a high level professional in the work of information systems.

American journalists said that they shut down the Russian troll factory before the US midterms. If they can close it for a while, why can not they do it at all?

I did not track the history of the “factory trolls”, so I can not say for sure. But as for the security systems, if one person made something, another one can always break it. It is impossible to make impenetrable protection. Such security systems are created to make its breach more expensive than the protected information itself. This is the main task of any specialist: if getting information is gainless, then nobody will do it.

And what about the Russian law about the sovereign Internet? They are worried because most of the servers are concentrated in the United States, and Americans can easily unlock the Internet and control it.

It is impossible to unlock the Internet. All of its systems are autonomous. There are IP address pools: every device that is connected to the Internet has an IP address – a unique identifier. Accordingly, there are groups of these addresses, subnets and autonomous systems that contain groups of these networks. Each Internet service provider has one or more such systems. They have their own ones, or they rent out them from a higher provider. Routing protocols are built in the way that they declare the presence of these networks through which gateways or routers they can access.

The Internet is entirely self-organized. If you exclude a provider from the system, the routing will be instantly rebuilt and packets will go through other channels. There is always one backup channel. Perhaps, the Internet will slow down.

Russia is talking about a DNS (Domain Name System) system. When you type, for example, Facebook.com, your browser returns to the local DNS server to give it an IP address. There are 13 root DNS servers in the world that are controlled by ICANN, which contains all major domain areas. Each country has servers that contain its zone. However, the main ones are located on all continents and contain information about all other servers. It is ICANN that can exclude the .ru domain. After this, it will take 72 hours to update the data on all servers. And when you type in any .ru address, you just will not find it.

Is it necessary to monitor the Internet at the state level especially in the conditions of information warfare?

Actually, it is a very ambiguous situation. As for Ukraine, I will agree with Alexey Arestovich who said that the psychological age of Ukrainians before the Ukrainian Revolution was equal to the age of eight, and nowadays it is 11 years. An average Ukrainian is a child who needs to be looked after. Because most people just do not understand how others can influence their opinion. I agree that when we are fighting Russia, we need to control the flow of information. “1C”, “Kaspersky” and similar stories are Federal Security Service (FSB) tools. And “Vkontakte” is its largest database. For example, Yandex: they have a lot of owners, investors, but there is a golden share that has the right to veto any decision of the board and it belongs to Sberbank which in its turn is controlled by the FSB.  Here you can see a logical chain.

Let’s return to the presidential election in Ukraine. Almost immediately the Security Service of Ukraine began to keep track of numerous cyber attacks. How can elections be protected at all?

The Security Service of Ukraine does not name real numbers. Everything can be hacked, it’s just not tracked. The qualifications of people who are involved with IT in government bodies do not always meet the required level. Most cases of penetration occur due to negligence or simply because of unawareness. They are not able to predict these attacks. ln fact, before mail.ru was shut down in Ukraine, many emails of government officials were registered there. The only option for securing Ukrainian systems is the education of IT specialists.

To provide security, you do not have to do complicated actions or dance with a tambourine; it will be enough to create strong passwords with special characters, lowercase, and uppercase letters and numbers.

One of the best options for us is to take any phrase in Ukrainian and type it with English letters. However, it is still better to use combinations that do not mean anything.

Recalling Petya A. virus. Is Ukraine prepared for similar attacks and can they be prevented at all?

Ukraine is absolutely not ready for a large-scale hacking attack. In practice, the clients we work with are trying to draw conclusions, but there are no conclusions. If something similar happens, the script will be repeated. Maybe on a smaller scale, because there is an awareness that it might happen. The reaction will be faster, but the scale remains the same. The reason is the simple lack of backup, good antivirus, and monitoring.

The average business has no money for good specialists while the small one doesn’t need it as they mainly work with cloud services. Big business is another story. Here is an interesting expression: “Penny wise, pound foolish”. Businessmen stay away from IT and do not understand the necessity and seriousness of the situation.

In Europe, there was a case when a company had a malfunction and they lost their database together with backups. Everything was left only on paper. Papers occupied the whole basement of the office. Everything had to be made manually, it was easier for the company to go bankrupt. Lack of funding is the main problem. The state is in the same situation, but it has much less money.

The important strategic objects have their own security system – they are not connected to the external system. They are not fools. Unless some worker decides to insert the same flash drive first into the public network, and then into the internal one.

What country succeeds most in fighting cybercriminals?

The USA. They have a larger budget for this, more opportunities and experience. Edward Snowden is a great example. The American NSA system, when they can get anywhere, most of the leading IT companies are based in the United States.

Why are Ukrainian people extremely insensitive to the security of their own gadgets?

Not just Ukrainians. A few years ago, an experiment was conducted in the United States: people were stopped on the street and asked whether they were using the Internet. The answers were “no” because they use browsers and social networks. People do not think about it too much, they assume that they have nothing to hide. After all, if you don’t do anything illegal, then no worries. They do not understand that their likes in social networks create a psychological portrait and a picture of the consumer. They get information that can provoke certain actions. And they do not even realize it.

The same facts are presented from different angles. Information is based on your psychotype. Such manipulations are often encountered, but for the people it is absolutely clear. Thanks to such instruments, the elections took place in France, the United States, and now in Ukraine. These technologies are currently working to the fullest.

It is necessary to look critically on any facts, check them on various sources.

How to protect your personal data?

It’s easy: make up steady passwords, then do not write them on stickers and do not stick them to your monitors. Also, do not disclose personal information, filter everything you are offered online. If somebody wants to hack you, he’ll do it, the point is whether it interests someone.

There are automated systems that collect information. But two-factor authorization can protect you. When you try to log in, you will get a message or a call. However, if there is spyware on your gadget, then the two-phase authorization won’t save you. One shouldn’t open unfamiliar files, emails, or download anything from unfamiliar sites. Instead, use antivirus software if you have Windows or Android. If you have MacOS, iOS, you need to be very careful, but Apple’s hardware is much harder and more expensive to crack. If you have Linux, you can be threatened by viruses caught only by browsers.

Which of the operating systems can be considered the most secure?

They all have some disadvantages. The safest system is the one that has installed updates. The “holes” in Windows as an operating system is a myth. The problem of this system is that it is the most popular one among users. The bugs can be found in it in the most cases. Linux and MacOS also have a lot of bugs. They are just found less often because of lower priority. In Linux, it’s all immediately written by developers, that is, the source code is open and finding errors is easier – they are detected before the system reaches the users. Windows belongs to Microsoft and there is no way to access the codes, so the probability of errors is much higher.

In phone operating systems the situation is similar. The exception is iOS that has a well-built internal architecture. Maybe Darknet has a way to get access to iOS gadgets, but they are tens of times more expensive than access to Android. The main problem of this operating system is a wide range of manufacturers, each of which makes its changes. It is like vinaigrette: in two phones from one manufacturer of the same series vulnerabilities can be different.

There is a claim that the more complex sites a hacker cracks, the better reputation and higher earnings he will have. What do you think about this?

In fact, working methods and qualifications are the same for both dark and light hackers. This is a very conditional division. Before any penetration test, we first sign a contract: we do the same thing as crackers, but by the consent of the parties. We find weak points and report them. Black hackers break the websites not to earn, but to excite a feeling of his own importance.

One also needs to distinguish the directions. There is such a notion as carding when stealing credit cards and forging them is a fraud and a criminal offense. There is a direction for obtaining information for money, something like detective agencies.

However, this is more of a gray area. There are several perceptions of such activity. At first sight this is also illegal but in our country there is no law about detective agencies. It’s as if someone would follow you with a camera and record your actions, but only online.

One more direction is to get information for profit. There are also social stories when information is stolen and disclosed to inform the public. This includes journalistic investigations, which reveal the activities of politicians or public figures. Here you can also interpret differently: on the one hand, it is illegal, on the other hand – people must know.

Have you personally encountered cybercriminals?

There was a case of sabotage by the dismissed employee when we simply forgot to deny his access to one of the servers. He deleted the customer data, but we quickly recovered everything from the backups. Because of this, the former employee was left without any help, so he began to write unpleasant things about me and the company as a whole in social networks.

Many people find that covering a webcam on a PC is the best way to escape spyware. Is this a myth or truth?

About webcam covering. Yes, there are such software products as RATs. The virus enters the operating system and can turn the video recorder on without your permission and without activating the light sensor. That’s why this point is completely justified. Technically it’s possible in case of catching a virus or if you are interesting for somebody. As a rule, they do not look at the webcam recordings, but look at the screenshots and keyboard logs: they track how to dial a password and intercept access.

As for wiretapping of telephone. Since 2006, they adopted a standard remote switching on the gadget headset. Even if the phone is off and just lies on the table.  It can be remotely recorded through the operator. In this case, the gadget will not even let you know about it. If there are any confidential conversations, it’s better to leave it in another room or remove the battery. At the same time, it does not depend on the manufacturer of the device. This is mainly used by intelligence agencies to expose or prevent terrorist acts.


Text of the interview and photos are provided by the source “Ukrainian interest”.