Amazon faces investor pressure over facial recognition

Advertisements

Amazon is holding a high stakes shareholder vote on whether or not to limit some of its cutting edge technology, Shareholders hold back their own company because of users’ privacy when they’re offline//Natasha Singer, The New York Times

An image on the Amazon website shows how its Rekognition software works with Chief Executive Jeff Bezos. Facial recognition software is coming… (Amazon via The New York Times) More

Facial recognition software is coming under increasing scrutiny from civil liberties groups and lawmakers. Now Amazon, one of the most visible purveyors of the technology, is facing pressure from another corner as well: its own shareholders.

As part of Amazon’s annual meeting in Seattle today, investors vote on whether the tech giant’s aggressive push to spread the surveillance software threatens civil rights — and, as a consequence, the company’s reputation and profits.

Shareholders have introduced two proposals on facial recognition for a vote. One asks the company to prohibit sales of its facial recognition system, called Amazon Rekognition, to government agencies, unless its board concludes that the technology does not facilitate human rights violations. The other asks the company to commission an independent report examining the extent to which Rekognition may threaten civil, human and privacy rights, and the company’s finances.

“This piece of equipment that Amazon has fostered and developed and is really propagating at this point doesn’t seem to us to be in the best interest of the common good,” said Sister Pat Mahoney, a member of the Sisters of St. Joseph, a religious community in Brentwood, New York, that is an Amazon investor and introduced the proposed sales ban. “Facial recognition all over the place just makes everyone live in a police state.”

The proposals are nonbinding, meaning they do not require the company to take action, even if they receive a majority vote.

Amazon fought to prevent the votes on facial surveillance. In a letter to the Securities and Exchange Commission in January, the company said that it was not aware of any reported misuse of Rekognition by law enforcement customers. It also argued that the technology did not present a financial risk because it was just one of the more than 165 services Amazon offered.

The agency disagreed, ultimately requiring Amazon to allow the facial surveillance resolutions to proceed.

In a statement, Amazon said it offered clear guidelines on using Rekognition for public safety — including a recommendation that law enforcement agencies have humans review any possible facial matches suggested by its system. The company added that its customers had used Rekognition for beneficial purposes, including identifying more than 3,000 victims of human trafficking.

52.6277565-1.1389156
Advertisements

Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show

Advertisements
Mark Zuckerberg leveraged Facebook user data, leaked documents show

For example, Facebook gave Amazon extended access to user data because it was spending money on Facebook advertising and partnering with the social network on the launch of its Fire smartphone. In another case, Facebook discussed cutting off access to user data for a messaging app that had grown too popular and was viewed as a competitor, according to the documents.

Facebook’s leaders seriously discussed selling access to user data — and privacy was an afterthought.

All the while, Facebook was formulating a strategy to publicly frame these moves as a way of protecting user privacy.

Private communication between users is “increasingly important,” Zuckerberg said in a 2014 New York Times interview. “Anything we can do that makes people feel more comfortable is really good.”

But the documents show that behind the scenes, in contrast with Facebook’s public statements, the company came up with several ways to require third-party applications to compensate Facebook for access to its users’ data, including direct payment, advertising spending and data-sharing arrangements. While it’s not unusual for businesses that are working together to share information about their customers, Facebook has access to sensitive data that many other companies don’t possess.

Facebook ultimately decided not to sell the data directly but rather to dole it out to app developers who were considered personal “friends” of Zuckerberg or who spent money on Facebook and shared their own valuable data, the documents show.

Facebook denied that it gave preferential treatment to developers or partners because of their ad spending or relationship with executives. The company has not been accused of breaking the law.

A man poses for photos in front of the Facebook sign on the company’s campus in Menlo Park, California, in 2014.Jeff Chiu / AP file

About 400 of the 4,000 pages of documents have previously been reported by other media outlets, and also by a member of the British Parliament who has been investigating Facebook’s data privacy practices in the wake of the Cambridge Analytica scandal. However, this cache represents the clearest and most comprehensive picture of Facebook’s activities during a critical period as the company struggled to adapt to the rise of smartphones following its rocky debut as a public company.

The thousands of newly shared documents were anonymously leaked to the British investigative journalist Duncan Campbell, who shared them with a handful of media organizations: NBC News, Computer Weekly and Süddeutsche Zeitung. Campbell, a founding member of the International Consortium of Investigative Journalists, is a computer forensics expert who has worked on international investigations including on offshore banking and big tobacco. The documents appear to be the same ones obtained by Parliament in late 2018 as part of an investigation into Facebook. Facebook did not question the authenticity of the documents NBC News obtained.

U.K. lawmaker Damian Collins releases seized Facebook emails, claims company lacks ‘straight answers’

The documents stem from a California court case between the social network and the little-known startup Six4Three, which sued Facebook in 2015 after the company announced plans to cut off access to some types of user data. Six4Three’s app, Pikinis, which soft-launched in 2013, relied on that data to allow users to easily find photos of their friends in bathing suits.

Facebook has acknowledged that it considered charging for access to user data. But Facebook has challenged the significance of those discussions, telling the Wall Street Journal last year and NBC News this month that the company was merely mulling various business models.

Facebook has also repeatedly said that the documents had been “cherry-picked” and were misleading. Facebook reiterated this stance when NBC News contacted the social media company for comment on the newly leaked documents.

“As we’ve said many times, Six4Three — creators of the Pikinis app — cherry picked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app’s users,” Paul Grewal, vice president and deputy general counsel at Facebook, said in a statement released by the company.

“The set of documents, by design, tells only one side of the story and omits important context. We still stand by the platform changes we made in 2014/2015 to prevent people from sharing their friends’ information with developers like the creators of Pikinis. The documents were selectively leaked as part of what the court found was evidence of a crime or fraud to publish some, but not all, of the internal discussions at Facebook at the time of our platform changes. But the facts are clear: we’ve never sold people’s data.”

The finding of “evidence of a crime or fraud” came from a preliminary decision by the judge in the Six4Three case about an earlier round of leaked documents.

NBC News has not been able to determine whether the documents represent a complete picture. Facebook declined to provide additional evidence to support the claim of cherry-picking.

Still, these freshly leaked documents show that the plans to sell access to user data were discussed for years and received support from Facebook’s most senior executives, including Zuckerberg, chief operating officer Sheryl Sandberg, chief product officer Chris Cox and VP of growth Javier Olivan. Facebook declined to make them available for comment.

After NBC News contacted Facebook for comment, Facebook’s lawyers wrote to the judge in the Six4Three case, claiming that Six4Three had leaked the documents to a “national broadcast network” and seeking to depose Six4Three’s founders. NBC News received the documents from Campbell, who received them from an anonymous source. Six4Three denied leaking the documents.

Facebook’s 2018 timeline: Scandals, hearings and security bugs

When Facebook ultimately cut off broad access to user data in 2015, the move contributed to the decline of thousands of competitors and small businesses that relied on what Facebook had previously described as a “level-playing field” in terms of access to data. In addition to Pikinis, the casualties included Lulu, an app that let women rate the men they dated; an identity fraud-detecting app called Beehive ID; and Swedish breast cancer awareness app Rosa Bandet (Pink Ribbon).

The strategy orchestrated by Zuckerberg had some of his employees comparing the company to villains from Game of Thrones, while David Poll, a senior engineer, called the treatment of outside app developers “sort of unethical,” according to the documents. But Zuckerberg’s approach also earned admiration: Doug Purdy, Facebook’s director of product, described the CEO as a “master of leverage,” according to the documents.

Facebook declined to comment on these employee communications.

A PRIVACY MYTH

One of the most striking threads to emerge from the documents is the way that Facebook user data was horse-traded to squeeze money or shared data from app developers.

In the wake of the Cambridge Analytica scandal in early 2018 and raising awareness of the Six4Three case, Facebook has attempted to frame changes it made to its platform in 2014 and 2015 as being driven by concerns over user privacy. In statements to media organizations, Facebook has said it locked down its platform to protect users from companies that mishandled user data, such as Cambridge Analytica, as well as apps that spammed users’ news feeds or were creepy, such as Six4Three’s bikini-spotting app Pikinis.

Mark Zuckerberg to shift Facebook toward a ‘privacy-focused’ platform

However, among the documents leaked, there’s very little evidence that privacy was a major concern of Facebook’s, and the issue was rarely discussed in the thousands of pages of emails and meeting summaries. Where privacy is mentioned, it is often in the context of how Facebook can use it as a public relations strategy to soften the blow of the sweeping changes to developers’ access to user data. The documents include several examples suggesting that these changes were designed to cement Facebook’s power in the marketplace, not to protect users.

In Six4Three’s case, for example, Facebook’s head of policy Allison Hendrix acknowledged in a June 2017 deposition obtained by NBC News that the social network never received any complaints about the Pikinis app, nor did Facebook send Six4Three any policy or privacy violation notices. Six4Three, Hendrix confirmed, was playing within the rules Facebook had set for developers.

Despite this, Six4Three’s access to data, specifically access to a user’s friends’ photos, was cut off in April 2015 as part of sweeping changes to Facebook’s platform announced a year earlier, which affected as many as 40,000 apps. Six4Three shut down the app soon afterward.

Ted Kramer, founder of Six4Three.Peter DaSilva / for NBC News

“Our case is about Zuckerberg’s decision to weaponize the reliance of companies on his purportedly neutral platform and to weaponize the private and sensitive data of billions of people,” said Six4Three founder Ted Kramer.

A TURNING POINT FOR FACEBOOK

Facebook recognized early on that working with third-party app developers could help make the social network more interesting and drive the platform’s expansion. Beginning in early 2010, Facebook created tools that allowed the makers of games (remember Farmville?) and other apps to connect with its audience in return for ensuring those users spent more time on Facebook.

Facebook achieved this through its “Graph API” (Application Programming Interface), a common means to allow software programs to interact with each other. In Facebook’s case, this meant that third-party apps such as games could post updates on people’s profiles, which would be seen by players’ friends and potentially encourage them to play, too. Beyond that, it allowed the makers of those games to access a slew of data from Facebook users, including their connections to friends, likes, locations, updates, photos and more.

The Graph API — and particularly the way it let third parties promote their products to and extract data from a user’s social connections — was a key feature of Facebook that Six4Three and thousands of other companies relied upon for viral marketing and user growth.

However, after a few years, Facebook decided the app developers were getting more value from the user data they extracted from Facebook than Facebook was getting out of the app developers, the documents show.

After Facebook went public in May 2012, its stock price plummeted, which Zuckerberg later characterized as “disappointing.” The company was in a desperate position, documents show, with users sharing fewer photos and posts on the platform as they spent more time on their cellphones. An internal Facebook presentation looking back at this period used the phrase “terminal decline” to describe the fall in engagement.

Facebook executives, including Zuckerberg and Sandberg, spent months brainstorming ways to turn the company around. An idea that they kept returning to: make money from the app partners, by charging them for access to Facebook’s users and their data.

‘SELL DATA FOR $”

Several proposals for charging developers for access to Facebook’s platform and data were put forward in a presentation to the company’s board of directors, according to emails and draft slides from late August 2012.

Among the suggestions: a fixed annual fee for developers for reviewing their apps; an access fee for apps that requested user data; and a charge for “premium” access to data, such as a user trust score or a ranking of the strongest relationships between users and their friends.

“Today the fundamental trade is ‘data for distribution’ whereas we want to change it to either ‘data for $’ and/or ‘$ for distribution,’” Chris Daniels, a Facebook business development director, wrote in an August 2012 email to other top leaders in the company discussing the upcoming presentation.

Discussions continued through October, when Zuckerberg explained to close friend Sam Lessin the importance of controlling third-party apps’ ability to access Facebook’s data and reach people’s friends on the platform. Without that leverage, “I don’t think we have any way to get developers to pay us at all,” Zuckerberg wrote in an email to Lessin.

In the same week, Zuckerberg floated the idea of pursuing 100 deals with developers “as a path to figuring out the real market value” of Facebook user data and then “setting a public rate” for developers.

“The goal here wouldn’t be the deals themselves, but that through the process of negotiating with them we’d learn what developers would actually pay (which might be different from what they’d say if we just asked them about the value), and then we’d be better informed on our path to set a public rate,” Zuckerberg wrote in a chat.

Facebook told NBC News that it was exploring ways to build a sustainable business, but ultimately decided not to go forward with these plans.

“I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.”

Zuckerberg was unfazed by the potential privacy risks associated with Facebook’s data-sharing arrangements.

“I’m generally skeptical that there is as much data leak strategic risk as you think,” he wrote in the email to Lessin. “I think we leak info to developers but I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.”

Facebook told NBC News that this was an example of a cherry-picked email designed to bolster Six4Three’s case.

Zuckerberg didn’t know it at the time, but a privacy bug affecting an unnamed third-party app would create precisely this kind of strategic risk the following year, according to a panicked chatlog between Michael Vernal, who was director of engineering, and other senior employees.

It’s not clear exactly what happened or which app was involved, but it appears that Zuckerberg’s private communications could have leaked from Facebook to the external app in an unexpected way.

Vernal said that it “could have been near-fatal for Facebook platform” if “Mark had accidentally disclosed earnings ahead of time because a platform app violated his privacy.”

“Holy crap,” replied Avichal Garg, then director of product management.

“DO NOT REPEAT THIS STORY OFF OF THIS THREAD,” added Vernal. “I can’t tell you how terrible this would have been for all of us had this not been caught quickly.”

Vernal and Garg did not respond to requests for comment.

‘GOOD FOR THE WORLD’ BUT NOT ‘GOOD FOR US’

In late November 2012, Zuckerberg sent a long email to Facebook’s senior leadership team saying that Facebook shouldn’t charge developers for access to basic data feeds. However, he said that access to Facebook data should be contingent on the developers sharing all of the “social content” generated by their apps back to Facebook, something Zuckerberg calls “full reciprocity.”

The existing arrangement, where developers weren’t required to share their data back with Facebook, might be “good for the world” but it’s not “good for us,” Zuckerberg wrote in the email.

He noted that though Facebook could charge developers to access user data, the company stood to benefit more from requiring developers to compensate Facebook in kind — with their own data — and by pushing those developers to pay for advertising on Facebook’s platform.

Facebook turns to Twitter to explain outages

Advertisements
Mark Zuckerberg wants to build a ‘brain-computer interface’ that can read your THOUGHTS, report claims

Mark Zuckerberg wants to build a ‘brain-computer interface’ that can read your THOUGHTS, claimsDonie O’SullivanCNN Business

Washington DC (CNN Business) – Facebook, the world’s largest social network, relied on Twitter on Wednesday to explain that its apps were experiencing outages around the world.

Some users of Facebook (FB) and other platforms owned by the tech giant, including Instagram, Messenger and WhatsApp, experienced problems accessing the services. Many people went on Twitter to vent their frustration.

In the future, Zuckerberg said the interface would let users interact with augmented reality environments using just their brain – no keyboards, touchscreens or hand gestures required

The outages began Wednesday afternoon and appeared to affect people in multiple areas, including the US, Central and South America, and Europe, according to tweets and the outage-tracking site DownDetector.com.

Elizabeth Warren’s mission to break up Facebook gets help — from Facebook

“We’re aware that some people are currently having trouble accessing the Facebook family of apps. We’re working to resolve the issue as soon as possible,” Facebook tweeted.

Facebook@facebook

We’re aware that some people are currently having trouble accessing the Facebook family of apps. We’re working to resolve the issue as soon as possible.42.9K5:49 PM – Mar 13, 2019Twitter Ads info and privacy29.4K people are talking about this. Despite some early online rumors that the outages were the result of a distributed denial-of-service () attack — a type of hack in which attackers flood a company’s network — Facebook said in another tweet that “the issue is not related to a DDoS attack.”

Facebook says the future is private messaging, not public posts

Advertisements
Facebook temporarily removed several ads by senator Elizabeth Warren calling for the break up of large tech companies including the social media giant. Pictured: Warren talking about her tech company proposals on Saturday at the SXSW conference in Austin, Texas

“The future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever.” – CJR Editors mingram@cjr.org via mailchimpapp.net 

On Wednesday, in what seemed like a major shift, Mark Zuckerberg wrote that he wants to reorient Facebook around private, encrypted, and ephemeral messaging, rather than public sharing. This could have significant implications not just for regulators, who have been trying to get Facebook to crack down on offensive and violent content, but also for the future of news and information—including misinformation.

In the past, Zuckerberg has said that his aim was to connect people and make it easier for them to share. And in part because of how Facebook’s advertising engine works, the focus has been on making as much of that sharing as public as possible. But Zuckerberg seems to have changed his views. “As I think about the future of the internet, I believe a privacy-focused communications platform will become even more important than today’s open platforms,” he wrote. “The future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever.”

More than ever before, Zuckerberg seemed to admit there have been downsides to Facebook’s emphasis on public sharing, including “child exploitation, terrorism and extortion.” He may have been pushed to this realization by the ongoing firestorm of criticism Facebook has received—not just because of the 2016 elections, but also owing to its role in promoting violence in Myanmar, India, and elsewhere. This new commitment to privacy, however, comes with trade-offs, since a more private Facebook is less subject to public scrutiny—and that could make misinformation more difficult to track.

In focusing on the private and ephemeral, Zuckerberg appears to be embracing the model he borrowed (or stole) from Snapchat, which pioneered self-destructing posts in 2011 and turned down a $3 billion acquisition offer from Facebook two years later. Since then, Facebook has implemented Snapchat-like features in WhatsApp, Instagram, and Messenger.

“The future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever.”

More than ever before, Zuckerberg seemed to admit there have been downsides to Facebook’s emphasis on public sharing, including “child exploitation, terrorism and extortion.” He may have been pushed to this realization by the ongoing firestorm of criticism Facebook has received—not just because of the 2016 elections, but also owing to its role in promoting violence in Myanmar, India, and elsewhere. This new commitment to privacy, however, comes with trade-offs, since a more private Facebook is less subject to public scrutiny—and that could make misinformation more difficult to track.

In focusing on the private and ephemeral, Zuckerberg appears to be embracing the model he borrowed (or stole) from Snapchat, which pioneered self-destructing posts in 2011 and turned down a $3 billion acquisition offer from Facebook two years later. Since then, Facebook has implemented Snapchat-like features in WhatsApp, Instagram, and Messenger.

Is Facebook making changes because they are better for users, or because they make life easier for Facebook?

If hateful or violent content will soon appear in private rather than public messages, does that mean the company is no longer liable for the spread of that content?

The latter question has already come up in India, where much of the violence driven by WhatsApp has been fueled by messages posted in private groups.

When it comes to journalism, Facebook’s reorientation seems to take it even further away from being the kind of public distribution outlet many media companies have come to rely on. Although the fruit Facebook offered to publishers may have been poisoned, the reach—and, in some cases, ad revenue—it provided has become a staple of many media business models. Will private sharing mark the end of Facebook’s supposed commitment to helping journalism?

Here’s more on Facebook’s announcement and the reaction to it:

Since then, Facebook has implemented Snapchat-like features in WhatsApp, Instagram, and Messenger.
The latter question has already come up in India, where much of the violence driven by WhatsApp has been fueled by messages posted in private groups.

When it comes to journalism, Facebook’s reorientation seems to take it even further away from being the kind of public distribution outlet many media companies have come to rely on. Although the fruit Facebook offered to publishers may have been poisoned, the reach—and, in some cases, ad revenue—it provided has become a staple of many media business models. Will private sharing mark the end of Facebook’s supposed commitment to helping journalism?

Here’s more on Facebook’s announcement and the reaction to it:

Ukraine: How the Eastern European country became a test bed for Russia cyberweaponry

Advertisements
Illustration by John W. Tomac for POLITICO

As Russian hackers face down Western spies, the Ukraine has become a live-fire space for hackers LAURENS CERULUS

KIEV|AIWA! NO!| — To see the warfare of the future, head to the top floor of a nondescript office tower on a potholed street on the scruffy outskirts of Ukraine’s capital. There, next to a darkened conference room, engineers sit at dark gray monitors, waging war with lines of code.

“Attacks are happening every day,” says Oleh Derevianko, founder of the Ukrainian cybersecurity firm that employs them, Information Systems Security Partners. “We never thought we were going to be the front line of cyber and hybrid war.”

There may be no better place to witness cyber conflict in action than Ukraine today. Open warfare with Russia, a highly skilled, computer-literate pool of talent and a uniquely vulnerable political, economic and IT environment have made the country the perfect sandbox for those looking to test new cyberweapons, tactics and tools.

“Ukraine is live-fire space,” says Kenneth Geers, a veteran cybersecurity expert and senior fellow at the Atlantic Council who advises NATO’s Tallinn cyber center and spent time on the ground in Ukraine to study the country’s cyber conflict. Much like global powers fought proxy wars in the Middle East or Africa during the Cold War, Ukraine has become a battleground in a cyberwar arms race for global influence.

Derevianko’s outfit works closely with the Ukrainian government and its U.S. and European allies to fend off onslaughts against the country’s networks. On the other side of the virtual front line: Not just sophisticated Russian-affiliated hacker groups like Fancy Bear, Cozy Bear and Sandworm — the group behind “NotPetya,” the most devastating cyberattack to date — but also hosts of other governmental, nongovernmental and criminal players testing out their capabilities on the country’s networks.

“They’re not only testing destruction but also testing your reflexes” — Oleh Derevianko, founder of Information Systems Security Partners

Activity has spiked ahead of presidential elections in March, says Derevianko. Since November, hacker groups have been shelling Ukrainian magistrates, government officials, attorneys and others with emails that contain attachments with malware and viruses — sometimes disguised as Christmas greetings, or as messages from the prime minister’s office — in what Derevianko describes as “mass phishing.”

Russian hacker groups are repeatedly attempting to get into the country’s systems, Ukraine’s national security service told POLITICO. Critical infrastructure and election systems are under constant stress, it said.

“They’re not only testing destruction but also testing your reflexes,” says Derevianko.

Russia’s playground

The war in eastern Ukraine has given Russian-affiliated hackers the opportunity to perfect their ability to launch cyberattacks with a series of major intrusions in Ukraine over the past few years.

“The annexation of Crimea and war in Donbas, it has created a volatile political environment,” says Merle Maigre, the former head of NATO’s cyberdefense center in Tallinn who is now executive vice president at the Estonian cybersecurity firm CybExer.

Even as Russian tanks crossed the physical border into eastern Ukraine in the spring of 2014, Russian-affiliated hackers were sending malicious code onto Ukraine’s IT systems, providing political chaos as a smokescreen.

Three days before the presidential election in May 2014, hackers broke into Ukraine’s Central Election Commission and disabled parts of the network using advanced cyberespionage malware, according to a report by the International Foundation of Electoral Systems funded by the U.S. and U.K. and seen by POLITICO. The Central Election Commission was hit again later that year, when hackers took down its website ahead of a parliamentary vote in October.

Large-scale attacks followed the next year, and again in 2016. The targets, this time, were companies running Ukraine’s power grid. In 2015, hackers used so-called BlackEnergy malware, dropped on companies’ networks using spear phishing attacks that tricked employees into downloading from mock emails. So-called KillDisk malware later destroyed parts of the grid.

The resulting blackouts — the world’s first known successful cyberattack on an energy company at scale — affected about 230,000 Ukrainians for up to six hours. A year later, in December 2016, hackers relied on even more sophisticated tools to successfully turn off the lights in large parts of the Ukrainian capital yet again.

But the widest-reaching attack — and the world’s most financially damaging to date — took place in 2017, when hackers combined code tested in the power grid attacks with malware known as “Petya” and a security vulnerability initially discovered by the U.S. National Security Agency called EternalBlue.

Danish shipping behemoth Maersk was crippled by a 2017 malware attack | Leon Neal/Getty Images

The resulting malware — “NotPetya” — compromised the software of a small tech firm called Linkos Group, providing it access to the computers of utility companies, banks, airports and government agencies in Ukraine. It also crippled multinationals like the Danish shipping giant Maersk, logistics giant FedEx, pharma company Merck and other major corporations.

The NotPetya attack — which cost an estimated $10 billion to clean up — was “as close to cyberwar” as we’ve come, says Geers. “This was the most damaging attack in history, of a scale and cost that would far exceed a missile fired from the Donbas into Kiev.”

Cyber sandbox

The free-for-all environment of a country at war has turned Ukraine into a magnet for players of all types looking to test their cyber capabilities. In addition to hostile Russian hackers, the country has attracted cybersecurity firms looking to get close to the action, Western intelligence agencies seeking to understand the nature of modern conflict and criminals looking to make a buck.

“Donbas is basically lit up with malware. That’s intelligence services trying to figure out what Russia is going to do next in Donbas, trying to figure out what [Russian President Vladimir] Putin is up to,” says Geers, the Atlantic Council’s cybersecurity expert. “The U.S., China, Russia, Israel, Turkey, Iran — it’s coming from everywhere.”

In addition to the ongoing military conflict, Ukraine offers a tempting target because so many of the country’s computers run pirated software, which doesn’t receive standard security patches. And, because it is well integrated with Western European internet networks, the country offers a backdoor to hack the rest of Europe.


Russian President Vladimir Putin | Mikhail Klimentyev/AFP via Getty Images

Constant attempted attacks by hacker groups such as Fancy Bear, Cozy Bear and Turla are putting critical infrastructure and election systems under constant stress, Ukraine’s national security told POLITICO.

The goal, say experts, is to test the West’s defenses. The U.S. and other intelligence agencies have responded by moving into the Ukrainian networks to pick up the signals.

“Getting intelligence ahead of time is important,” says Dymtro Shymkiv, the former head of Microsoft in Ukraine and President Petro Poroshenko’s chief adviser on cyber between 2014 and 2018. “Some of the viruses and malware in the energy blackouts in Ukraine were later found in the U.S. and Israel.”

Ukrainian authorities, he says, exchange cyber intel for help in fending off the hackers.

“Whenever we identified malware, we uploaded it to special services where manufacturers of anti-virus could analyze it,” says Shymkiv. His cyber team sometimes worked with expert communities on platforms like Hybrid Analysis or ANY.RUN, a technique known as “cloud-based sandboxing,” where researchers can access the data and get in touch with those affected by malware, he says.

“U.S. counterparts, they are requesting a lot of information and interacting very productively” — Roman Boyarchuk, head of Ukraine’s State Cyber Protection Center

Washington has invested heavily in cyber resilience in Ukraine since 2014. USAID alone freed up a pot of $10 million (€8.9 million) for cybersecurity defenses, and a sizeable part of its much larger budget to support Ukraine goes to securing IT systems in the country.

U.S. companies, such as tech giant Microsoft, have also beefed up their presence in the country. Hardware leader Cisco has a strong foothold that includes its renowned cyberintelligence unit Talos. And U.S. cyber firm CrowdStrike, known for bullishly calling out state-sponsored hacks, is also active in the country, as are many others.

The U.S. and Europe are also investing in seminars and training for Ukrainian cybersecurity staff, and are involved in day-to-day assistance via the International Foundation for Electoral Systems (IFES), an international organization backed by democracies worldwide to help out with holding elections, and other channels.

“U.S. counterparts, they are requesting a lot of information and interacting very productively,” says Roman Boyarchuk, the head of Ukraine’s State Cyber Protection Center, the authority tasked with fending off attackers from government networks. American and European cybersecurity authorities regularly ask for more details about his agency’s analysis of major threats, he says.

Hackers are ramping up their activity ahead of Ukraine’s March election | Tomohiro Ohsumi/Getty Images

Activity has increased ahead of Ukraine’s national election in March, experts say, as smaller groups and individual hackers and criminals look for financial gain.

“They’re scanning the networks and sending a lot of malware in order to find the breaches, the vulnerabilities,” says Boyarchuck, of the national cyber emergency team. “They are taking control, recording this control, putting it into databases and selling it.”

The hackers then find buyers for these credentials or access into confidential networks. Large data sets are sold on dark web marketplaces to anyone willing to pay the price.

“Everyone is buying it,” says Boyarchuk. “Corporate competitors, state actors, anybody.”

Fears of contagion

For Kiev’s cyber helpers, the goal is not just to help out a developing country under pressure. As Ukraine becomes ever more integrated with the West, there’s a strong fear of contagion. A successful cyberattack in Kiev, they fear, can easily slip the country’s borders and infect computers across the globe.

That’s become especially true following Ukraine’s shift toward the West, which triggered Russia’s aggression. The country’s 2014 Association Agreement with the EU came with a “deep and comprehensive free-trade agreement” in place since 2016 that has strengthened economic ties. And with the increase in trade has come added data flows and interactions in its internet networks.

The 2017 “NotPetya” attack was a painful example of the risks that come with this kind of entanglement: An attack starting in a small tech firm in Ukraine spread to companies and government agencies across the world, grinding the business of international heavy-hitters to a halt.

“We provided them with political support, we’ve supported Ukraine in providing guns and ammo. Now we’re moving to cyber” — Edvinas Kerza, Lithuania’s vice minister of national defense

NotPetya “was when everybody realized how vulnerable we are when Ukraine gets hit,” says Maigre, the former head of NATO’s cyberdefense center. “It easily blows over to Europe and beyond.”

For the EU, in particular, the attack underlined the urgency of beefing up Ukraine’s cyberdefenses.

Since then, European countries have set up bilateral assistance deals. Estonia, for example, is heavily involved in helping Ukrainian authorities set up a secure electoral IT system. Lithuania is also active, according to Edvinas Kerza, the country’s vice minister of national defense.

“We provided them with political support, we’ve supported Ukraine in providing guns and ammo,” says Kerza. “Now we’re moving to cyber.”

The EU’s eye is now on securing the upcoming presidential election at the end of March.

March’s vote in Ukraine could provide valuable insight on cyberweaponry for the EU | John MacDougall/AFP via Getty Images

“We strongly expect Russia will try to influence the course of Ukraine’s presidential and parliamentary elections in 2019,” Ukraine’s security service said in an email, adding that the greatest threat comes from special services launching “purposeful, long-term cyberattacks with state interests in mind.”

Above all, the March vote could provide valuable insight for the EU, as it braces for cyberattacks on its European election at the end of May. That vote — in which voters in 27 countries will choose a new European Parliament and by extension decide who sits at the helm of the EU’s top institutions — is uniquely vulnerable to interference.

What happens in Kiev today could easily happen in Berlin, Rome or Amsterdam tomorrow, experts say. Ukraine “is sort of like a litmus test,” says Maigre. The stream of phishing emails, the data sold on the dark web, the new types of malware — all of it can pop up west of Ukraine at any time. “That’s why it is interesting to see how it all plays out in the elections,” she says.

Related stories on these topics: