On February 25, using the search warrant issued by a court in the city of Odesa, Ukrainian police conducted searches of the homes of several leaders of the Ukrainian Cyber Alliance (UCA) and their relatives. The warrant was issued in the case of a defacement of the information board of Odesa International Airport on October 16, 2019. For a short period of time on that day, logos of airlines on the board were replaced by a photo of Greta Thunberg with the words “Fuck you, Greta”.

The UCA is best known for its activities against the Russian government in response to Russia’s annexation of Crimea and its occupation of the Donbas area in Ukraine. Most famously, the hacktivists obtained and published the email correspondence of Vladislav Surkov, personal adviser to the Russian president and the unofficial leader of the anti-Ukrainian activities in the Russian government until his resignation on February 18. The publication became popularly known as #SurkovLeaks.

Recently, the UCA has been conducting a campaign for strengthening the information security of Ukrainian government agencies and other critical objects of Ukraininan infrastructure called #FuckResponsibleDisclosure or #FRD. In this campaign, the group has been providing public notifications of vulnerabilities found on web sites or internet-connected systems of various Ukrainian entities, privately communicating the nature of the vulnerabilities to Ukrainian security agencies. Computer systems of the Odesa Airport were among those found to contain vulnerabilities – the UCA published its notifications and communicated the findings to the Security Service of Ukraine (SBU) twice: first, a year before the defacement occurred and then, for another vulnerability, only a week before the October 16 incident.

On February 26, representatives of the UCA held a press conference discussing the searches.

According to the representatives, on February 25, police searched the homes of Andriy Pereverziy (along with the homes of his mother and his child), Oleksandr Galuschenko, and Andriy Baranovich (better known as Sean Townsend, the UCA spokesperson). Though all these residencies are in Kyiv, the searches were conducted by the police investigators of Malynovsky Rayon of Odesa along with the SBU and cyber police officers from Odesa and Kyiv and local Rapid Operational Response Unit (KORD) officers.

In all cases, the focus was on collecting as much computer hardware as possible, even the devices that could not possibly contain any information useful to the investigation, such as a wireless router, a broken notebook without a hard drive, and the personal phone of Pereverziy’s child. The investigators were interested in all available communications among the UCA members and didn’t seem to care about the Odesa Airport specifically.

Vadym Kolokolnikov, the attorney representing the group, emphasized that the searches were performed with multiple violations: instead of copying the data, the investigators confiscated all equipment; the search warrant did not specify the persons authorized to conduct it, and the warrant acknowledged that the police performed clandestine surveillance and monitoring of the suspects, which is only allowed in the cases of most serious crimes.

UCA members noted that all of the hacktivists are experienced information security professionals and the #FRD campaign was largely launched to compensate for the lack of specialized knowledge among the personnel of the government agencies responsible for cybersecurity in Ukraine. This is also the reason why any future claims by the police concerning discovery of incriminating information on the confiscated computers should be seen as false.

Discussing their involvement with the Odesa Airport, UCA members stated that they were not responsible for the October 16 break-in and they had never broken Ukrainian law. Quite the opposite, they asserted that, in addition to their standard reporting to security agencies, they tried to communicate the vulnerabilities to the representatives of the airport management company and the Ministry of Infrastructure of Ukraine. However, the Ministry declined to be involved claiming the airport was a private enterprise outside of their control. The airport company did not act on the warnings, instead, it appears to have chosen to use its connections with corrupt officers of the local police to retaliate against the UCA.

This situation highlighted the problem of private ownership of critical infrastructure: the government agencies, including SBU, which are responsible for defending Ukrainian infrastructure against cyber attacks, do not have sufficient leverage to force private companies address their information security. Therefore, UCA strongly recommends setting up a registry of critical infrastructure held in private ownership in Ukraine and introducing new regulations that would allow government agencies to enforce information security of the listed infrastructure.

The UCA attorney stated that they are currently preparing a series of official complaints regarding the destruction of property that occurred during the searches, the loss of valuable property to confiscation and the abuse of authority by the police. He also raised the possibility of criminal responsibility for the misuse of government resources by individuals in the Odessa police.

UCA members have also stated that they are now officially suspending the group’s cooperation with Ukrainian security agencies.

Read more:

Cyberwar: top operations of Ukrainian Cyber Alliance (UCA) in 2016

UCA: hunting down Russian propagandists on an industrial scale

Reconnaissance commander of the 2nd Army Corps in the focus of the UCA. Part 1. Orlan-10 drone

SurkovLeaks: 1GB mail cache retrieved by Ukrainian hacktivists

#FrolovLeaks

This publication was prepared by Max Alginin especially for InformNapalm. Distribution and reprint with reference to the source is welcome! (Creative Commons — Attribution 4.0 International — CC BY 4.0)

InformNapalm does not have any financial support from the government of any country or donors, the only sponsors of the project are its volunteers and readers. You too can help InformNapalm by making a charitable contribution through the Patreon platform.

Follow InformNapalm on Facebook / Twitter / Telegram and keep abreast of new community publications.