This is the second of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Ukraine. Since December 2013 a lot of things have changed and are still changing rapidly in the Ukraine, and this report is a reflection of the country prior to the protest, the instalment of a new government and the current security situation.

Ukraine has an important geostrategic location between the countries of Western and Eastern Europe and Russian Federation. Back in the Soviet Union times, Ukraine, and Kiev in particular, was one of the information communications development centres. Currently when compared to other Commonwealth of Independent States (CIS) countries, Ukraine is the runner up after Russia in terms of IT development. Being a country with a well-developed infrastructure and high online activity, Ukraine was one of the first countries where political events, e.g. the Orange revolution 2004-2005, were mainly caused by the development of Information Communication Technology (or ICT) branch.

ukraine

Ukraine is a relatively free country in terms of Internet access, however the authorities are trying to find ways to regulate and limit this field on various pretexts, including protection of copyrights, and struggle against terrorists and cybercrime. The cases of physical assaults against online activists with the aim of intimidation occur quite often. Despite frequent attempts to amend the legislative basis in favor of increased limitation and strong regulation of the Internet, Ukrainian legislation remains relatively liberal. According to the data from the Ukrainian Internet Association, there were about 19.7 million regular Internet users in Ukraine at the end of 2012, with an Internet penetration level of 43.5%.

 

Surveillance
Ukrainian authorities tried to legalise control over the Internet several times over the past years. The first attempt was undertaken in 1999. The President of Ukraine introduced a draft bill, which implied telecom operators’ liability to install special equipment enabling information interception from communicational channels by means of licensing procedure for a respective type of entrepreneurial activity (equivalent of Russian SORM-2 requirements). The majority of votes rejected this bill in the Supreme Council of Ukraine, due to active public involvement.

In the beginning of 2012 the National Security Service of Ukraine was reformed, introducing a new department for protection of State’s informational security interests. According to an explanatory note of the respective legal document, such departments are aimed at management facilitation in order to protect legal interests of the country and its citizens in the sphere of communication and information from foreign intelligence services, illegal activities of corporations and groups of people. In reality this department was probably created to strengthen the human and technical capacity in order to monitor the blogosphere and social media. An example of such activity was reported during the pre-election campaign in front of the Supreme Council in October 2012. Back then the administrators of Vkontakte group “We are Patriots of Ukraine”, which counted some 170,000 members, were blackmailed. They were requested to provide administrative rights under the threat of institution of criminal proceedings for “revolutionary activities”.

In the meantime in July 2012, the National Commission of Ukraine was responsible for regulation of communication and information adopted the terms of engagement for telecom operators. One of the terms is that ISPs should provide access for installation of the Commission’s equipment at the connection points between operators in order to enable monitoring and/or technical control over the settings of communicational networks according to the requirements of normative documents in the communication sphere. Thus, this term obliges the communication companies to provide state authorities with access to their networks.

In May 2013, the Ministry of Internal Affairs of Ukraine initiated a draft bill, obliging ISPs to install on their networks systems for operative-investigative activities in order to enable control over users’ activity. The necessary equipment as suggested by law enforcement agencies shall be bought on the expenses of telecom service providers. Thanks to the mass communication media and critics from the side of general public, the draft bill did not pass.

In August 2013, the State Service of Special Communications and Information Protection issued a draft of listing procedure for technical means, which are allowed for use on telecom networks of Ukraine. One of the prerequisites for the equipment will be approval of their surveillance systems support, which means the authorised equipment will be fully compatible with surveillance systems.


Internet-censorship
Over the past years, different activities have been undertaken to increase censorship in Ukraine. One way to limit the access to Internet resources apart from protection of public morality is accusation in violation of copyrights. In November 2009, the employees of the National Security Service of Ukraine confiscated all servers of hosting provider FREGAT, including those hosted gorod.dp.ua website, the biggest online news media in Kiev. Simultaneously servers of oppositional website vlasti.net, hosted by colocall.net hosting service provider, were shut down and confiscated. The reason for this action was institution of criminal case on illegal distribution of classified information. Based on the results of examination, the press service of the law enforcement agency claimed:

During the inspection data bases of governmental authorities containing classified information and being the property of the State were found. Furthermore, over one million copies of computer programs, audio and video records were discovered. These were distributed with violation of copyrights”.

It’s important to mention that this operation was implemented during the presidential pre-election campaign. On the 31st of January 2012, the biggest file hosting service in Ukraine (ex.ua) was shot down due to the accusation of copyrights and related rights violation. The servers owned by the service were confiscated. Two days later after the protest actions in front of the Ministry of Internal Affairs in Kiev and DDoS attacks on the websites of governmental authorities, the requisition to block the domain was withdrawn, the resource was unlocked and partly resumed operation. Not until June the operation of the resource was fully recovered. Currently another bill “On introduction of changes to various legal documents of Ukraine concerning the regulation of copyrights and related rights” is being reviewed in its second reading. In case of violation of copyrights the bill gives the respective authorities the right to shot down websites without any legal proceedings.

Moreover, the actions of the law-enforcement authorities against statements made by users online are to be mentioned. In July 2010, the press service of the National Security Service of Ukraine announced: “In course of investigation measures information about the materials containing threats towards the President of Ukraine hosted on the website singing-foot.livejournal.com was gained”. The author of the materials, Ukraine’s citizen Oleg Shinkarenko subsequently informed that he was conveyed to the public prosecution body and released only after submitting a written obligation not to criticize the government in a harsh form in his blog. In December 2011, the Head department on cybercrime and human trafficking of the Ministry of International Affairs of Ukraine in Kiev in its letter addressed to the company hosting news website lb.ua, demanded from the latter full information about the natural person or legal entity owing the website LB.ua. The reason for this request was a complaint regarding the publication of unprintable expressions on the LB.ua platform, submitted to the police by a certain citizen. After this case the owners of lb.ua in order to prevent such incidents were forced to disable the anonymous comments and provided commenting rights to the registered users only.

Another case against lb.ua occurred in June 2012, when a deputy made a claim against the editorial board of lb.ua, demanding to institute legal proceedings according to the Article 163 of the Criminal Code of Ukraine (violation of privacy of mail, telephone conversations, telegraph and other correspondence conveyed by means of communication or via computers). This article stipulates prison sentence from three to seven years. The reason for the claim was lb.ua publication from November 2011 containing sms-exchange photographed by lb.ua journalist, in which the deputy writes about the future of his son, being at that point prosecuted for assault and battery against a female. It was clear from this communication that the deputy engages political technologists and journalists to write positive comments in the news and articles about the trial on his son. The initiated criminal case was widely discussed and subsequently was closed as reported by the public prosecutor’s office, even though the closure was never supported by any written document.

Being the most popular social network in Ukraine in terms of the number of users the social network “Vkontakte” long ago gained special interest of the law-enforcement authorities. The Ministry of Internal Affairs of Ukraine claimed that photo and video materials uploaded to the social network become more and more alarming. Due to difficulties with blocking of this network, the Ministry is cooperating with the department “K”. According to the Head of the Department on cybercrime of the Ministry of Internal Affairs of Ukraine: “All materials are forwarded directly to the department “K” of the Russian Federation. The webpages are getting closed and respective users punished”. Earlier in 2008, the National Expert Commission of Ukraine for protection of public morality directed a letter to the Minister of International Affairs of Ukraine Vladimir Ogryzko, asking to consider the possibility of contacting the Embassy of the Russian Federation concerning the discussed fact in order to prevent dissemination of pornographic content.


Other types of potential attacks and threats
One of the biggest DDoS attacks in Ukraine occurred in August 2009. Infrastructure of the company Imena.UA / MicroHost.net, domain name registration and hosting service provider, was under attack. At peaks the load on the company’s servers reached values over 2Gb/sec. Two IP-addresses revealing the control centre of the botnet were identified in cooperation between several Ukrainian companies. The IP-addresses were traced back to the spamming company Real Host Ltd, a shareholder of the biggest botnet called Zeus. Experts assumed that this attack was the first trial before the election campaign, and it allowed estimating the capacity of the communicational infrastructure of the major Ukrainian providers.

In 2009, the National Security Service of Ukraine in cooperation with their US colleagues revealed the activity of an international malware production and distribution company in Ukraine. The company ran by US citizens employed over 400 highly qualified specialists in their office in Kiev. The employed programmers had no idea they were working on the development of components for computer viruses, which were later used in order to infect computers all over the globe and create botnets. Furthermore, cases of involvement of Ukrainian citizens in illegal activities, associated with larcenies from foreign bank accounts under the cover of legal entities and money laundering amounting tens of millions of dollars, were reported.

According to a research conducted by the Kaspersky Lab, almost every second Internet user in Ukraine underwent at least one cyber attack in 2012. Results of a joint survey of the Kaspersky Lab and the O+K Research think tank, conducted among the Internet users on all continents in 2012, stated that 62% of Ukrainian users experienced the situation when pop-up windows alarmed about would-be viruses or recommended to set up fake antivirus software. It was found out that 50% of respondents came across malicious links in search result and 24% of the Ukrainian users when shopping online were redirected to dubious websites that requested them to provide their bank account numbers.


Potential threats, possible ways of their escalation and suggested mitigation
When comparing Internet freedom situation in Ukraine with any other country of concern for the series of reports in the framework of this research, one can state with confidence that Ukraine is more democratic. The absence of the censorship from the side of the state, presence of computer literate NGO community, well developed IT branch and availability of IT specialists, all these factors create good conditions not only for business development, but also for development of civil and non-commercial sector.

The experience of trainings conduction in Ukraine indicates positive results. The trainees usually have solid basic computer skills and are able to learn new information, including materials on use of digital security tools. It is advisable to conduct more trainings on the application of technologies of information protection, protection of online resources and offline data for both regular users and technicians. In combination with the above-mentioned technical trainings, educational seminars on organisational security policy and on planning of measures to maintain security are recommended.

The mobile communication services become more and more popular along with the price reduction for smart phones and tablet PCs. Everybody with no exception actively use mobile communications (both voice and data transfer) at work. In general, users do have a basic understanding about mobile communication threats (for instance that one needs to remove the battery when avoiding a potential shadowing), but they tend to ignore the necessity to secure their communications.

Taking into account that the majority of people use various social networks and there are tensions between different activists groups (for example, potential threat from nationalists and other radical groups) the escalation of online threats in social networks, provocative actions, vandalism, hacking threats and data leakages are probable. It is therefore recommended to support initiatives aimed at promotion of digital security and confidentiality protection measures in social networks.

The next Presidential elections in Ukraine are to be conducted in 2015. For that reason starting in 2014 escalation of tensions both in media sphere and in the realm of NGOs is expected towards the current authorities and the influence of neighbouring countries (first of all Russia) on the internal political situation in the country. This will definitely be reflected on the digital environment, security of web resources as well as on security of individual organisations and socially active persons.

One can claim that the civil society in Ukraine is able to rapidly mobilise itself in case of a threat (sometimes even in case of personal conflicts between NGOs and those in power), there is an intensive information exchange in case of opposition against any sort of threat. For that reason the promotion of the tools and dissemination of knowledge for digital security should work effectively in Ukraine.

This blog is made with cooperation of security experts in the region, and is entirely based on their findings.