on Friday, the federal government promised Ukraine help in its “serious cyber crisis”.
I could now write the rest of the newsletter about silly neologisms like "cyber crisis", but the situation is too serious for that.
When the government announced its offer of help, the public only knew about the defacement and overload attacks on several Ukrainian government websites.
From the outside, it looked like vandalism with a scare-mongering message, but not technically something the Ukrainians needed help with.
But over the weekend Microsoft announced that on Thursday it had already discovered a so-called wiper disguised as an encryption Trojan in dozens of Ukrainian systems, designed to "render the target systems unusable".
The government, non-profit organizations and "an IT company that operates websites for authorities, among other things, whose pages were recently defaced" were affected.
If you put the report of the defacement, the German reaction and the Microsoft warning on top of each other, possible connections come to mind.
One perpetrator, two attacks, one response to both.
That's not unreasonable. Wiper software irretrievably deletes files: "NotPetya" 2017 impressively demonstrated where this can lead. The biggest wiper attack to date started in Ukraine, the perpetrators came from Russia. (No one wrote the whole story as well as Andy Greenberg.) Nor was it the first destructive hacking of Ukraine by Russian actors. As early as December 2015, they paralyzed parts of the power supply. A few weeks ago, the New York Times reported, citing US experts, that Russian cyber activities in Ukraine had recently increased significantly. And it is quite possible that the NATO countries had already learned about the wiper on Friday.
But throwing everything through the cyber meat grinder is not a good idea in such incidents. Connections are seen too quickly where none are occupied. The reports of the past few days and the reports that may be added in the coming hours and days should not be placed on top of each other, but only next to each other.
It looks like this: So far, defacement and overload attacks on Ukrainian websites and the wiper in Ukrainian systems have been discovered.
We do not know whether the same perpetrators are behind it and whether they receive state support.
Nor do we know if the defacement was a red herring to hide the wiper.
And it also remains unclear for the time being whether the wiper should be triggered or maybe just found, as a warning or a demonstration of power.
Some things may still be proven, others not.
Blur is an integral part of cyber wars... modern conflicts.
External links: Three tips from other media
"Federal Telecommunications Service - how I accidentally found a front office in the federal administration" (eight minutes of reading)
A federal agency with offices but no budget that cannot be reached - does it have to be a branch of an intelligence service?
Lilith Wittmann describes her persistent research and the conclusions she draws from it.
"Instagram: brutal anorexia coaches exploit young people" (video, three minutes)
With fake accounts, Svea Eckert, Carlotta Smok and Sulaiman Tadmory from NDR and Lena Kampf from WDR show how Instagram can fuel the eating disorders of young girls and how bad that is Part of it is to spot "skinny coaches" who are taking advantage of these girls.
»Revealed: UK Gov't Plans Publicity Blitz to Undermine Privacy of Your Chats« (English, 5 minutes read)
James Ball has obtained documents from an advertising agency commissioned by the British government to spread the word about end-to-end encryption, among other things with a »visual PR stunt«.
I wish you a conflict-free week,
Patrick Beuth