Ukrainian Telecom Workers Damage Own Equipment to Thwart Russia

(Bloomberg) — Employees at one of Ukraine’s leading internet and phone providers decided to sabotage equipment rather than hand control to Russia in occupied territories, according to the company’s chief executive officer.

Yuriy Kurmaz, CEO of Ukrtelecom, said Russian forces attempted to seize parts of his telecom’s network by using a combination of hacking and physical intimidation. In an interview with Bloomberg News, Kurmaz said his employees had faced threats and in some cases been imprisoned by Russian personnel in occupied parts of southern and eastern Ukraine, as Moscow has sought to establish control over data and communications in the region.

Rather than hand over control of Ukrtelecom facilities to Russia in occupied territories, Kurmaz said his company’s employees decided to delete crucial files from computers.

“We have seen some brutal influence of the military and representatives of Russia on the occupied territory,” Kurmaz said. “They put pressure on our employees to obtain the technical details of our network infrastructure. But they failed.”

“The Russians tried to connect their control boards and some equipment to our networks, but they were not able to reconfigure it because we completely destroyed the software,” he said.

Ukrtelecom is owned by Rinat Akhmetov, Ukraine’s richest man. The company is the largest fixed line operator in Ukraine and counts the Ukrainian military and several government agencies among its customers, according to Kurmaz. Its annual revenue in 2020 totaled ₴6.2 billion ($210 million), according to company financial records. 

Russia’s invasion has exacted a severe toll on the telecommunications provider.

More than 30 of the company’s buildings have been completely destroyed during the war and about 100 other facilities badly damaged, Kurmaz said. Despite that, it has managed to maintain connectivity for people in more than 80% of the localities it serves, Kurmaz said, who credited engineers who have worked to restore damaged fiber optic lines and other infrastructure.

Aside from physical damage to its networks, Ukrtelecom has also endured multiple cyberattacks, according to a company official.

In late March, suspected Russian-backed hackers gained access to an employee account in occupied territory and tried to use that access to steal customer data and compromise internal network information, according to Kirill Goncharuk, Ukrtelecom’s chief information officer. The intrusion attempt was deemed so severe that Ukrtelecom had to take the drastic decision to shut down large parts of its network for about 15 hours – causing a communication blackout in parts of the country – until it could be sure it had contained the hackers, Goncharuk said in an interview.

The company is facing an average of about 10 cyberattacks every week, according to Goncharuk.

The incidents have included “denial of service” attacks that attempt to force the company’s public websites offline, in addition to persistent efforts to hack Ukrtelecom employees’ computers and penetrate the company’s digital infrastructure. In order to detect such activity, the company has systems in place that detect unusual patterns of behavior on employee computers, Goncharuk said.

Ukrtelecom’s security experts believe the hackers may be trying to find and steal what they call its “golden configuration,” a reference to information that’s required to get Ukrtelecom’s networks back up and running again in occupied regions after they were self-sabotaged.

“They are trying to follow through with their plans to occupy, to steal, to seize our equipment,”Kurmaz said. “To reload our software they need to know the configuration of our network.”

Last month, internet monitoring experts noticed that parts of Ukraine’s internet were being brought under Russian control. Some internet operators in the occupied city of Kherson, for example, were rerouting their customers’ internet traffic through Miranda Media, a Crimea-based affiliate of the Russian-state owned telecommunications firm Rostelecom, according to digital watchdog group NetBlocks.

Victor Zhora, deputy chief of Ukraine’s information protection service, says Russia is pursuing the same strategy as it did following its annexation of Crimea in 2014.

“All local providers were forced to integrate with the Russian one,” Zhora said. “People would come to each provider and blackmail or threaten them.”

Controlling internet networks gives Russia the ability to block Ukrainians’ access to independent sources of information, according to Zhora. It also allows the Kremlin to use surveillance systems to monitor Ukrainians’ communications and web use.

“Their goal is to control people,” Zhora said.

Some small internet providers in the occupied territories have chosen to reconfigure their networks so that they operate under Russian control, saying that they had no alternative. Ukrtelecom, however, has chosen to disconnect its networks in those territories rather than cooperate with Russia.

“They block Ukrainian websites, news channels, and they provide just the Russian propaganda – it’s unacceptable,” Kurmaz said. “Our strong position is we will never collaborate.”

 

More stories like this are available on bloomberg.com

©2022 Bloomberg L.P.

Close Bitnami banner
Bitnami