Telecoms outage hits Ukraine
NetBlocks, the non-profit internet watchdog, has reported the first telecoms blackout in North-eastern Ukraine, following the ongoing conflict in the country.
In a Tweet published just after 18:20 GMT on Thursday 3rd March, the company said that blackout was recorded in the region of Sumy Oblast in Ukraine, following reports of " massive blasts at the thermal power plant and electrical substation that turned the sky 'yellow and red' for miles".
⚠️ Confirmed: A telecoms blackout has just been registered across #Sumy Oblast, north-eastern #Ukraine, as residents report massive blasts at the thermal power plant and electrical substation that turned the sky 'yellow and red' for miles.— NetBlocks (@netblocks) March 3, 2022
📰 Background: https://t.co/S0qJQ7CbNv pic.twitter.com/zNG42jfbIS
Speaking to VentureBeat, Alp Toker, founder and director of NetBlocks, said that it is "the largest regional telecoms black out that we’ve tracked since the beginning of the conflict” but that the occurrence though "serious" was a "single discrete event".
The news follows a series of recorded disruptions from NetBlocks in Ukraine, throughout the last two week. As of Thursday 24th February, the company registered internet disruption in the city of Kharkiv with users noting loss of fixed-line service on provider Triolan, with mobile connectivity remaining operational.
⚠️ Confirmed: Significant internet disruption registered in #Ukraine-controlled city of #Kharkiv shortly after huge explosions heard; users report loss of fixed-line service on provider Triolan while cellphones continue to work 📉— NetBlocks (@netblocks) February 24, 2022
📰 Live Report: https://t.co/S0qJQ7CbNv pic.twitter.com/cVSJg2XtQf
That same day, NetBlocks also recorded significant internet disruption in the port city of Mariupol, Donetsk, along with reports of " the loss of telecoms services for many".
⚠️ Update: A significant internet disruption has been registered in the strategic port city of #Mariupol, Donetsk. The incident comes amid reports of civilian casualties and the loss of telecoms services for many.— NetBlocks (@netblocks) February 24, 2022
📰 Report: https://t.co/S0qJQ7CbNv pic.twitter.com/sa2jhSyHyW
The next day Kyiv was affected by "a significant decline in internet connectivity". Interestingly this was credited to the movement of people and the closing of businesses and homes.
ℹ️ Update: Real-time network data show a significant decline in internet connectivity across #Kyiv, Ukraine since early Thursday, attributed to population exodus and the shuttering of businesses and homes as civilians seek shelter or flee.— NetBlocks (@netblocks) February 25, 2022
📰 Previously: https://t.co/S0qJQ7CbNv pic.twitter.com/GZNIyFslhC
This decline continued into Saturday 26th February, with NetBlock's reporting "a major disruption to Ukraine's internet backbone provider GigaTrans" following increased fighting in the cities of Vasylkiv and Kyiv. As the day continued, some connectivity returned GigaTrans but the service was "intermittent".
⚠️ Confirmed: Real-time network data show a major disruption to #Ukraine's internet backbone provider GigaTrans, which supplies connectivity to many other networks. The incident comes as heavy fighting is reported in #Vasylkiv and #Kyiv 📉— NetBlocks (@netblocks) February 26, 2022
📰 Background: https://t.co/S0qJQ7CbNv pic.twitter.com/EksnZjs9Ay
By Tuesday morning, Internet connectivity was broken in the city of Sievierodonetsk and Wednesday 2nd March Veon-owned Kyivstar reported '500 base stations disabled due to power and infrastructure damage' likely to be limited to the Melitopol area.
⚠️ Update: Internet disruptions are being registered on #Ukraine provider #Kyivstar, who report ~500 base stations disabled due to power and infrastructure damage; outages may limit coverage from #Melitopol and other cities resisting occupation— NetBlocks (@netblocks) March 2, 2022
📰 Report: https://t.co/S0qJQ7CbNv pic.twitter.com/C8uyUPNqMO
Capacity spoke to Julia O’Toole, founder and CEO of London-based MyCena Security Solutions, on the implications of the blackout and what it could mean for security.
According to O'Toole, while there have been no reported cyberattack on the communications infrastructure in Ukraine, "this can quickly change as Russia has demonstrated the ability to take down Ukraine's critical infrastructure, as they did in 2015 when they attacked the power grid and provoked a blackout" also the lack of connectivity will also mean that they won't be able to "organise their own defence with other groups".
Effective ways to combat any future cyberattacks, O'Toole says "is to apply physical access security rules to digital access".
"If Russia decides to launch cyberattacks on telecom infrastructure, the easiest path for them would be to steal legitimate access passwords or keys," she explains.
This includes preventing employees from making their own passwords to access files and systems, and instead distribute passwords that stay encrypted from creation, distribution, use, to expiry. In addition, don’t use an admin privilege account or identity as "they are single points of failure", instead revert to one door, one key
"Nine times out of ten, pirates don’t hack in, they log in. Once inside a network, they can escalate privilege to find the Local or Domain admin account to control the network. From there, they can start toz install data wipers, lock files, and halt operations."
Capacity contacted NetBlocks for comment.