Victor Zhora, a top Ukrainian cybersecurity official, joins Safe Mode to talk about the evolution of cyberconflict in the ongoing war with Russia. CyberScoop reporter AJ Vicens also talks to host Mike Farrell about his recent reporting on the return of one of the most active forums for criminal hackers.
---------
(00:00) Operating as a journalist in a hacker forum
(03:07) AJ Vicens on hacker forums and BreachForums
(11:17) Victor Zhora on the digital war between Ukraine and Russia
Victor’s Twitter
SSSCIP Twitter
‘A year of cyberwar’ with Russia: An inside look from a top Ukrainian cybersecurity official (by AJ Vicens)
A year after Russia’s invasion, the scope of cyberwar in Ukraine comes into focus (by Elias Groll and AJ Vicens)
BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils (by AJ Vicens)
The FBI’s BreachForums bust is causing ‘chaos in the cybercrime underground’ (by AJ Vicens)
Mike Farrell: [00:00:00] So AJV sends, you spend a lot of time writing about hackers and hacktivists and you spend a lot of time in places where these people communicate, exchange secrets, talk amongst themselves. Do you ever get freaked out about your own online security when you're in these? worlds talking to hackers
AJ Vicens: Yeah all the time.
I feel like i'm gonna do something stupid and then I will have my phone number taken over or Get a random dm saying we own all your stuff. So
Victor Zhora: Yeah every day.
Mike Farrell: How are you greeted or how are you treated when you're? In a forum in which you're a journalist, everybody else is in some degree involved in maybe some malicious hacking activity, maybe some people are on the sidelines, maybe there are observers and there are actors and you come [00:01:00] in there and you're like, Hey, I've got questions.
I'm a reporter. What are some of the responses that you get?
AJ Vicens: Well, I mean, most of them are operating under pseudonyms, right? But I feel like we have to come in there very apparent who we are. I try not to hide who I am. I use my real name, which might be inadvisable. I'm sure other people have different approaches, but I try to be open and transparent and say what I'm working on.
And at the end of the day, I tell people that I'm writing about them and I want them to be able to weigh in if they'd like to. Usually they're okay with that. They either say, no, I don't want to talk to you, go away, or typically they don't respond. Right. And we put that a lot in the story, but the ones that do respond, I think they appreciate that we at least asked.
I've never had anyone be really mean or rude, but I have had people tell me directly to go away. I've never been harassed or sort of piled on in one of these forums or anything like that. I try to just approach them with basic respect, even though they're doing some really dubious and heinous things sometimes.[00:02:00]
Mike Farrell: Well, on today's episode of Safe Mode, we're going to be talking more with A. J. Vucin, CyberScoop reporter, about a story he wrote about a forum. In which a lot of people trade, buy and sell hacked documents and data about people. It's one of the most popular forums out there. In addition to that, we'll be interviewing Victor Zhura, the top cyber security defense official in Ukraine.
And he'll be talking with us about the state of the digital war in Russia.
Welcome to Safe Mode. I'm Mike Farrell, Editor in Chief at CyberScoop. Every week, we break down the most pressing issues in technology, provide you the knowledge and the tools to stay ahead of the latest threats, and take you behind the scenes of the biggest stories in cybersecurity. This episode is brought to you by Google [00:03:00] Cloud.
Narrator: An attack is coming. It's about keeping us safe. He's just a disgruntled hacker. She's a super hacker. Stay alert.
Stay safe. Stay safe. This is Safe Mode.
Mike Farrell: So, AJ, you have this story that recently came out on Cyberscoop. com about something called breach forums. First, let's sort of step back and explain to me what a forum is in this context and how criminal hackers use these forums and why they're so important and why law enforcement is also so interested in these forums.
AJ Vicens: Well, if we're sort of taking the wide view, if you think about hackers who obtain data or penetrate a system and might obtain, you know, a user database or credit card numbers or information that can then be used for other types of criminal activity. They have to find a way to get it to other people. It does no good sitting on your hard drive.
So they have these [00:04:00] forums where they gather. They have like news forums, news threads, but they also talk about Their latest bounty, their latest spoils, if you will, they either trade them, they offer them for sale, they barter with them. You have forums that are focused on data breaches. You have forums based on credit card numbers.
You have forums that are more used for different types of tooling and software, malware trading. And you have the forums that. Are used to recruit ransomware affiliates all different types of forums. You have the English language forums, the non English language forums. It's quite a robust ecosystem where this information needs to get traded and moved around somehow.
And this is a lot of what happens.
Mike Farrell: So, for instance, if I carried out an attack on, I don't know, some big company and I've now got access to a database full of information, I might advertise on the forum. Hey, I've got this. Who wants it? And what do I have a particular price on [00:05:00] it? Or is it someone just makes you an offer?
Like, how does that exchange happen?
AJ Vicens: Well, so in the case of breached forms, for instance, which the story is about, they might come on there and say, Hey, either I have access to the network. So, you know, an initial access, which is a key part of this whole chain. Or they say, I have downloaded the data. I have it in my possession.
Essentially, who wants it, right? Here's the price. And then there, the form itself. Sort of acts as a broker, sort of a middleman, and they will collect the money and then pay out the person selling the data. So it's actually kind of a mature space in some ways. These people have been, they burn each other all the time.
They scam each other, but in breached ones, for instance, the rules quite clearly say if you're scamming people, you're going to get banned. So a lot of this community is built on reputation. And if you have a reputation of burning people, you're not going to get very far.
Mike Farrell: So it's not like one day I could just go and say, sign up and be part of this forum.
There's a process, right? A vetting process to get in even [00:06:00] in through the door, right?
AJ Vicens: Well, on some of them you do need to be sort of vouched for, but others you can just sort of sign up. But you have literally zero reputation and it shows up. I'm looking at Breachform right now. There's a little avatar with your image, whatever image you upload, when you joined, how many posts you have, and there's a thing that says reputation, and it might say zero.
So the more you trade and interact and your trades are sort of verified and validated, your reputation goes up. So then if you're looking for data and someone has a higher reputation, you might be more willing to believe that what they say they have is accurate and real.
Mike Farrell: So the main forum that you've been tracking or one of the forms you've been tracking for a while was the subject of a fairly significant law enforcement investigation that arrested the person behind it was running the forum and then sees the infrastructure that all happened.
Earlier this year, but then a new version sort of [00:07:00] popped up and is now active again. How difficult is it for one for law enforcement to sort of get ahead and take these things down? And do you think they're actively working on tracking this new forum? Just talk a little bit about this sort of. This cat and mouse game between the participants and the feds.
AJ Vicens: Well, it certainly seems like a bit of a whack a mole issue. One forum goes down, another pops up. So this forum, Breach Forums, was actually the administrator of it. We were talking about reputation a minute ago. He had a quite high reputation, but he was arrested. He was a kid, a 20 year old kid, arrested in his family home.
Just outside of New York City in March. And it was kind of strange for a little while as to what was going to happen. The site kind of went away. But in that interim period, a flurry of other sites popped up trying to claim the mantle as the place to trade databases and stolen data. But they're all sort of [00:08:00] competing with each other.
The different admins of these forums might hack each other. And spill the user databases. Actually, when I signed up for breach forums, the new one, a couple of days later, I got an email from a rival forum saying, Hey, I see you in there. I got their data. Come join our forum.
Mike Farrell: So you're getting forum spam.
AJ Vicens: Exactly. Ours is the real criminals forum come to us. So they compete with each other. But as we discussed, the reputation thing is such that the people behind breach forums. Have sufficient reputation. And so when they relaunched, even though they have some hiccups, sort of solidified themselves as the top dog in the database breach marketplace.
And if you're law enforcement, it's sort of your job to stay on top of these things. So they have aliases, they operate in these forums, and then you can see sort of in the charging documents that come out. Inevitably that they do interactions with certain threat actors that are selling things. They sort of prove that the [00:09:00] data has been sold, obtained, it's legitimate, that kind of thing.
So I would imagine, I think it's a safe assumption that the FBI or sort of multiple other. Law enforcement agencies around the world have their eyes keenly focused on this forum.
Mike Farrell: One of the things you brought up in the story is that there are English language forums, there are Russian language forums, and Breach Forums is somewhat unique because it's a large English language forum.
Why is that a differentiator? Is there a bigger market for English language U. S. data? Is that why that makes Breach Forums sort of a magnet for a lot of these people?
AJ Vicens: What we have to keep in mind here is if you sort of zoom out in the geopolitics of all of this, a lot of these cybercriminal gangs are in Eastern Europe, Russia, and the Russian government has sort of, depending on who you're listening to, they either actively condone this sort of behavior, or they participate in it, or they At the very least, they don't sort of crack [00:10:00] down on it, say, the way that the FBI does.
It's a very serious crime, obviously, to access computers and steal data in the United States. The FBI is quite active in this, as we've discussed on the podcast. So when you have an English language forum, it sort of opens the door for a wider range of people to participate, including Americans and Westerners.
And American data is quite valuable. With respect to health insurance data or any kind of data, right? So credit cards, financial data, other kinds of data. So the fact that you have an English language forum that sort of has caught on in this way is interesting in the community and people pay attention to things that get posted there.
Mike Farrell: Well, your stories are always. provide a fascinating view inside this world, which, you know, very few reporters go. And thanks for coming on the show, talking with us about this AJV sends cyber scoop reporter. Thanks, Mike.[00:11:00]
Today's episode is brought to you by our friends at Google. Do you want to protect your agency and data from the most sophisticated cyber attacks? Visit cloud. google. com slash security to access resources and expertise to get started today. And now we're going to talk to Victor Jura. It was joining us from Kiev, Ukraine, where he's a top cyber security official, Victor Zhora.
Thank you so much for joining us today on safe mode. Appreciate you taking the time out of your, what I suspect is a busy day, which has been many busy days for you. So first I wanted to just, uh, talk about. Get a little bit of background on what you do, where you work, and then we can get into what's going on with the war in Ukraine and your, your role in all of this.
You are deputy chairman of the State Service of [00:12:00] Special Communications and Information Protection of Ukraine. That is a, it's a long title. Can you break that down for us and, um, tell us a little bit about what that is for those who don't know.
Victor Zhora: Thank you, Mike. And thank you for having me today for the state service of special.
Communication information protection of Ukraine is the governmental body with a special status responsible for many functions, more than 100, including, but not limited to providing special secure communications to country leaders, broadcasting of TV and radio signal, then the protection of critical infrastructure.
And the cyber protection, of course, my role as a deputy chairman to, is to oversee the national incident response team, CERT UA, the state cyber protection center, and also I'm responsible for digital transformation projects in our servers. And these projects are actually [00:13:00] external organized and launched to, to serve for.
critical information infrastructure and governmental entities. So we have the national backup center. We have a service platform for, for cybersecurity. We have a trusted internet connection point and the incident response team itself serves for citizens, for businesses and for public sector too.
Mike Farrell: And you're, we're talking today.
I'm in Washington, DC, you're in Kiev. Is that right?
Victor Zhora: Okay.
Mike Farrell: So it's, what is today? Today's June 21st. This Podcast probably won't air for a bit. I wonder if you could give us sort of the state of play at this moment with some of the things you're dealing with. I know more broadly in the. where things are with, uh, Ukraine Russia war.
It's a counter offensive that started not too long ago. Let's just step back for a moment and give us the big picture. So, provide some [00:14:00] context around what's around you, what's going on in your day to day, and how things are for Ukraine right now.
Victor Zhora: First of all, we are an active phase of countering full scale invasion of Russia to Ukraine.
And it's, it's June, and it's more than almost one year and a half of this unprovoked, unprecedented, and unjustified war against our country. And hopefully now we switch to a phase of counter offensive. But despite of that, we face a lot of challenges, including genocide and ecocide on the Ukrainian territory.
Um, I'm in the latest case of, uh, explosion of the Khovka hydroelectric station, the dam, uh, which caused, which caused many death, but, but also a huge ecological catastrophe. Uh, our expectations of counter offensive, uh, are very high because every [00:15:00] minute, every day is very important in saving of people's life and liberation of our territories.
I know that people suffer a lot on these, uh, these separately occupied territories. So all of our efforts of Ukrainian armed forces, president of all Ukrainian people are focused on, um, soon liberation of our territories and pushing back of Russian occupation forces. Thank you very much. In, uh, cyber and cyber Polish, uh, we are facing continuous aggression from the Russian side, which started on January 14th, 2022.
And it's a, it continues the number of incidents per week or per month isn't decreasing. Russian, uh, offensive, offensive cyber units continue to be very dangerous and very active. We, each day we face up to 10. Cyber attacks and in total, from the beginning of the invasion, you [00:16:00] registered around 3000 major cyber incidents, which we, which we proceed manually in our team.
Also, there are numerous attacks. that are prevented with the use of four different network protection equipment located in our central capacity for internet access for government bodies. And of course, on the level for these organizations. Of course, Ukraine is not alone, and we are grateful to all our partners, all our friends.
And there is reconstruction conference for Ukraine in London right now. So of course we should think of bringing people back and of reconstruction from all the, from all the destructions made by Russians in our country, which unfortunately continues because almost each day here in Kiev we have air alerts and we have drones attack and missile strikes on the critical infrastructure and which is, which is more [00:17:00] dangerous and concerning to our civilian infrastructure, including residential houses, including hospitals, schools, et cetera, et cetera.
Every day we are facing huge challenges, but nevertheless, we are optimistic and Ukraine, Ukraine shall prevail.
Mike Farrell: Now, as you mentioned what the, sort of the portfolio, the area that you're focused on around the war involves cyber, cyber defense. I wonder if you could get, you characterize the role. That cyber is playing in the conflict and maybe how that's evolved since the beginning of the
war.
Victor Zhora: As I mentioned earlier, we consider the first strike in cyber war to be made on January 14th, when up to 70 governmental websites were attacked by Russia affiliated actor. Some of these websites were defaced. And also the first use of Viper in this phase of cyber aggression was [00:18:00] registered. After that, we faced a number of huge DDoS attacks and number of serious cyber attacks on the day before the invasion.
After That goes in parallel with the kinetic war full scale war in the middle of Europe in 21st century. And of course, cyber plays a great role in this being an independent component, rather destructive, potentially destructive. And so thankfully we are able to, um, to maintain the necessary level of cyber resilience.
But at the same time, I would, I would split all cyber attacks to three groups, the first groups, and it's influence operations, information, psychological operations, aiming in subversion and sowing of propaganda. Now they turned more to, to our partner countries in order to undermine the support from these governments and from societies to to Ukraine.[00:19:00]
The second group is the data collection, so cyber spears operations, and we observe the shift from destructive operations to more cyber pash in the recent half a year. And, uh, the third group, uh, of course, uh, destructive operations, uh, aiming in causing impact to our information infrastructures, data, different online services, et cetera.
Sometimes they are executed separately in order to bring this kind of impact. Sometimes they are used as the amplification for psychological effect. For kinetic operations. And in many cases, we observed the coordination between the cyber attacks and kinetic attacks. In the first phase of war, the focus was on destructive operations, aiming, for instance, in disruption of communication of armed forces.
And attack on via sat [00:20:00] network is a great example of this. Then again, there were numerous attempts to interfere the air media, et cetera, to use cyber. As the, uh, the instrument for influence separation. But in the recent five or six months, starting from the beginning of this year, we observed shift to, to, uh, to mostly cyber espionage operations, aiming in getting important information, which can be used for getting that show the battlefield, or for instance, attempts that were tested and getting information on supply of weapons to Ukraine.
Uh, for different logistical aspects of international assistance to Ukraine. So there's certainly, certainly a shift, but, uh, despite of that, all, all the attackers remain very active in pursuing their goals to, to impact Ukraine's digital, digital systems and, uh, online services for government and for citizens.
And of course, use cyber as supportive [00:21:00] component to, to their kinetic efforts.
Mike Farrell: Can you give an example of this sort of cyber kinetic dynamic? I know there have been some reports and some disputed reports around some cyber attacks that may be followed a kinetic attack, or you just drill into a little bit about how that's playing out specifically on the ground.
Victor Zhora: There were numerous cases of, of these attacks, which we consider to be coordinated. For instance, there were attacks on missile strikes on certain regions, and at the same time, attacks on, on local internet service providers. were made or there were attacks on information resources or web resources of local authorities and governmental institutions.
Again, uh, we see a lot of, uh, signs of coordination with attacks on critical infrastructure. And that was a [00:22:00] boost of these, these attacks in autumn when the Russians started to, to use cruise missiles for attacking our energy sector, energy infrastructure. And they did both. In cyber and in kinetic. Again, just a year ago, there was a statement by the largest private energy company in Ukraine, which, which observed a simultaneous attack on their network infrastructure.
And at the same time, missile strike on their thermal power plants. There's an obvious sign and reason for coordination of these attacks. And we even issued a report on this. from CIP together with the center of study from the ministry of defense research focusing on coordination of cyber attacks and kinetic attacks.
So all of these reports together with, with our digest on cyber, cyber security and researchers on different threat actors so that. [00:23:00] Target Ukrainian organizations are available in public. Please feel free to subscribe to our resources and get the newest information from what's happening in Ukraine. We have this on web resource, Facebook page, et cetera, et cetera.
And Twitter is very active in sharing on this.
Mike Farrell: Yeah, it is. Definitely. You're very active on Twitter as well. Oh, thank you. It will include some of the links. that you mentioned in our show notes. I'm curious, it seems, and I've heard U. S. officials talk about this, that there are a bigger, broader variety of Russian hacking groups involved in attacking various aspects of Ukraine than maybe previously thought.
You've got groups that are connected to the government intelligence services, military, but even maybe some, some freelance groups that aligned with different Parts of the government that are carrying out various types of attacks. I wonder if you [00:24:00] could give us a snapshot of all the different players that are involved in Carrying out attacks on Ukraine from Russia.
Victor Zhora: Sure again in academia It's often it's often consider that these groups can be State, state actors, state associated actors and groups that are located in some states or with regards to Russian offensive cyber capability, I think that all of them are state or state associated, including even hacktivist groups that are famous for their telegram channels, but no doubt that in each of these groups, there is an officer of Russia special services.
So these all three groups that represent the Russians, Russians offensive capabilities, are united with the same goal. They're military offensive units, hackers in uniform from well known groups, Sandworm, APT [00:25:00] 28, APT 29, Gamaridon. All of them are associated with the GRU or FSB or SVR or different institutions of the Ministry of Defense.
Then cybercriminal groups. Again, they coordinate the activities with their chiefs in the Kremlin or wherever, and activist groups who are competing for attention and funding of, of more official offensive units. So they share, they share tasks, they share targets, and they share resources for all those groups.
So they are all united. And of course, official military units remain to be the most dangerous power. Targeting not only Ukraine, but also European countries, the United States, Canada, and all our friends and partners who are standing with Ukraine.
Mike Farrell: How are U. S. companies helping you in [00:26:00] defending against Russian cyber attacks?
Victor Zhora: From the first days of the full scale invasion, there were a lot of proposals of help and real help. We continue, uh, getting software, hardware, cloud infrastructures, consultancy, threat intelligence from global IT providers, from, from dedicated cyber security companies. And this is a huge support, which is proposed both on a bidirectional basis, I mean, in, in a framework of private, public and private partnership.
And then, of course, there is support from governments and particularly from from, uh, U. S. Government through different. Ways of, uh, contracts of cooperation, including USAID funded projects. So this, this, uh, help and this assistance is really enormous and is crucial for all the cyber defense and our resilience.[00:27:00]
And we are extremely grateful to U. S. government and to our partners from, from European Union and to us.
Mike Farrell: So what else do you think U. S. or Western companies can be doing? You wrote a piece in Cyberscoop, in fact, calling for a broader coalition to be formed to deal with Russia, not just Russia, Russian aggression, maybe around the world even. Can you talk a little bit about what you'd like to see going forward?
Victor Zhora: Well, there are different focuses. Of course, since the aggression continues and we continue countering it, we require more resource since Ukraine is on the front line of this global cyber war. And even in case we have any licenses for software that contributes to our cyber resilience, they need, they need to be renewed.
Of course, since we proved the efficiency of [00:28:00] approaches. Proposed and implemented together with our partners. We need to scale up because we want to cover more of critical infrastructure. And we, and triple SCAP are especially focused on protecting of businesses. Our direct responsibility is to help protecting state information resources through our platform services, through the National Backup Center and for all the services that we have here in our agency, but the, the entire cyber resilience can be achieved only with a joint efforts from business and from public sector, especially when we talk about critical infrastructure, the biggest part of which is privately owned in Ukraine.
So we, we, of course, we are also working on this through standardization, through requirements, through legal frameworks, but at the same time, understand that these organizations require funds, they require time, they [00:29:00] require talented specialists to, to implement everything needed, particularly they are.
Capabilities of prevention of cyber incidents and that, of course, requires a great scopes of assistance, which can be shared through through our service or through our other colleagues from the national cyber security systems. So that's one track with regards to cyber correlation. It works very well in exchanging information, which is very important for us and for timely response or prevention of cyber incidents.
So that's threat intel, indicators of compromise, exchange information on different threat actors, TTPs. et cetera, but we want to pay back with the lessons learned or with the visibility or what we have with the TTPs by threat actors that can be used in targeting of other countries. So that should be coalition of countries of states with responsible behavior in cyberspace.
But again, [00:30:00] United. With the goal for this moment in the first country in Russian cyber aggression, and the second bringing, bringing in this, uh, government and civic attackers. So people responsible for conducting all these attacks to accountability. Again, this is a very, very important and at the same time, difficult to difficult questions.
We need to. To discuss widely, because first, we should limit the access of the aggressor to technologies, and we need to identify exact people standing behind these cyber operations. Some of them can be considered as cyber war crimes, especially in cases when they are supportive to kinetic operations, majority of which are.
war crimes or a focus on the impact to civilian infrastructure. Again, using civilian targets in kinetic world is considered to be a war crime, especially [00:31:00] when it caused casualties, et cetera, but with regards to cyber world, it's completely new concept, which should be a widely discussed with academia, with the governments and with the prosecution and with the courts, one of our activities is getting a full.
First, identifying the cases which can be considered cyber war crimes, then collecting evidences and sending them to the International Criminal Courts. So this work is being done together with the General Prosecutor's Office and our consultants from all over the world. So I think this is the potentially the most effective way of bringing those people to accountability.
I understand that they are. Well, most of them are military servants, hackers in uniform, but again, we need at least decisions made by countries to acknowledge them, to be responsible for these cyber attacks and, and to identify the mechanism, how we can reach out to them [00:32:00] physically and bring them to court.
This is, this is important and through, through the potential use of or any other mechanism, we can treat them as war criminals, for instance. These atrocities that are done by, by occupant forces, of course are unprecedented, but again, this is the first case of using cyber weapon in the kinetic conflict and using cyber weapon as the.
Independent components, separate components, these I think it's, it should bring us to new understanding and new concept of treating cyberaggression.
Mike Farrell: What, in your mind, or from your point of view, when does a cyber attack become a war crime? I don't think we've ever seen a digital war crime prosecuted.
This would be a novel approach.
Victor Zhora: That's a very, that's an absolutely novel approach. And of course, there should be a discussion with lawyers, with [00:33:00] prosecutors, because we should clearly identify the criteria. For these crimes, but as an example, for instance, I can give the data collection operations aimed in getting information on Ukrainian citizens on occupied, temporary occupied territories and following, following use of, of these data for executions or for tortures or for these people in case they are former military or their current military or law enforcement or activists or volunteers.
So in case Russian occupants committed war crime with prisoners, with civilians on occupied territories and this is achieved through cyber operations, aiming in getting available information on them that that causes basically the following consequences that can be a part of Of, of this, of this, uh, of war crime, or [00:34:00] for instance, when there is a huge attack, cruise missile strike, and then the following attack on media, for instance, or on critical infrastructure, on energy sector, which can cause deaths on people in hospital or other consequences.
Again, this can be considered to my opinion, but we should have this discussion and clearly identify the criteria. of, of classifying these, uh, these incidents and these attacks to, to actually be a cyber war crime.
Mike Farrell: So early on in the war, and I think even today there have been reports of Americans, Europeans joining the Ukrainians in the fight, either on the ground or on the digital battlefield.
Is that something that's still happening?
Victor Zhora: Uh, what do you mean joining, uh, sort of, uh,
Mike Farrell: there's a, there's a broader effort among people online to identify Russian propaganda and put and point that out and dispute it. There's [00:35:00] hackers who have come to Ukraine's aid, that sort of broader digital effort. I was wondering if that's something that's still going on, there's value in that.
And with what role that's played,
Victor Zhora: I've got obviously official assistance and volunteers unofficial. Yes, unofficial because official, we just discussed it and it goes through different forms of cooperation, but with regards to volunteer activity, but different cyber professionals, let's say it continues to be to be white.
I think, of course, the initial, the initial efforts and, uh. Inspiration for all of this obviously decreased, but some of active volunteer groups are maintaining their efforts in decreasing the enemy's ability to attack Ukraine and our partners. It's difficult to, it's difficult to evaluate the efficiency of these efforts, but, uh, as the citizen, I would say, of course, it's of course a great contribution to our [00:36:00] resilience.
First of all, it. It's a kind of sublimation of skills and energy of people in protection and helping Ukraine. The one point on the second point is again, every, everybody has a right for justice. I think that what Russia did with violating of all international laws and norms, and of course in cyber, that's, that caused this kind of reaction by volunteers.
No doubt, uh, their activity is helpful for us in defending of our Digital boundaries and digital infrastructures, but definitely there should be this offensive mandate and her counter offensive mandate and counter phase of capabilities should begin through through the law with the formation of Ukrainian cyber forces that should be that should be done in our forces of Ukraine and they should have these.
official mandate and there are still discussions on it and [00:37:00] different versions of, of law, but I'm confident that this will happen soon.
Mike Farrell: So is cyber playing a role at all in the counter offensive or any other offensive operations that you've created?
Victor Zhora: I mean, counter, uh, since, uh, since Russians are executing offensive operations, we can respond only in counter offensive, but with regards to counter white counter offensive kinetic operation, which continues.
Since we don't have, uh, cyber forces, uh, it's difficult for me to, uh, to make any statements on, uh, cyber component in this, but certainly there can be some capabilities in different, different security and defense sector agencies, which can be used for, for kinetic counter offensive. particularly in getting of important intelligence for our armed forces.
PBR.
Mike Farrell: Can you talk a little bit about your, how you connect and your relationship [00:38:00] with the Western intelligence agencies, such as the NSA or cyber command and the relationship there and how they might be aiding you in some of your efforts?
Victor Zhora: RL. Perhaps, perhaps I cannot broadly discuss, discuss these aspects of cooperation, but, uh, we would appreciate any help in this area.
Mike Farrell: I know you just, you, there was a cyber conference that you attended recently in Estonia, right? Ukraine was a, that wasn't, it was in Estonia.
Victor Zhora: There were numerous events in Estonia at the end of May and beginning of June, yeah, but, but, well, SCICON 23 was one of the major events, and it's an annual conference, and by the way, for the first time, we were, we were Participating in it, being an official contributing participant in CCDCOE and Ukrainian, a Ukrainian sent our representative.
He's the triple SCAP officer, but [00:39:00] he represents all Ukrainian national cybersecurity system working at CCDCOE. So he participated in the panel and now we have this very important step towards integration to, to Euro Atlantic organizations. And of course, this is a very important And this
is one very important and helpful platform for this.
Mike Farrell: So looking ahead, what are your big concerns, your big worries for the months, weeks ahead for Ukraine in regards to cyber?
Victor Zhora: One of our major concern is that according to aggressor's tactics. In recent months, they are focused on gaining access to service providers, to supply chains, through which, of course, they can bring more impact to our infrastructure.
And our daily routine is to, to maintain this resilience, to [00:40:00] quickly identify threats, breaches, attempts to attack our... These providers and the critical infrastructure, because, because as I said, critical infrastructure is still in focus, particularly energy sector. So that should be, that should be our focus in cyber defense.
And that's why we are worried in maintaining of stability in our cyberspace while counter offensive continues.
Mike Farrell: Well, Victor Jora, I appreciate you taking time out of your day. It's late there in Kiev now. We really appreciate you talking to us. Thanks so much.
Victor Zhora: Thank you so much. It was a pleasure.
Mike Farrell: This podcast is brought to you by our friends at Google.
Together, Mandiant with Google Cloud helps public sector organizations become more secure. from cyberattacks. Visit cloud. google. com slash security for [00:41:00] threat reports, resources and security. Best practices. Thanks for listening to safe mode, a weekly podcast on cybersecurity and digital privacy brought to you by cyber scoop.
If you've enjoyed this episode, please leave us a rating. And review and share it with your friends, your mom, or your dad, because you know, they're probably going to get hacked. If you don't to find out more information or to contact me, your host, please visit cyberscoop. com.