Mediaboss Marketing

By Diyar Guldogan

ANKARA

Russian President Vladimir Putin discussed Wednesday the situation in Ukraine over a phone call with German Chancellor Angela Merkel and French President Francois Hollande.

"Dissatisfaction was expressed with the general situation surrounding the settlement of the Ukraine crisis," the Kremlin said in a statement.

The leaders discussed the progress toward implementing the Minsk agreements, including Normandy format summit which was held in Berlin on Oct. 19.

Putin, Merkel, Hollande and Ukrainian President Petro Poroshenko gathered in Berlin for the first time in more than a year for a four-party meeting, amid intensified fighting in eastern Ukraine between government troops and pro-Russian separatists.

"There was an emphasis on the importance of stepping up joint efforts to de-escalate tensions in southeastern Ukraine and ensuring consistent implementation of the Minsk-2 provisions," it added.

The leaders also agreed on giving an "additional impetus" to the Normandy format activities and holding meetings at various level in the upcoming period.

Ukraine has been wracked by conflict since March 2014 following Russias annexation of Crimea after an illegal independence vote on the heels of violent anti-government protests which led to the overthrow of the then-President Victor Yanukovich.

The UN General Assembly had voted nearly unanimously to proclaim the Russian annexation as illegal.

Along with many UN countries, the U.S., the EU, and Turkey also do not recognize Crimea as Russian territory.

Fighting between Ukrainian government forces and pro-Russia separatists has seen around 9,750 killed, according to the UN.

Read more from the original source:
Putin, Merkel, Hollande discuss situation in Ukraine - Anadolu Agency

(Kyiv) An order from Ukrainian authorities banning the Russian independent television channel Dozhd TV (TV Rain) from broadcasting on Ukrainian cable networks violates freedom of expression and should be revoked, Human Rights Watch said today. In Russia, Dozhd TV is accessible only by streaming it over the internet since the Russian authorities orchestrated its cutoff from satellite and cable providers in 2014, as part of the Kremlins crackdown on independently owned television channels.

It is profoundly disappointing to see that Ukrainian authorities are following the Kremlins example in silencing media they dont like, said Tanya Cooper, Ukraine researcher at Human Rights Watch. Media should not be used as a scapegoat in political bargaining.

A statement on the Dozhd TV website on January 12, 2017, said that its Ukrainian cable provider, Volya, notified the station that Ukraines National Radio and TV Council had issued an order to stop Dozhd TV broadcasts. The council said cable providers have one month to implement the order from the date it was published. The Dozhd TV statement said a Volya representative informed the station the ban was issued because Dozhd TV had violated Ukraines advertising regulations.

A participant holds a flyer during a protest against the threat of closure to television station Dozhd (TV Rain) in Moscow February 8, 2014. The flyer reads "We need Dozhd".

2014 Reuters

However, in an interview with wire service Interfax-Ukraine, a member of the National Radio and TV Council stated that Dozhd TV was banned also for identifying Crimea as a part of Russias territory in its broadcasts. He also said that Dozhd TV correspondents had travelled to Crimea directly from Russia several times, a violation of Ukrainian law.

Russia has occupied the Crimean Peninsula since 2014. In its World Report 2017, Human Rights Watch concluded that Russias actions in occupied Crimea created a human rights crisis.

A Dozhd TV representative told Human Rights Watch that Ukraines National Radio and TV Council contacted the television channel and asked it to address violations of advertising regulations, which prohibit media from non-EU countries or countries that have not ratified the European Convention on Transfrontier Television from broadcasting advertisements. The Dozhd TV representative said the station had addressed this violation and notified Ukraines National Radio and TV Council. The representative said that Ukrainian authorities had not contacted the channel since then to either express further concerns or to offer an alternative to blocking Dozhd TV broadcasts in Ukraine.

Natalia Sindeyeva, director general of Dozhd TV, said in the January 12 statement that she regretted that the National Council of Ukraine came to such a decision. According to Dozhd TV, about 90 cable providers broadcast Dozhd TV in Ukraine, reaching approximately half a million households.

In early 2014, after a public outcry by several Russian lawmakers and an investigation by the state media oversight agency (Roskomnadzor), Russian cable providers stopped broadcasting Dozhd TV. In November 2016, security officials of the self-proclaimed Donetsk Peoples Republic (DNR) arbitrarily detained two Dozhd TV journalists, deleted their footage, and banned them indefinitely from returning to the area.

In Ukraine, media freedom remains problematic. In June 2016, a presidential decree banned 17 Russian journalists, editors, and media executives from travelling to Ukraine. In September 2015, the government banned several hundred Russian individuals and legal entities from entering Ukraine for a year. Among them were 41 journalists and bloggers from several countries, including Russia, Israel, the United Kingdom, and Germany. In May 2016, President Petro Poroshenko removed 29 people from the list of those sanctioned.

The international organizations Freedom House and the Committee to Protect Journalists issued statements urging the Ukrainian government to drop the ban against Dozhd TV. On Twitter, the Organization for Security and Co-operation in Europes media freedom representative described the decision as very damaging for media pluralism in Ukraine.

Media serves as an essential check on government power, abuses, and many other issues, Cooper said. Protecting media freedom will set Ukraine on the right course for further meaningful reform and human rights-based policies.

More:
Ukraine: TV Channel Ordered Banned - Human Rights Watch

KIEV/MILAN A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday.

When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine.

Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station "North", were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters.

"The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.

Law enforcement officials and cyber experts are still working to compile a chronology of events, draw up a list of compromised accounts, and determine the penetration point, while tracing computers potentially infected with malware in sleep mode, it said.

The comments make no mention of which individual, group or country may have been behind the attack.

"It was an intentional cyber incident not meant to be on a large scale... they actually attacked more but couldn't achieve all their goals," said Marina Krotofil, lead cyber-security researcher at Honeywell, who assisted in the investigation.

In December 2015, a first-of-its-kind cyber attack cut the lights to 225,000 people in western Ukraine, with hackers also sabotaging power distribution equipment, complicating attempts to restore power.

Ukrainian security services blamed that attack on Russia.

In the latest attack, hackers are thought to have hidden in Ukrenergo's IT network undetected for six months, acquiring privileges to access systems and figure out their workings, before taking methodical steps to take the power offline, Krotofil said.

"The team involved had quite a few people working in it, with very serious tools and an engineer who understands the power infrastructure," she said.

The attacks against Ukraine's power grid are widely seen by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.

(Writing by Oleg Vukmanovic; reporting by Pavel Polityuk in Kiev, Oleg Vukmanovic and Stephen Jewkes in Milan; editing by Susan Fenton/Ruth Pitchford)

Streaming video pioneer Netflix Inc added over a third more subscribers than expected in the last quarter of 2016, a sign of success for its ambitious global expansion that sent its shares up 8 percent in extended trading.

COPENHAGEN Facebook plans to build its third data center outside the United States in Odense, Denmark, the California-based tech company said at a joint press conference with Odense municipality on Thursday.

NEW DELHI Some Indian officials have baulked at Apple's demands for concessions before it assembles iPhones there, raising doubts about a spring deadline to launch a key project in Prime Minister Narendra Modi's campaign to lure foreign investors.

Continue reading here:
Ukraine's power outage was a cyber attack: Ukrenergo - Reuters

KIEV/PARIS Ukraine indicated on Wednesday it would bar French presidential candidate Marine Le Pen from entering the country after comments she made that appeared to legitimize Russia's annexation of Crimea in 2014.

Le Pen's office dismissed the threat, saying she had no intention of visiting Ukraine.

Kiev is nervous about the shifting political landscape in 2017. U.S. President-elect Donald Trump has adopted a friendlier tone toward Russia while another French presidential candidate, Francois Fillon, favours lifting sanctions against Moscow.

Relations between Ukraine and Russia soured after Russia's annexation of Crimea and the subsequent outbreak of pro-Russian separatist fighting in eastern Ukraine that has killed around 10,000 people, despite a ceasefire being notionally in place.

Alluding to Le Pen, the Ukrainian foreign ministry said in a statement: "Making statements that repeat Kremlin propaganda, the French politician shows disrespect for the sovereignty and territorial integrity of Ukraine and completely ignores the fundamental principles of international law.

"...Such statements and actions in violation of the Ukrainian legislation will necessarily have consequences, as it was in the case of certain French politicians, who are denied entry to Ukraine," it said.

The far right leader was quoted by French television as saying Russia's annexation of Crimea was not illegal because the Crimean people had chosen to join Russia in a referendum, a position Kiev vehemently disputes. The referendum was also declared illegal by the United Nations General Assembly.

Opinion polls have consistently shown Le Pen making it to the second round of the presidential election, to be held in May, but losing that run-off to a mainstream candidate, likely to be conservative Fillon.

"Marine Le Pen had no intention of going there (to Ukraine) anyway. This issue will be solved via diplomatic channels when she becomes president of the (French) Republic," a spokesman for Le Pen said in an emailed response to Reuters.

Earlier on Wednesday Le Pen said France should leave the euro but the shift to a new national currency could be accompanied by a framework similar to the pre-euro era of the ECU.

(Additional reporting by Alexei Kalmykov; editing by Mark Heinrich and Dominic Evans)

GENEVA The leaders of both sides of ethnically divided Cyprus began new unification talks on Monday but sought to temper hopes of a swift breakthrough, though its U.N. envoy said a deal to resolve one of Europe's most enduring conflicts was within reach.

TOKYO Japan is always gathering and analysing information on North Korea's nuclear missile situation with great interest, its top government spokesman said on Tuesday.

BEIJING A Chinese professor has been sacked after he criticized Chairman Mao Zedong on his 123rd birthday in an commentary he posted online that enraged leftists.

See the article here:
Ukraine moves to blacklist Le Pen over Crimea comments

Slide: 1 / of 1. Caption: Jose A. Bernat Bacet/Getty Images

It was 3:30 p.m. last December 23, and residents of the Ivano-Frankivsk region of Western Ukraine were preparing to end their workday and head home through the cold winter streets. Inside the Prykarpattyaoblenergo control center, which distributes power to the regions residents, operators too were nearing the end of their shift. But just as one worker was organizing papers at his desk that day, the cursor on his computer suddenly skittered across the screen of its own accord.

He watched as it navigated purposefully toward buttons controlling the circuit breakers at a substation in the region and then clicked on a box to open the breakers and take the substation offline. A dialogue window popped up on screen asking to confirm the action, and the operator stared dumbfounded as the cursor glided to the box and clicked to affirm. Somewhere in a region outside the city he knew that thousands of residents had just lost their lights and heaters.

The operator grabbed his mouse and tried desperately to seize control of the cursor, but it was unresponsive. Then as the cursor moved in the direction of another breaker, the machine suddenly logged him out of the control panel. Although he tried frantically to log back in, the attackers had changed his password preventing him from gaining re-entry. All he could do was stare helplessly at his screen while the ghosts in the machine clicked open one breaker after another, eventually taking about 30 substations offline. The attackers didnt stop there, however. They also struck two other power distribution centers at the same time, nearly doubling the number of substations taken offline and leaving more than 230,000 residents in the dark. And as if that werent enough, they also disabled backup power supplies to two of the three distribution centers, leaving operators themselves stumbling in the dark.

The hackers who struck the power centers in Ukrainethe first confirmed hack to take down a power gridwerent opportunists who just happened upon the networks and launched an attack to test their abilities; according to new details from an extensive investigation into the hack, they were skilled and stealthy strategists who carefully planned their assault over many months, first doing reconnaissance to study the networks and siphon operator credentials, then launching a synchronized assault in a well-choreographed dance.

It was brilliant, says Robert M. Lee, who assisted in the investigation. Lee is a former cyber warfare operations officer for the US Air Force and is co-founder of Dragos Security, a critical infrastructure security company. In terms of sophistication, most people always [focus on the] malware [thats used in an attack], he says. To me what makes sophistication is logistics and planning and operations and whats going on during the length of it. And this was highly sophisticated.

Ukraine was quick to point the finger at Russia for the assault. Lee shies away from attributing it to any actor but says there are clear delineations between the various phases of the operation that suggest different levels of actors worked on different parts of the assault. This raises the possibility that the attack might have involved collaboration between completely different partiespossibly cybercriminals and nation-state actors.

This had to be a well-funded, well-trained team. [B]ut it didnt have to be a nation-state, he says. It could have started out with cybercriminals getting initial access to the network, then handing it off to nation-state attackers who did the rest.

The control systems in Ukraine were surprisingly more secure than some in the US.

Regardless, the successful assault holds many lessons for power generation plants and distribution centers here in the US, experts say; the control systems in Ukraine were surprisingly more secure than some in the US, since they were well-segmented from the control center business networks with robust firewalls. But in the end they still werent secure enoughworkers logging remotely into the SCADA network, the Supervisory Control and Data Acquisition network that controlled the grid, werent required to use two-factor authentication, which allowed the attackers to hijack their credentials and gain crucial access to systems that controlled the breakers.

The power wasnt out long in Ukraine: just one to six hours for all the areas hit. But more than two months after the attack, the control centers are still not fully operational, according to a recent US report. Ukrainian and US computer security experts involved in the investigation say the attackers overwrote firmware on critical devices at 16 of the substations, leaving them unresponsive to any remote commands from operators. The power is on, but workers still have to control the breakers manually.

Thats actually a better outcome than what might occur in the US, experts say, since many power grid control systems here dont have manual backup functionality, which means that if attackers were to sabotage automated systems here, it could be much harder for workers to restore power.

Multiple agencies in the US helped the Ukrainians in their investigation of the attack, including the FBI and DHS. Among computer security experts who consulted on the wider investigation were Lee and Michael J. Assante, both of whom teach computer security at the SANS Institute in Washington DC and plan to release a report about their analysis today. They say investigators were pleasantly surprised to discover that the Ukrainian power distribution companies had a vast collection of firewall and system logs that helped them reconstruct eventsan uncommon bonanza for any corporate network, but an even rarer find for critical infrastructure environments, which seldom have robust logging capabilities.

According to Lee and a Ukrainian security expert who assisted in the investigation, the attacks began last spring with a spear-phishing campaign that targeted IT staff and system administrators working for multiple companies responsible for distributing electricity throughout Ukraine. Ukraine has 24 regions, each divided into between 11 and 27 provinces, with a different power distribution company serving each region. The phishing campaign delivered email to workers at three of the companies with a malicious Word document attached. When workers clicked on the attachment, a popup displayed asking them to enable macros for the document. If they complied, a program called BlackEnergy3variants of which have infected other systems in Europe and the USinfected their machines and opened a backdoor to the hackers. The method is notable because most intrusions these days exploit a coding mistake or vulnerability in a software program; but in this case the attackers exploited an intentional feature in the Microsoft Word program. Exploiting the macros feature is an old-school method from the 90s that attackers have recently revived in multiple attacks.

The initial intrusion got the attackers only as far as the corporate networks. But they still had to get to the SCADA networks that controlled the grid. The companies had wisely segregated those networks with a firewall, so the attackers were left with two options: either find vulnerabilities that would let them punch through the firewalls or find another way to get in. They chose the latter.

Over many months they conducted extensive reconnaissance, exploring and mapping the networks and getting access to the Windows Domain Controllers, where user accounts for networks are managed. Here they harvested worker credentials, some of them for VPNs the grid workers used to remotely log in to the SCADA network. Once they got into the SCADA networks, they slowly set the stage for their attack.

First they reconfigured the uninterruptible power supply1, or UPS, responsible for providing backup power to two of the control centers. It wasnt enough to plunge customers into the darkwhen power went out for the wider region they wanted operators to be blind, too. It was an egregious and aggressive move, the sort that could be interpreted as a giant fuck you to the power companies, says Lee.

Each company used a different distribution management system for its grid, and during the reconnaissance phase, the attackers studied each of them carefully. Then they wrote malicious firmware to replace the legitimate firmware on serial-to-Ethernet converters at more than a dozen substations (the converters are used to process commands sent from the SCADA network to the substation control systems). Taking out the converters would prevent operators from sending remote commands to re-close breakers once a blackout occurred. Operation-specific malicious firmware updates [in an industrial control setting] has never been done before, Lee says. From an attack perspective, it was just so awesome. I mean really well done by them.

The same model of serial-to-Ethernet converters used in Ukraine are used in the US power-distribution grid.

Armed with the malicious firmware, the attackers were ready for their assault.

Sometime around 3:30 p.m. on December 23 they entered the SCADA networks through the hijacked VPNs and sent commands to disable the UPS systems they had already reconfigured. Then they began to open breakers. But before they did, they launched a telephone denial-of-service attack against customer call centers to prevent customers from calling in to report the outage. TDoS attacks are similar to DDoS attacks that send a flood of data to web servers. In this case, the centers phone systems were flooded with thousands of bogus calls that appeared to come from Moscow, in order to prevent legitimate callers from getting through. Lee notes that the move illustrates a high level of sophistication and planning on the part of the attackers. Cybercriminals and even some nation-state actors often fail to anticipate all contingencies. What sophisticated actors do is they put concerted effort into even unlikely scenarios to make sure theyre covering all aspects of what could go wrong, he says.

The move certainly bought the attackers more time to complete their mission because by the time the operator whose machine was hijacked noticed what was happening, a number of substations had already been taken down. But if this was a political hack launched by Russia against Ukraine, the TDoS likely also had another goal Lee and Assante say: to stoke the ire of Ukrainian customers and weaken their trust in the Ukrainian power companies and government.

It wasnt enough to plunge customers into the darkthey wanted operators blind, too.

As the attackers opened up breakers and took a string of substations off the grid, they also overwrote the firmware on some of the substation serial-to-Ethernet converters, replacing legitimate firmware with their malicious firmware and rendering the converters thereafter inoperable and unrecoverable, unable to receive commands. Once you rewrite the firmware, theres no going back from that [to aid recovery]. You have to be at that site and manually switch operations, Lee says. Blowing [these] gateways with firmware modifications means they cant recover until they get new devices and integrate them.

After they had completed all of this, they then used a piece of malware called KillDisk to wipe files from operator stations to render them inoperable as well. KillDisk wipes or overwrites data in essential system files, causing computers to crash. Because it also overwrites the master boot record, the infected computers could not reboot.

Some of the KillDisk components had to be set off manually, but Lee says that in two cases the attackers used a logic bomb that launched KillDisk automatically about 90 minutes into the attack. This would have been around 5 p.m., the same time that Prykarpattyaoblenergo posted a note to its web site acknowledging for the first time what customers already knewthat power was out in certain regionsand reassuring them that it was working feverishly to figure out the source of the problem. Half an hour later, after KillDisk would have completed its dirty deed and left power operators with little doubt about what caused the widespread blackout, the company then posted a second note to customers saying the cause of the outage was hackers.

Ukraines intelligence community has said with utter certainty that Russia is behind the attack, though it has offered no proof to support the claim. But given political tensions between the two nations its not a far-fetched scenario. Relations have been strained between Russia and Ukraine ever since Russia annexed Crimea in 2014 and Crimean authorities began nationalizing Ukrainian-owned energy companies there, angering Ukrainian owners. Then, right before the December blackout in Ukraine occurred, pro-Ukrainian activists physically attacked substations feeding power to Crimea, leaving two million Crimean residents without power in the region that Russia had annexed, as well as a Russian naval base. Speculation has been rampant that the subsequent blackouts in Ukraine were retaliation for the attack on the Crimean substations.

But the attackers who targeted the Ukrainian power companies had begun their operation at least six months before the Crimean substations were attacked. So, although the attack in Crimea may have been a catalyst for the subsequent attack on the Ukrainian power companies, its clear that it wasnt the original motivation, Lee says. Lee says the forensic evidence suggests in fact that the attackers may not have planned to take out the power in Ukraine when they did, but rushed their plans after the attack in Crimea.

Looking at the data, it looks like they would have benefited and been able to do more had they been planning and gathering intelligence longer, he says. So it looks like they may have rushed the campaign.

He speculates that if Russia is responsible for the attack, the impetus may have been something completely different. Recently, for example, the Ukrainian parliament has been considering a bill to nationalize privately owned power companies in Ukraine. Some of those companies are owned by a powerful Russian oligarch who has close ties to Putin. Lee says its possible the attack on the Ukrainian power companies was a message to Ukrainian authorities not to pursue nationalization.

That analysis is supported by another facet of the attack: The fact that the hackers could have done much more damage than they did do if only they had decided to physically destroy substation equipment as well, making it much harder to restore power after the blackout. The US government demonstrated an attack in 2007 that showed how hackers could physically destroy a power generator simply by remotely sending 21 lines of malicious code.

Lee says everything about the Ukraine power grid attack suggests it was primarily designed to send a message. We want to be seen, and we want to send you a message, is how he interprets it. This is very mafioso in terms of like, oh, you think you can take away the power [in Crimea]? Well I can take away the power from you.

Whatever the intent of the blackout, it was a first-of-its-kind attack that set an ominous precedent for the safety and security of power grids everywhere. The operator at Prykarpattyaoblenergo could not have known what that little flicker of his mouse cursor portended that day. But now the people in charge of the worlds power supplies have been warned. This attack was relatively short-lived and benign. The next one might not be.

1Correction 3/03/16 8:17 a.m. ET: UPS here stands for uninterruptible power supply, not universal power supply.

Go here to see the original:
Inside the Cunning, Unprecedented Hack of Ukraines Power ...