{"id":1112,"date":"2022-01-27T18:50:40","date_gmt":"2022-01-28T01:50:40","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=1112"},"modified":"2022-01-27T18:50:43","modified_gmt":"2022-01-28T01:50:43","slug":"the-belarus-railway-hack","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/01\/27\/the-belarus-railway-hack\/","title":{"rendered":"The Belarus Railway Hack"},"content":{"rendered":"\n

On Monday, January 24th<\/sup>, a group of hackers claimed to have launched a successful ransomware attack against Belarusian Railways, the state-run national train system of Belarus. In their posted screenshots<\/a>, the group appears to have gotten access to the backend systems of the railway and has claimed to have encrypted the system with malware[1]<\/sup>. One of their initial statements can be seen in the screenshot below:<\/p>\n\n\n\n

\"\"
Photo Source: https:\/\/twitter.com\/cpartisans\/status\/1485615555017117700<\/figcaption><\/figure>\n\n\n\n

Who are they?<\/h2>\n\n\n\n

Known as the \u201cBelarusian Cyber-Partisans\u201d, they are a group of politically minded, cyber-activists out of Belarus[2]<\/sup>. The group staunchly opposes the Belarusian president and dictator, Alexander Lukashenko, who won office after reportedly rigging the election in 2020. The Cyber-Partisans have launched several successful hacks against the government, since their first appearance after a number of anti-Lukashenko protests during that time[3]<\/sup>.<\/p>\n\n\n\n

What do they want?<\/h2>\n\n\n\n

The decryption keys to return the train network to normal, according to the Cyber-Partisans, will only be provided if the Belarus government meets a list of demands[1]<\/sup>. The group has called for the release of 50 political prisoners in need of medical care, who were detained along with over 900 others during the country\u2019s protests against the president[3]<\/sup>. In addition, they want a commitment that Belarusian Railways will not transport Russian troops, preventing their presence in the country[1]<\/sup>.<\/p>\n\n\n\n

\"\"
Photo Source: https:\/\/twitter.com\/cpartisans\/status\/1485618881557315588<\/figcaption><\/figure>\n\n\n\n

Why?<\/h2>\n\n\n\n

Belarus is a country in eastern Europe, that borders both Ukraine and Russia. One main factor in the protests that arose after the election of Lukashenko was opposition to plans of greater economic and political integration of Russia and Belarus into a \u201cunion state\u201d[3]<\/sup>.<\/p>\n\n\n\n

\"\"
Photo Source: https:\/\/www.geographicguide.com\/europe-maps\/europe-east.htm<\/figcaption><\/figure>\n\n\n\n

Meanwhile, tensions between Russia and Ukraine have only been intensifying over the last month as Russia has amassed thousands of troops near their shared border. If Russia is able to attack from both Russia and Belarus, Ukrainian forces would be forced to spread thin across both borders[2]<\/sup>.<\/p>\n\n\n\n

The attack by the Cyber-Partisans appears to be a bid at disrupting Russian troop movements and attempting to halt the buildup of Russian troops and military weaponry in Belarus[2]<\/sup>.<\/p>\n\n\n\n

\u201cWe don\u2019t want Russian soldiers in Belarus since it compromises the sovereignty of the country and puts it in danger of occupation. It also pulls Belarus into a war with Ukraine. And probably Belarusian soldiers would have to participate in it and die for this meaningless war.\u201d[3]<\/sup><\/p>– A member of the Cyber-Partisans, told the Guardian<\/cite><\/blockquote>\n\n\n\n

What does this mean for cybersecurity?<\/h2>\n\n\n\n

According to Brett Carlow, a ransomware-focused researcher at security firm Emsisoft, the Cyber-Partisans’ method of using reversible encryption rather than merely wiping targeted machines would represent a new evolution in hacktivist tactics. Going on to say \u201cThis is the first time I can recall non-state actors having deployed ransomware purely for political objectives.\u201d[1]<\/sup><\/p>\n\n\n\n

Cybersecurity experts have said that it is too early to know whether this attack will be fully successful or not, however, this attack does mark a possible new evolution for both cyber-activism and cyber-terrorism. Juan Andres Guerrero-Saade, a researcher at security firm SentinelOne, says that this tactic could soon bleed out to other groups who see the power of ransomware to achieve political coercion, for good and for ill.[1]<\/sup><\/p>\n\n\n\n

\u201cThe looming horror of ransomware is precisely just how many systems are out there about whose criticality we don’t understand until they’re unavailable. So, if this is a continued tactic of theirs, I think we’ll definitely see a ratcheting up of the pressure on both sides.\u201d[1]<\/sup><\/p>– Juan Andres Guerrero-Saade<\/cite><\/blockquote>\n\n\n\n

Sources:<\/p>\n\n\n\n

  1. Greenberg, Andy. \u201cWhy the Belarus Railways Hack Marks a First for Ransomware.\u201d Wired<\/em>, Conde Nast, 25 Jan. 2022, https:\/\/www.wired.com\/story\/belarus-railways-ransomware-hack-cyber-partisans\/.<\/li>
  2. Muncaster, Phil. \u201cBelarus Activists Fire Ransomware at State Railway.\u201d Infosecurity Magazine<\/em>, 25 Jan. 2022, https:\/\/www.infosecurity-magazine.com\/news\/belarus-activists-fire-ransomware\/.<\/li>
  3. Roth, Andrew. \u201c’Cyberpartisans’ Hack Belarusian Railway to Disrupt Russian Buildup.\u201d The Guardian<\/em>, Guardian News and Media, 25 Jan. 2022, https:\/\/www.theguardian.com\/world\/2022\/jan\/25\/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup.<\/li>
  4. Pietsch, Bryan. \u201cHacking Group Claims Control of Belarusian Railroads in Move to ‘Disrupt’ Russian Troops Heading near Ukraine.\u201d The Washington Post<\/em>, WP Company, 25 Jan. 2022, https:\/\/www.washingtonpost.com\/world\/2022\/01\/25\/belarus-railway-hacktivist-russia-ukraine-cyberattack\/.<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"

    On Monday, January 24th, a group of hackers claimed to have launched a successful ransomware attack against Belarusian Railways, the state-run national train system of Belarus. In their posted screenshots, the group appears to have gotten access to the backend systems of the railway and has claimed to have encrypted the system with malware[1]. One … <\/p>\n

    Continue reading “The Belarus Railway Hack”<\/span><\/a><\/p>\n","protected":false},"author":376,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-1112","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Camille Paton","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/camille-paton\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/376"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=1112"}],"version-history":[{"count":3,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1112\/revisions"}],"predecessor-version":[{"id":1129,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/1112\/revisions\/1129"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=1112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=1112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=1112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}