Hacker attack on Kyivstar: What should the military do to prevent its data from reaching the Russians?

According to information received from Kyivstar, hackers who carried out a large-scale attack on December 12 were unable to obtain personal data from subscribers. But the Ukrainian company Griselda, which developed an intelligence system for the Defense Forces, noted on Telegram that often a mobile operator may have critical information about users, including military personnel and volunteers. Experts explained how Ukrainians can protect themselves from data leaks.

Mobile operators usually have the following data:

• call details – this includes numbers, time and duration of calls;
• SMS messages – i.e. information about sent and received SMS;
• Internet traffic – information about data usage, duration and duration of sessions;
• location – data about the user’s movement;
• payment information – information regarding payments and financial transactions;
• information about services – details about activated services and packages;
• other data – device type, SIM card, contract status, passport data (for some subscribers), security questions and answers.

Tips for protection

The memo states that these tips will be more relevant to employees, volunteers and the military:

• hide the old SIM card and insert the new one. Do not share your new phone number with anyone;
• use the new SIM only for accessing the Internet and instant messengers remaining on the old number. Don’t get too attached to anything;
• Leave all banking and secure authentication on the old number. But whenever possible, separate everything from SMS verification and use other methods. If you need verification via SMS or by calling your old number, turn it on while you’re away from your permanent location;
• SMS and calls to close circle are taboo. You can call services, shops and other new and unusual numbers. But it is worth finding a different name for yourself.
• Load your new card with cash and through street terminals such as iBox.
• Every six months, replenish your old card with at least 10 UAH so that it is not blocked.

Thus, if they disrupt the old operator, as they added to the message, within 7-10 months all geolocations, SMS and calls will be invalid or deleted. If the operator of the new SIM card is hacked, an anonymised record will be kept.

Let us also remind that Kyivstar’s press service previously reported that users’ personal data was not stolen as a result of the hacker attack. In addition, statements about the destruction of computers and servers were also described as fake by the Russians.

Previously, Russian hacker group Solntsepek claimed responsibility for hacking the system of mobile operator Kyivstar. According to the hackers’ claim, they infiltrated the Kyivstar system and completely destroyed 10 thousand computers, 4 thousand servers, data in the cloud service and backup copies.