By KYIV. Dec 13 (Interfax-Ukraine) – The basic scenario for Kyivstar to restore the provision of mobile communications and Internet services involves the start of restoration from Wednesday, December 13, but there is a very high level of uncertainty, company president Oleksandr Komarov has said.
“This is a complex iterative process. On the one hand, we are restoring, on the other hand, we are limited by resources, because any connections to the network do not occur automatically, but manually through appropriate verification. Therefore, I really hope tomorrow we will begin to restore the service, but I can’t guarantee this,” he said in an interview with Forbes Ukraine, published on Tuesday evening.
Komarov explained that when a system is restored to working capacity, new problems begin to emerge. “Then you need to check this entire system so that there is no enemy software or conditional backdoors left in it by this attack, which leaves an unprotected perimeter,” added the president of Kyivstar.
According to him, the company has already partially restored the fixed-line Internet for the Internet for Home customer base and, step by step, will soon resume services for the entire fixed-line Internet customer base.
In general, according to Komarov, this is the largest hacker attack on telecom infrastructure in the world. “There have not been successful attacks of this scale. And, let’s be honest, there are not many countries that have been attacked by Russia,” he said.
The president of Kyivstar said that the atypical behavior of the network began at 5:26 a.m. on Tuesday: the network began to work with large interruptions, which created a huge number of anomalies in the systems, and the initial version was that this was a problem either on the switching system, or on the transport network.
“At 6:30 a.m., we realized this was a super-powerful hacker attack on the network core and infrastructure. And that all these steps that began at 5 a.m. were more distracting than aimed at really putting the company’s network down,” Komarov said.
He explained that the core of the network consists of several elements: a virtual network running on top of the physical network, as well as IT infrastructure, and a cascading failure of a huge number of parts of this infrastructure began.
“To simplify everything, the client databases did not respond to the network’s request for the client’s profile and the services. And the services began to be automatically disabled,” the president of Kyivstar said, describing the situation. According to him, given the unprotected perimeter of the company and the growing destruction of infrastructure, a decision was made to “shut down everything physically.”
Komarov once again said that the company has no confirmation that the hackers received any customer data.
“Our basic version is that the goal is to destroy the infrastructure, to destroy the country’s critical infrastructure. Perhaps in order to disrupt the president’s visit to the United States, to add something to the energy blackouts, to influence the morale of Ukrainians through other levers,” the head of Kyivstar suggested.
He said that the company has not yet calculated possible losses, as it is focused on restoring the network.
According to Komarov, law enforcement officers and government special agencies are currently investigating the incident and are helping Kyivstar eliminate the outage.
