Threat Management

‘Right Sector’ hackers attempt to blackmail Polish government

Hackers claiming links with Ukrainian nationalist group, Right Sector, have attempted to hold the Polish defence ministry to ransom.

The group purportedly breached the ministry of defence, accessed internal servers and then threatened the ministry with public disclosure if it didn't pay US$50,000 (£37,748).

From an account titled @pravsector, the group sent a public tweet, since deleted, on 14 July, saying “this last warning and if the polish gov. dnt pay us $50k we will publish all the logs in public in a few hours.”

The blackmailers leaked several files online which they claimed were from the ministry. The leaked documents include scans of documents and an excel file with other data.

Some time later, they leaked documents which they claimed prove Polish involvement in PRISM, the international surveillance programme disclosed in 2013 by Edward Snowden.

The logs have apparently not been published at this time.

Right Sector, or Pravy Sektor, appeared as an ultra-nationalist off-shoot of the anti-corruption Euromaidan protests of 2013, which resulted in the toppling of the Russian-backed Ukrainian president Viktor Yanukovych, leading eventually to the ongoing conflict in the east of the country. The group is often described as a far-right nationalist paramilitary group with disputed Nazi elements. Its members have been actively fighting separatist forces alongside the Ukrainian army in the east of the country.

A group going by the same name hit a Polish telecommunications operator earlier in the month, posting 14gb of data online. When prompted, Right Sector, the one which can be contacted, disavowed any connection with the hackers.

So why would a Ukrainian ultra-right group, currently involved in a low intensity conflict with Russian proxies, attack the Polish ministry of defence? Ewan Lawson, a cyber-warfare expert and fellow at the Royal United Services Institute, told SC, “It is difficult to see the logic other than financial reward.”

However, added Lawson, it's important that Sputnik News, which is owned by the Russian State, is one of the few media outlets reporting this. One possible explanation, said Lawson, “is that this is simple criminal activity on behalf of someone linked to Right Sector with Sputnik focusing on that link.”

Another possibility “could be that it is someone trying to make it look like Right Sector to discredit them with a potential ally. There has been some anti-Right Sector feeling in Poland given the Nazi connection.”

SC spoke to @pravsector who said the attack was carried out because the ministry is part of a “system which acts against us in (Western) Ukraine”. The group would not comment on whether or not the ministry had paid the ransom.

Whatever the reason behind the attack, Right Sector's threats  were dismissed by the ministry.

Bartłomiej Misiewicz, press spokesperson for the ministry, told SC, “The alleged ‘cyber-attack' wasn't successful. Not only was the information from 2012, but was absent of anything classified.”

Misiewicz added, “The ministry of defence's systems are safe and have been working properly. We have taken action in order to explain all the circumstances in which this incident occurred and to prevent such attempts in the future.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.