Ukraine

Donate to Keep Ukrainians online

 

Since October 2022, Russia has been targeting critical civilian infrastructure in Ukraine with its missiles and drones. Attacks have degraded electricity generation and distribution, cutting off power and thereby heating, water treatment and Internet connectivity for millions of people. Rolling electricity blackouts lasting anywhere from several hours to days are making this brutal conflict even harsher. Even if the war was to stop tomorrow, damage to electricity power plants and distribution networks will persist. One of the ways eQualitie is responding to this crises is by supplying small Internet service providers (ISP) with batteries to help them power their local (fibre optic) networks during electricity outages. We have already delivered a 7 tonne shipment in December.

The donated batteries have been in use since December 2022. Chernihiv, the regional center located in northern Ukraine, was almost surrendered by the Russian military since the first days of aggression. City infrastructure has been heavily destroyed due to constant bombardments. Even during the combat in Feb-March ISP Osnova had provided internet and cable TV services to more than 50 thousand households in Chernihiv. Dmytro Samsonenko, the director of ISP Osnova, shares his feedback on the usage of donated batteries during outages:

Our SBL batteries are connected to the EASUN ISOLAR-SMG-II-3.6KW-WIFI inverter, the system capacity is approximately 3 kWh (135 Ah at 24 V).
The system is installed at the district-level node, which provides television and internet connection for 185 residential buildings in Chernihiv. The capacity of the batteries is enough for 16 hours of continuous operation of the equipment in the event of an outage of the node.

 

WE NEED YOUR CONTRIBUTION TO SEND A SECOND DELIVERY !

Please make a donation today to support this procurement. Our goal is to collect $25 000, which will help to buy 150-170 individual batteries to serve the needs of around 30 ISPs. All contribution matters! More than 1500 ISPs work in Ukraine, this market is diverse and the smallest ISPs provide services to a few residential buildings. Thus, the need for batteries remains high.

100% of your donation will go towards the batteries’ purchase. We have an established logistics pipeline with DACPOL and customs importing and road freight assistance from DEPS. In Ukraine, the Ministry of Digital Transformation works with local ISPs on delivery, verification and reporting.

 

Donate now!

Please, fill in the form needed for donation

 

We also accept donations in BTC: bc1qre02fd4w6nvl7eq44456z03h25fvnuzjms28p9

 

 

eQualitie Org is a Canadian registered non profit corporation (1191545-2) with business number 745963470RC0001

 

 

Read More

A year in review: eQualitie’s reactions to the war in Ukraine

Team members meeting in Lviv, September 2022

Since the beginning of the second invasion in February 2022, eQualitie has launched a series of rapid efforts focusing on digital security capacity building and urgent response to various communication and safety needs of Ukrainian citizens, media agencies, human rights organizations, and CSOs. A lot of the focus of our existing programming on web security and censorship circumvention was extended to the realities and needs of Ukrainian websites and people finding themselves in temporarily occupied territories (and part of the Russian Internet). Herein a brief summary of the work done in 2022 to help defend Ukrainians during this illegal invasion.

 

The Digital Security Helpline Nadiyno.org was conceived in late spring and launched in partnership with Internews Ukraine in November. It is the first national digital security helpline in Ukraine (and possibly the world) tasked with responding to any and all questions from the public relating to cyber security. The rational behind the helpline was to offer immediate and easy to understand solutions for the many problems and questions people have in relation to their device and communications safety. By and large most of them cannot afford the time and mental space to reading long manuals and attending webinars in order to understand the whole security landscape. They just need answers and in a war-time setting these answers often have a direct impact on their personal well-being and safety. We assembled and trained a dedicated team of helpline support staff and digital experts, stood up systems to document and respond to incoming requests and compiled a growing database of security FAQs on the Nadiyno website.

Nadiyno.org launch event, with Internews, eQualitie and Ministry of Digital Transformation. November 2022

We have also conducted eight digital security webinars reaching 1027 participants, including 202 civil servants from the Cabinet of Ministers of Ukraine (the central body of the Ukrainian Government). Civil servants participated in two tailored webinars by eQualitie on the basics of digital security and the identification of phishing attacks, one of the major cyber threats against individuals in Ukraine.

 

In the first weeks of the conflict, eQualitie launched a decentralized communications network in Ukraine https://dcomm.net.ua to support local area emergency communications in the case of Internet shutdowns caused by military activity. A federated network of 10 servers was set up in 9 Ukrainian cities: Kyiv, Kharkiv, Odesa, Rivne, Lviv, Kherson, Mykolaiv, Poltava, and Khmelnytskyi enabling secure chat for Ukrainian users using the Matrix/Element platform and micro-blogging on the Mastodon social network. eQualitie published several easy-to-follow guides on using these new services in Ukrainian and introduced content moderation and network administration capacity to ensure smooth operations in a very difficult climate.


As of December 2022, more than 1100 users are running their own instances of Mastodon on this platform to communicate with each other and millions of other users from hundreds of federated instances worldwide. The Kyiv instance https://social.kyiv.dcomm.net.ua/ is already the second biggest Mastodon platform in Ukraine. Hundreds of rooms and thousands of users are communicating on the Matrix network everyday.

 

eQualitie protects over a hundred Ukrainian media and CSO websites from DDoS attacks on the Deflect network. Since the beginning of the conflict, an additional 60 Ukrainian websites have been onboarded, bringing a daily audience of over half a million people Ukraine. Deflect protects the websites of key Ukrainian human rights organizations, including the 2022 Nobel prize laureate – the Center for Civil Liberties.


The eQualitie team mitigates DDoS attacks against Ukrainian websites on a daily basis. Ukrainian newsrooms which provide quality reports on the Russia-initiated war against Ukraine become frequent targets of DDoS. One of the regional newsrooms from Zhytomyr, onboarded to Deflect in Aug 2022, has witnessed over twenty significant attacks since then. In just three days between October 27-30, attackers generated 33,3 million malicious hits against the website, albeit to no effect.

 

 

The Censorship.no project from eQualitie helps users in temporarily occupied territories to circumvent Internet censorship – part and parcel of Russia’s occupation is that local networks have been re-routed to join the Runet – where website blocking and traffic surveillance is rife. Using the CENO browser, which works using BitTorrent protocols, users can circumvent local network filtering and share contents of retrieved web pages with each other. More than 20 thousand Ukrainian users installed CENO on their Android devices via Google Play market.

 

SBL 135-12HR batterry – part of our ISP Small Grants Program

In December, eQualitie, in partnership with the Ministry of Digital Transformation of Ukraine, DEP, and the Association of “Right Owners and Providers of Content”, supplied 29 Ukrainian ISPs with 172 SBL 135-12HR batteries to power the providers’ fibre optic network during power outages. This batch with a total capacity of 20,640 Amps or 247 kWh as a cargo weighing 6,600 kg was delivered to Ukraine and distributed among local ISPs based on the need assessment, conducted by the Ministry and eQualitie. More information in our previous post.

 

These actions are but a small drop in the ocean of foreign support offered and still needed to sustain the Ukrainian people through the arduous and violent conflict inflicted upon them. A lot more work remains to be done in 2023 and we aim to continue the pace and breadth our interventions. This project is realized with support from Global Affairs Canada and the Canadian tax payers.

You can download a presentation of our Ukrainian focused projects here or check out the video presentation given at the International Cyber-security Forum (FIC) 2022 in Montreal.

Read More

Keeping Ukrainians online during electricity outages

Montreal, Canada
December 26, 2022
Press release

Canadian support from eQualitie allows hundreds of thousands of Internet users in Ukraine to stay connected

Canadian Technology Organization eQualitie, in partnership with the Ministry of Digital Transformation of Ukraine, DEPS UA, and the Association of “Right Owners and Providers of Content”, supplied 29 Ukrainian ISPs with 172 SBL 135-12HR batteries to power the providers’ fiber optic network during power outages.

A cargo weighing 6,600 kg as humanitarian aid arrived in Ukraine from Poland, where eQualitie purchased a series of  batteries donated for Ukrainian ISPs. Each battery weighing 38 kg will be installed on the fibre optic and distribution networks of local Internet providers, allowing them to power their networks for an additional 10-12 hours through the electricity outages. This batch of donations has a total capacity of 20,640 Amps or 247 kWh. – helping more Ukrainians access the Internet without interruption. 

Distribution of batteries is based on a needs assessment conducted by eQualitie together with the Ministry of Digital Transformation of Ukraine. The stated needs were to bring batteries for regions most affected by Russian aggression – Chernihiv, Kyiv, Kharkiv, Donetsk, Zhytomyr, Sumy, etc.

This support became possible due to the efforts and commitments of the Canadian government, taking place within the framework of the project “Digital Emergency Support of Civil Society in Ukraine”, implemented by eQualitie together with the NGO “Internews Ukraine”. Internet Service Providers are among the project’s key recipients, – supporting their efforts in providing Internet and communication services to the public.

Whilst the Ukrainian Internet has shown great resilience during this conflict, it is essentially another civic utility reliant on electricity. Internet access has provided a communications and an information lifeline for so many over the last eleven months. In the conditions of constant Russian shelling of the critical infrastructure of Ukraine, and as a result – power outages, the work of providers becomes even more difficult. We note the significant efforts of Ukrainian providers to restore the infrastructure damaged during the war in order and hope that our small contribution will allow hundreds of thousands of people get reliable access to the Internet” notes Dmitri Vitaliev, eQualitie’s director.

With the first shipment of batteries, eQualitie joins the international campaign “Keep Ukraine Connected” by NOG Alliance as an initiative of international assistance with equipment for Ukrainian ISPs. In January, eQualitie plans to purchase and bring additional batteries to Ukraine.

Beyond the supply of batteries, in Ukraine eQualitie protects the websites of Ukrainian media and CSOs from DDoS attacks by means of its own infrastructure called Deflect.ca. Also, the organization helps users in the temporarily occupied territories access a free Internet, with the CENO browser software, an Android application that helps them evade Russian censorship. At the very beginning of the conflict, eQualitie launched a decentralized communications project in Ukraine https://dcomm.net.ua/ with 10 regional locations for Ukrainian users to chat using the secure Matrix system and communicate on the Mastodon social network.

For media inquiries, please, contact Vitalii Moroz at vitaliy@equalitie.org 

eQualitie creates decentralized internet services in support of a more equal and equitable network. Our solutions are open source, battle proven and developed in mind of our principles. Everyday, they enable freedom of association for millions of people online.

Read More

Launching the Ukrainian digital security helpline – Nadiyno

On 8th of November 2022, eQualitie and Internews Ukraine are launching nadiyno.org – the first national digital security helpline in Ukraine, for responding to any and all questions from the public relating to cyber security. We have assembled and trained a dedicated team of helpline support staff and digital experts, stood up systems to document and respond to incoming requests and compiled a growing database of security FAQs on the Nadiyno website. Requests are accepted and replied to using email, web chat, WhatsApp, Signal, Telegram, and on a Matrix channel.

During wartime, people are under incredible psychological and physical stress. Secure and unimpeded use of digital technology and services, in particular communications, are an essential public need and frequently a lifeline to those in distress. With support from Global Affairs Canada we are launching the Nadiyno helpline for all Ukrainians’ digital security questions. – Dmitri Vitaliev, director of eQualitie.

https://nadiyno.org/

 

Please see the announcement from Internews Ukraine for more information on the public launch event in Kyiv. If you would like to aid or contribute to the effort, please contact Kateryna – ktsybenko(at)internews.ua

Read More

eQualitie launches CENO, world’s first decentralized p2p mobile browser

Share the web, peer-to-peer. CENO.

CENO Browser lets anyone access and share information in areas with censored communications

Montreal, May 10, 2022 – eQualitie, developer of open-source and reusable digital security systems, is pleased to announce the public launch of its newest democratization tool, CENO Browser. Short for censorship.no, CENO is the world’s first mobile browser that is built specifically to side-step current Internet censorship methods. It also enables people to access and share information in and across regions where connectivity has been interrupted or compromised.

CENO uses established technologies in new ways. While the user experience is akin to using a standard mobile browser, CENO operates over a peer-to-peer (p2p) network on the open-source Ouinet library and BitTorrent protocols, allowing it to run reliably where other browsers might not or do not. Because the web content is delivered, cached and decentralized via p2p routing, it cannot be forcibly removed by external agents. Furthermore, CENO is equipped to access and share cached content offline and via local area networks (LANs). CENO’s resiliency makes it ideal for those who need stable access to and sharing capabilities of web information during media censorship events, filtering, attacks, shutdowns, natural disruptions, unrest, conflict and war. CENO’s routing and distribution can also significantly reduce bandwidth consumption and associated costs.

“CENO holds great promise and launches at an opportune time for those engaged in democracy movements and activities,” says Dmitri Vitaliev, founder and director of eQualitie. “It is already helping thousands of civilians, NGOs, investigative journalists and independent media internationally to share information on their mobile devices.”

View the press release in full

Download CENO Browser from the Playstore

The Censorship.no project on Github

 

Read More

eQualitie’s position on the war in Ukraine

український / русский / english / français /

Oh bury me, then rise ye up
And break your heavy chains
And water with the tyrants’ blood
The freedom you have gained.
And in the great new family,
The family of the free,
With softly spoken, kindly word
Remember also me.

Testament, Taras Shevchenko, 1845
(translated by John Weir)

For ten years eQualitie has stood firmly in defence of digital human rights. Throughout this time, we strive to create technology and offer services that protect freedom of expression and association online. To help us stay balanced in achieving this mission we have purposely stayed out of politics, debates or public declarations.

But, as the Russian army is invading and destroying Ukrainian cities, killing innocent civilians and hiding the truth from its own population – we choose to stand with Ukrainians who are defending their homes and families. We mourn the lives already lost and the destruction of Ukrainian cities and its cultural heritage. We also choose to stand with Russian anti-war protesters , arrested in their thousands for trying to stop the annihilation of morality in their country. This is an international struggle for human dignity, freedom and the right to life.

To this effect, we have launched technical and capacity building efforts focused on supporting Ukrainian civil society and territorial defences, as well as supporting activities in Russia that preserve online communities and those challenging the war efforts. Some of this work has already begun:

Why now? Simply because maintaining our neutrality will not sufficiently address the injustice and undue suffering caused by the Russian government and army on the people of Ukraine.

We believe that Ukraine will win, their people will rise from the ashes of this conflict, stronger in spirit and solidarity. And we will make every effort to help them in this struggle!

 

Read More

Deflect Labs Report #1

Botnet attack analysis covering reporting period February 1 – 29 2016
Deflect protected website – kotsubynske.com.ua

This report covers attacks against the Kotsubynske independent media news site in Ukraine, in particular during the first two weeks of February 2016. It details the various methods used to bring down the website via distributed denial of service attacks. The attacks were not successful.

General Info

Kotsubynske is a media website online since 2010 created by local journalists and civil society in response to the appropriation and sale of public land (Bylichaniski forest) by local authorities. The website publishes local news, political analysis and exposes corruption scandals in the region. The site registered for Deflect protection during an ongoing series of DDoS attacks late in 2015. The website is entirely in Ukrainian. The website receives on average 80-120 thousands daily hits, primarily from Ukraine, the Netherlands and the United States.

 

image1

Attack Profile

Beginning on the 1st of February, Deflect notices a rise in hits against this website originating primarily from Vietnamese IPs. This may be a probing attack and it does not succeed. On the 6th of February, over 1,300,000 hits are recorded against this website in a single day. Our botnet defence system bans several botnets, the largest of which comprises just over 500 unique participants (bots).

Using the ‘Timelion’ tool to detect time series based anomalies on the network, such as those caused by DDoS attacks, we notice a significant deviation from the average pattern of visitors to the Kotsubynske website (on the diagram below, hits count on the website are in red, while the blue represents a 7-day moving average plus 3 times standard deviation, yellow rectangles mark the anomalies). The fact that the deviation from the normal is produced over a week (Feb 1 to Feb 8) points to the attack continuing over several incidents. This report attempts to figure out whether these separate attacks are related and display attack characteristics and makes assumptions about its purpose and origin.

 

Illustration 1: Timelion graph showing a prolonged attack

Illustration 1: Timelion graph showing a prolonged attack period between February 1 and 8

February 06, 2016 Attack profile

This incident lasted 1h 11min and was the most intensive attack during this period, in terms of hits per minute.

Incident statistics
Here are listed part of the incident statistics that we get from the deflect-labs system. They show the intensity of the attack, the type of the attack (GET/POST/Wordpress/other), targeted URLs, as well a number of GEOIP and IP information related to the attacker(s):

  • client_request host:”www.kotsubynske.com.ua”
  • Hits between 24000 and 72000 per minute
  • Total hits for the attack period: 1643581
  • Attack Start: 2016-02-06 13:34:00
  • Attack Stop: 2016-02-06 14:45:00
  • Type of attack: GET attack (bots requested page from website)
  • Targeted URL: www.kotsubynske.com.ua
  • Primary botnet request: “http://www.kotsubynske.com.ua/-”
Illustration 2: Geographic distribution of bots

Illustration 2: Geographic distribution of bots

The majority of hits on this website came from Vietnam, Ukraine, India, Rep of Korea, Brazil, Pakistan. Herewith are the stats for the top five countries starting with the most counts and descending:

geoip.country_name Count
Vietnam 817,602
Ukraine 216,216
India 121,405
Romania 70,697
Pakistan 61,201

 

Cross-incident analysis

We’ve researched three months of incidents on the Kotsubynske website, namely from January to March 2016. We have detected five incidents between February 01 – 08 and present a detailed analysis of botnet characteristics and the similarities between each incident. The point is to figure out if the incidents are related. This may help us define whether the actors behind this attack were common between all incidents. For example, we see relatively few IPs appearing in more than one incident, while each incident shares a similar botnet size and attack pattern.

 

Illustration 3: GeoIP location of bots over the 5 incidents

Illustration 3: GeoIP location of bots over the five recorded incidents

 

Table 1. Identical IPs across all the incidents

We identify, in sequence of incidents, botnets IPs which re-appeared from a previous attack.

ID Incident start Incident end Duration botnet IPs Recurring botnet IPs Attack type Attack pattern (URL request)
1 2016-02-02 12:0700 2016-02-02 12:21:00 14 min 224 GET 163224 hits: /-
2 2016-03-02 08:27:00 2016-03-02 08:31:00 4 min 120 22 GET 35991 hits: /-
3 2016-05-02 21:10:00 2016-05-02 22:00:00 50 min 99 0 GET 49197 hits : /-
23 hits: /wp-admin/admin-ajax.php
4 2016-06-02 13:34:00 2016-06-02 14:45:00 1h 11 min 484 0 GET 1557318 hits: /-
5 2016-08-02 12:20:00 2016-08-02 16:40:00 4 h 20 min 361 0 GET 392658 hits: /-

 

Table 2. Pairs of incidents with significant numbers of identical IPs banned by Deflect

Here we correlate each incident against all other incidents to see whether any common botnet IPs reappear and present the incident pairs where there is a match

incident id banned IPs incident id banned IPs recurring IPs % of recurring botnet IPs
in the smaller incident
1 224 2 120 22 18.3%
3 99 4 484 15 15.2%

Analysis of the five attacks shows thats very few botnet IPs were reused in subsequent attacks. The presence of any recurring IPs however suggests that they either belong to a subnet of the same botnet or are victims whose computers have been infected by more than one botnet malware. Furthermore, each botnet’s geoIP characteristics and behaviour is almost identical. For example, whilst traffic during this period followed the normal trend, both in terms of number of visitors and their geographic distribution, banned IPs were primarily from Vietnam, India, Pakistan and other countries that do not normally access kotsubynske.com.ua

This is a reliable indicator of malicious traffic and a transnational botnet.

  • 71.1% of banned IPs come from Vietnam, India, Iran, Pakistan, Indonesia,Saudi Arabia, Philippines, Mexico, Turkey, South Korea.
  • 99.9% of banned IPs have identical user agent string: “Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)”.
  • The average hit rate of IPs with the exact identical user agent string is significantly higher: 61.9 hits/minute vs 4.5 hits/minute for all other traffic.
Illustration 4: Banned machines from 'unusual' countries

Illustration 4: Banned machines from ‘unusual’ countries for kotsubynske.com.ua

The user agent (UA) string seems to be identical in all five incidents, when comparing banned and legitimate traffic. In the diagram below, Orange represents the identical user agent string, whilst blue represents IPs with other user agent strings. The coloured boxes contain 50% of IPs in the middle of each set and the lines inside the boxes indicates the medians. The markers above and below the boxes indicate the position of the last IP inside 1.5 height of the box (or inside 1.5 inter quartile range).

Illustration 5: Hit rate distribution for the IPs with the same identical user agent string

Illustration 5: Hit rate distribution for the IPs with the same identical user agent string: “Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)”

Even though there are not many identical botnet IPs across all of the 5 incidents, the behaviour of botnet IPs from different incidents is very similar. The figure below illustrates some characteristics of the botnet (different colours) in comparing with regular traffic (blue colour).

Scatter plot of sessions in 3-dimensional space:

  • Request interval variance
  • Error rate
  • HTML to image ratio

image7

Report Conclusion

On the 2nd of February, the Kotsubynske website published an article from a meeting of the regional administrative council where it stated that members of the political party ‘New Faces’ were interfering with and trying to sabotage the council’s work on stopping deforestation. The party is headed by the mayor of the nearby town Irpin. Attacks against the website begin thereafter.

Considering the scale of attacks often witnessed on the Deflect network, this was neither strong nor sophisticated. Our assumption is that the botnet controller was simply cycling through the various bots (IPs) available to them so as to avoid our detection and banning mechanisms. The identical user agent and attack pattern used throughout the five attacks is an indication to us that a single entity was orchestrating them.

This is the first report of the Deflect Labs initiative. Our aim is to strip away the impunity currently enjoyed by botnet operators the world over and to aid advocacy efforts of our clients. In the near future we will begin profiling and correlating present-day attacks with our three year back log and with the efforts of similarly minded DDoS mitigation efforts.

Read More

Training in the Ukraine

eQualit.ie undertook two missions during the last month to work with independent media workers and aspiring digital security trainers from across the Ukraine. Over one hundred news media workers were trained in secure communications and a very capable group of future trainers were taken through the advanced training so that this valuable knowledge can continue to spread. We are grateful to the organisers for bringing us on board and to all the participants for their attendance. If your organisation is interested in digital security training, please get in contact with us at the address below

Read More