Ukraine police are interested in the possibility of deanonymization of each and every reader as below investigstion shows.
In recent days, the Poltavshchyna technical support internet media received an e-mail from the State Department of Combating Cybercrime in Poltava region. Police asks to let them receive privaste information about website readers.
For this purpose, the cyber police department developed a special script, which they proposed to install in the website code.
Here you can read the cyber police’s full letter.
The cyber police’s request exasperated the Poltavshchyna editorial staff and they published a reply that attracted attention of many journalists and IT specialists and made it possible to find out that other Poltava online outlets had also received such letters.
To answer numerous journalists’ inquiries, the cyber police press service said that they “did not insist on installing any programs that would collect personal information about users or interfere with various resources.” Also, the cyber police will conduct an internal check related to the said letter requesting to install a script to identify users.
Here is the text of the message:
Close interaction with a private sector is required to effectively combat cyber threats:
When analyzing cybercrime in Ukraine, cyber police experts note that criminals more and more often use various means of anonymization to conceal their unlawful activity on the Internet and, accordingly, to avoid responsibility for doing this.
However, we understand that to stop cybercriminals, we need to identify and prosecute them. For this purpose, the cyber police department constantly interacts with all stakeholders who seek their own cyber security and counteract possible cyber incidents.
At the same time, cyber police do not install or insist on installing any programs that collect personal information about users or interfere with various resources.
According to the information published in the media, an internal check is being conducted related to an official letter sent by the cyber police to one of the information resources. An appropriate decision will be made based on its results.
Meanwhile, the Ukrainian Cyber Alliance has studied the issue and posted the following comment:
The colleagues kindly provided me with a copy of the tracking script fixed_mobile.js. It was posted on the cyberpolice website cyberpolice[.]gov[.]ua and was supposed to be installed on the websites of media outlets for spying on Ukrainians. Now the script has already been removed from the website. I was wrong in my assumption about WebRTC. Spyware does not work like that. The script collects information about the client device: screen resolution, browser name, time zone, and so on, then generates a “footprint,” and sends it to the database. Now the “footrprints” can be identified easily, and if you go somewhere through TOR, and then visit the news website without TOR, your “footprints” and IP address can be identified more easily. Without a doubt, this is an example of mass, unauthorized surveillance. It is particularly sad that it is police that urge people to commit crimes (which fall under five different articles) and install tools for tacit information retrieval. “A State in a Smartphone.” And now the icing on the cake: in the script copy that I have (there were several on the website), the domain for which the statistics are collected is registered in the Russian Federation. If this is not abuse of power and a threat to national security, then I do not know what the threat is.
The cyber police’s proposal to set up a code for identifying users of the Poltavshchyna online media outlet is illegal and violates human rights – says Digital Security Lab lawyer Vita Volodovska
“Not all users want or can disclose their identity when they share information. Sometimes, it’s life-threatening if they report corruption,” the media lawyer said.
The Coalition for the Free Internet united human rights organizations and experts to ensure human rights standards on the Internet. The Coalition has also condemned the actions of cyber police.
“The case law of the European Court of Human Rights (the ECHR judgment in K.U. v Finland) and the rules of the Cybercrime Convention provide for obtaining information about anonymous users only on request of an authorized public authority and only about a specific user suspected of having committed illegal acts. Such a procedure should be subject to judicial control and due process trial,” a statement by the Coalition for the Free Internet says.cyber security hybrid war hybrid warfare russia ukraine Police Russia russia ukraine war russian agents Ukraine Ukraine police Ukrainian Cyber Alliance war