icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
26 Apr, 2015 15:03

NATO trace 'found' behind witch-hunt website in Ukraine

NATO trace 'found' behind witch-hunt website in Ukraine

A controversial Ukrainian website publishing personal information about ‘enemies of the state’ could have been run by a NATO cyber center in one of the Baltic states.

СORRECTION: After a thorough revision of the published story we have found out that the domain name Psb4uKr.ninja, which was claimed to be registered by NATO CCDCOE, is a mirror of the original Mirotvorec website. We admit that we cannot confirm any credible link between NATO’s Cooperative Cyber Defense Centre of Excellence and Mirotvorec.

NATO’s Cooperative Cyber Defence Centre of Excellence – СCD-COE has reportedly been exposed as providing technical support for Mirotvorec, a website of Ukrainian nationalists running ‘enemies of the state’ database.

The information available at DomainTools, “the leader in domain name, DNS and Internet OSINT-based Cyber Threat Intelligence and cybercrime forensics products and data”, is decisive: the registrant of the Mirotvotec website is ‘NATO CCD-COE’ and its employee ‘Oxana Tinko’, operating from Estonia’s capital Tallinn. The address of the registrant coincides with the address of СCD-COE: Filtri tee 12, Tallinn 10132, Estonia.

Screenshot from http://whois.domaintools.com

In March 2014, there were media reports that 16 employees of CCD-COE were detached to Kiev to provide cyber security support to Ukraine.

The hacktivist group CyberBerkut, which has been opposing Kiev authorities from the very beginning of the unrest in Ukraine in 2013, claimed responsibility for taking down three NATO websites in a series of DDoS attacks a year ago. CyberBerkut claimed it brought down NATO’s main website (nato.int), as well as the sites of the alliance’s СCD-COE cyber defense center and NATO's Parliamentary Assembly.

The hacktivists claimed that they are countering the action of the so-called ‘Tallinn cyber center’ or NATO Cooperative Cyber Defense Centre of Excellence, which has been hired by the “Kiev junta” to carry out “propaganda among the Ukrainian population through the media and social networking.”

READ MORE: Ukrainian CyberBerkut takes down NATO websites

A general view of Cooperative Cyber Defence Centre of Excellence by NATO in Tallinn. (Reuters / Ints Kalnins)

The address provided by DomainTools registration form is fully congruent to the contact information provided at CCD-COE website.

The scandal around Mirotvorec (Peacekeeper) online volunteer-made database of ‘enemies of the state’ erupted last week.

The website posted very thorough and comprehensive information on anyone who happens to be in opposition to the current Kiev authorities' policies, be it rebels fighting against the government in Donbass, journalists, activists, MPs and even ordinary Ukrainian civilians, including underage. The information included addresses, phone numbers and other personal info.

READ MORE: Personal details of murdered journalist & ex-MP found posted on Ukrainian 'enemies of state' database

Personal details of recently murdered politician Oleg Kalashnikov and journalist Oles Buzina were published on the site no more than 48 hours before both were found dead.

Yet even that revelation and public outcry on the issue made no effect on Mirotvorec operability, as the website used to enjoy the support of at least one high-profile Ukrainian official, an adviser to the Interior Minister Arsen Avakov and member of the Ukrainian parliament, Anton Gerashchenko.

READ MORE: Kiev says ‘no extreme right organizations in Ukraine’

Gerashchenko was absolutely positive that Mirotvorec would go on with its questionable activities despite all criticisms, until popular Ukrainian blogger and media analyst Anatoly Shary published an address on YouTube exposing personal information of Georgy Tuka, a Ukrainian citizen that posed himself as owner of Mirotvorec website, and a couple of his sidekicks.

Having received numerous threats, including being added to Mirotvorec database as “terror sponsor,” Shary, who enjoys a political asylum in an unidentified European country, finally got his own way.