Security Experts:

Anonymous Raids European Organization Over Ukrainian Elections

Supporters of Anonymous have raided the Organization for Security and Co-operation in Europe (OSCE), accusing them of failing to hold up their end of a promise to keep an eye on the Ukrainian elections. The raid resulted in several hundred documents being leaked, most marked as classified or confidential, and covering everything from political memos and internal communications to phone records.

In a statement, the individual claiming responsibility for the OSCE hack said that it was done to bring attention to the attempted election manipulation in the Ukraine.

“[The OSCE’s] mission was to protect the elections and report evidence of massive falsifications and violations, but they failed to do so by issuing statements that the elections did go the right way with minimum violations. We can not [tolerate] mass murder of Ukraine Democracy and we do not [tolerate Russian] pressure on OSCE with intend to cover up the violations of election procedures,” the statement said in part.

According to EU Foreign Affairs Chief Catherine Ashton, who issued a statement on the controversial election results, there is concern about the conduct of the post electoral process.

“We express our concern about the conduct of the post electoral process, which was marred by irregularities, delays in the vote count and lack of transparency in the electoral commissions,” Ashton said.

Prior to that, the EU also expressed similar concerns with the events before the election and the vote itself. The OSCE published reports noting problems with finance transparency during the campaigns, as well as biased media coverage. On Monday, Ukrainian opposition leaders said that they refused to accept the official results, arguing that five seats that were up for grabs during the national parliamentary election were counted unlawfully, and the races for them must be rerun.

These events are what led to Anonymous targeting the OSCE, leveraging a web-based attack to access nearly 1,000 documents. Once the intrusion was detected, the OSCE shutdown the Vienna servers, but by then it was too late. On Monday, additional records were released after the OSCE refused to acknowledge the incident.

Adding insult to injury, the additional records were leaked and another attack was launched at the same time the OSCE was hosting a meeting on cybercrime prevention. A second statement from the attackers addressed the cybersecurity aspect of the organization, including the fact that they had provided the Ukraine with hardware designed to help combat malicious attackers.

“You did nothing to combat cyberhaxors [sic] in this country, nor anything to stop manipulation of election process, neither you did say a word about the so called opposition which you guys have under investigation for money laundering and illegal arms trade,” the statement read. “Now let people see more of your secret stuff along with the docs you obtain from your informers at Commonwealth of Independent States in Minsk.”

For their part, the OSCE will not comment on the breach or even acknowledge it; nor will they address questions on the documents that are already in the public.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.