The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
Both before the war and after Russia’s invasion in 2022, United States Agency for International Development (USAID)-funded projects bolstered Ukraine’s digital defenses in various ways. In particular, USAID projects helped to secure the country from cyberattacks.
Progress on that work has come to a grinding halt since the Trump administration ordered USAID staff and their contractors to stop work, while Elon Musk’s DOGE reorganizes and, unless courts can stop them, dismantle the aid agency.
The most prominent project, now on hold, was called the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity. Contracted out to Maryland-based government provider DAI, it announced a project to help secure the Ukrainian Ministry of Foreign Affairs’ global diplomatic communications networks in October.
Julie Koenen, USAID mission director in Ukraine, said at the time that USAID was committed to ensuring “essential government functions such as diplomacy can continue.” Up until January 17, the cyber mission was posting on its Facebook page, encouraging companies to sign up to a project to help Ukrainian cybersecurity businesses enter the U.S. market. The organization’s social pages have gone quiet since Trump became president. Neither the DAI nor USAID had responded to requests for comment at the time of publication.
Victor Zhora, former deputy head at State Service for Special Communications and Information Protection (SSSCIP), told Forbes that there are worries about future funding and budget cuts. (Zhora left his role in 2023 over a corruption probe. He denies any wrongdoing and has not been prosecuted in court. He’s now a cybersecurity consultant.) He hopes, though, that the cyber work will continue either under another agency or via whatever remains of USAID.
“I would strongly recommend keeping this particular project alive because of its vital importance, at least by the end of the war,” Zhora said. “It helped to build capacities, train people, improve education in cybersecurity and strengthen the community.” He pointed to USAID’s purchase of over 5,000 Starlink devices for use across Ukraine.
Oleh Derevianko, founder of the Ukrainian cybersecurity firm Information Systems Security Partners, worked with USAID on various projects over the last half decade. He said that while the USAID work was not always consistent, it was better to have it than not. “There were lots of different activities across three pillars: legislation, direct help to critical infrastructure assets with deep audits of vulnerabilities in critical infrastructure, and training programs,” he told Forbes.
Even if Ukraine does want to avail itself of foreign aid projects in the future, there may be no contractors there to help them. According to one source familiar with USAID programs, if the hold lasts for three months, then many contractors will run out of money. That’s because USAID contracts work by having the companies pay all costs up front and then invoice the government. “When prompt payment is not made, it means the contractor is unable to replenish its cash on hand or line of credit,” the source said. “And since lack of prompt payment – as announced by this administration – heightens risk to lenders, their willingness to extend credit to the contractor is nil.”
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
THE BIG STORY:
A Teenage DOGE Staffer Is Linked To Online Cybercrime Group
A 19-year-old working for Elon Musk’s Department of Government Efficiency (DOGE) has been tied to a freewheeling online community known as The Com.
Independent reporter Brian Krebs tied the teenager Edward Coristine, who reportedly goes by the nickname “Big Balls” online, to The Com via his reported nicknames and leaked information from his former employee, a company called Path Networks, which often hired convicted hackers.
The Com is akin to a “cybercriminal hacking equivalent of a violent street gang,” where online attacks often escalate into real-world violence. As Krebs notes, while it’s possible to leave The Com, members will sometimes try to find and target deserters. Given Coristine is working in some high-profile government agencies – reportedly including the State Department and the DHS – he may be introducing online and physical threats into those entities too.
Stories You Have To Read Today
Wired had previously reported that Coristine was tied to Path Networks as well as his own company Tesla.Sexy. It appears the business offered encrypted image sharing and appeared to have linked to web addresses referencing pedophilia.
Bloomberg, meanwhile, had the story of how Coristine, who was interning at Path, was fired for leaking company secrets.
Winner of the Week
Tines, an Irish startup that provides automation tools to cybersecurity teams, has raised $125 million in a Series C round led by Growth Equity at Goldman Sachs Alternatives. Its tools can help speed up responses to security incidents and help users consolidate alerts. Though it started off life as a security-focused company, it’s now being used to automate other parts of IT.
Loser of the Week
An international law enforcement operation has led to criminal charges being filed in the U.S. against Roman Berezhnoy and Egor Nikolaevich Glebov for running a cybercrime group that wielded the Phobos ransomware. It was used to infect 1,000 public and private entities across the world, generating $16 million in ransom payments. Two other Russians have been arrested, per a Europol release.
