Firmware prank causes LED curtain in Russia to display ‘Slava Ukraini’ — police arrest apartment owner

Siva Ramakrishnan
The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country’s armed forces after a neighbor alerted the police to the message ‘Slava Ukraini’ scrolling across their LED curtains.

The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country’s armed forces after a neighbor alerted the police to the message ‘Slava Ukraini’ scrolling across their LED curtains.

When police went to the scene, they saw the garland which the owner had hung in celebration of the New Year and a “slogan glorifying the Armed Forces of Ukraine,” as a spokesperson for the Ministry of Internal Affairs told state-owned news agency TASS.

The apartment owner said the garland was supposed to display a “Happy New Year” greeting, TASS reported.

Several other people in Russia described a similar experience on the AlexGyver web forum, linked to a DIY blog popular in the country. They said at the stroke of midnight on New Year’s Eve, their LED curtains also began to show the “Glory to Ukraine” message in Ukrainian.

It is not clear whether any of these other posters were also arrested. The man in Veliky Novgorod will have to defend his case in court, according to TASS. Police have seized the curtain itself.

An independent investigation into the cause of the message by the AlexGyver forum users found that affected curtains all used the same open-source firmware code.

The original code appears to have originated in Ukraine before someone created a fork translated into Russian. According to the Telegram channel for AlexGyver, the code had been added to the original project on October 18, and then in December the people or person running the fork copied and pasted that update into their own version.

“Everyone who downloaded and updated the firmware in December received a gift,” the Telegram channel wrote. The message was “really encrypted, hidden from the ‘reader’ of the code, and is displayed on the first day of the year exclusively for residents of Russia by [geographic region].”

Oleg Shakirov, an independent Russian cyber policy researcher, compared on social media the LED incident to other examples of open-source software manipulation within the context of protesting the invasion of Ukraine.

These included an intentional amendment to the JavaScript library node-ipc that checked to see if its host machine used an IP address based in Russia or Belarus, and if it did write over all of the device’s files with a heart symbol, as reported by The Register.

Beyond the consequences for the arrested man, the LED prank is unlikely to be remembered as one of the more significant cyber actions of the war between Russia and Ukraine, although it highlights the potential vulnerabilities caused by software dependencies.

Last month, an investigation by Radio Free Europe reported that Russia’s intelligence services might have been obtaining video footage from thousands of Ukrainian surveillance cameras equipped with a Russian software program known as Trassir.

On Tuesday, Ukraine’s security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine’s capital, Kyiv.

Numerous supply chain attacks have been observed during the course of the conflict, with Google’s Mandiant unit last year warning that hackers had been targeting Ukrainian government networks using fake Windows installers.

In March of last year, Rosaviatsia — responsible for regulating civil aviation in Russia — reportedly had to switch to pen and paper after a reported supply-chain attack, resulting in the collapse of its entire network and the loss of more than a year’s worth of emails. The agency denied the reports.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Swedish supermarket chain Coop responds to cyberattack

Next Post

FTC soliciting contest submissions to help tackle voice cloning fraud

Related Posts

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a
Read More

Generative AI Security – Secure Your Business in a World Powered by LLMs

Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings significant challenges, especially in security integration. Despite their powerful capabilities,
Read More