As the war in Ukraine enters its 17th month, cyberspace has become an unmissable front. In the offline world, tanks and rockets are destroying cities and killing citizens. In such a scenario, cyberattacks, online censorship, propaganda and surveillance have the potential to weaken the country even further.
During an interaction with Techradar last year, MacPaw CEO Oleksandr Kosovan describes his and the Ukrainian tech communities’ effort at large to fight back against Russia online.
He said, “I am here by choice, not by accident. We try to use our tech capabilities as much as possible to break through the Russian truth firewall.”
The Kyiv-based company, which offers a wide range of security software including its legendary CleanMyMac and newly launched VPN service, has been using its expertise to assist civilians since the invasion began.
Techradar spoke to some team members of the company to understand what it is like to run a cybersecurity company in wartime.
MacPaw CTO Vira Tkachenko said, “We started our planning around two months before the actual war outbreak. And, even our worst scenario was beaten by reality.”
Specifically, the company outlined some possible scenarios for how the conflict might unfold, taking into account factors such as power outages, internet disruptions and, more importantly, making sure its people could reach a safe location.
“When we are talking about war it is very important where you stay physically. Our office changed dramatically because we needed to have shelters and all that stuff. We expected that Kyiv could be occupied and we would not have access to our office,” Tkachenko said.
Currently, about one-third of MacPaw’s workforce is located outside of the city, either in safer regions of western Ukraine, or around Europe, the UK, or the US. This was a major change to the operations of the business. Due to this, the company was also required to switch from a virtual private network (VPN) solution situated in an office to a more adaptable cloud VPN.
Once everyone in the team was safe and secure, they had to make sure that the products’ security wasn’t jeopardised. They first established a few emergency teams composed of staff members based in safer areas, and then they later put in place a code-freeze regime. This meant that only engineers from an emergency team were allowed to create or make changes to the software.
“February 24 was a crazy time. The situation changed every minute and all of us became quite emotional because we needed to think about our family and what’s going on around us. In this state of mind, it’s easy to create very unsafe changes to our products,” Tkachenko said while talking about how they made important decisions.
The CEO of MacPaw has been actively participating on social media to counter Russian disinformation using both his own channels and those associated with the business and its products. Unsurprisingly, this was sufficient to make the target of Russia’s army of hackers quite soon.
Tkachenko recalled that during the first week of the war, they experienced the first DDos attack. Since March 2, 2022, their website has been banned in Russia, nonetheless, it is still occasionally attacked.
None of this discouraged MacPaw from continuing his mission. Thanks to the expertise of the team and support from providers like Cloudflare, who have created special forces to support the Ukrainian government and businesses in general, the damage from these incidents remains fairly limited.
“They attack, we protect. We are always ready to react,” Tkachenko added.
Once dangerously overlooked, in the face of the largest cyberwar in history across Ukraine, cybersecurity has become a key concern, particularly among citizens who are increasingly falling victim to such attacks.
“The scale of these cyberattacks was like 200 times bigger. Before we expected those attacks from competitors or some black marketing techniques. But, now, it is a huge country with a lot of resources and hackers. They constantly invest in these attacks,” Sergii Kryvoblotskyi, Head of Technological R&D at MacPaw said.
In 2008, MacPaw was established, and its debut product, CleanMyMac, a cleaning and optimisation tool for Apple computers, was a huge hit.
Since then, the business has advanced significantly while keeping a strong user-friendly design and a superb user interface at the centre of what it does. With 11 distinct programmes available for all the major operating systems, including Windows, Android, and iOS, it has expanded its product line. However, Apple products remain the top priority.
The team also continues to enhance its most recognisable tool. In reality, CleanMyMac X, the most recent iteration, is much more than just a straightforward system cleanup. It now defends against threats like malware and adware.
Russia’s invasion of Ukraine gave impetus to the development of user-friendly products that could help people, especially compatriots in Ukraine, back up their most sensitive data with one click. Then it was time for an overhaul of its VPN service, ClearVPN, which launched in 2020.
“The main idea was to bring this VPN technology closer to people,” Kryvoblotskyi explained.
The company’s “shortcuts” were a direct result of this ambition, which was present from the start. This indicates that, unlike rival products, its streaming VPN capability, security, and other features can all be accessed by simply pressing a single button. The service has already been configured by the developers to accommodate various use scenarios. For those seeking a software solution with greater customisation options, it might not be the best option.
When the conflict started, user priorities altered, especially because the Kremlin took over the internet in these regions when Russian troops occupied Ukrainian territory. The residents were in danger. They required a practical means of gaining access to Western content.
“There are more than 100,000 Ukrainians using it on a daily basis and we got a lot of feedback from our people in occupied territories saying that it worked well and it actually does its job,” Kryvoblotskyi noted.
SpyBuster is another security solution that was developed as a result of the need to protect against Russia’s new online dangers. It’s an on-device anti-spyware tool that is totally free to use for everyone (apart from persons residing in Russia and Belarus) that enables users to secure their most sensitive data by removing apps and web connections reporting to undesired services. A little over a month after the conflict began, in March 2022, it was initially made available on MacOS. In June and July of that same year, it made its debut as a Chrome extension.
SpyBuster does two tasks. The first, known as “static analysis,” examines the user devices’ software and examines every aspect of it. These include the location where they were created, the identity of the creator, the servers that the programme uses, and so forth. The intention is to restrict these data exchanges while also warning users if these apps send any data to Belarus or Russia. The second option, “dynamic analysis,” looks into the real operations of the loaded programmes
“Once more, when traffic is redirected to insecure servers in Russia and Belarus, the tool stops it. This is so that the Kremlin may access any server that is situated on Russian soil. We have conducted some research and we realised that a lot of Ukrainian mass media sites were using scripts that send some data to Russian servers and they even didn’t know about it,” Kryvoblotskyi said.
SpyBuster promises to be different from other comparable programmes despite the fact that it not only monitors insecure connections and apps but also bans particular software and traffic.
According to Kryvoblotskyi, the long-term strategy entails including more dangerous nations like China on this blacklist.
What’s next?
Since there are no immediate signs that the crisis between Russia and Ukraine will end, MacPaw and its staff will have to adjust to the new economic model for a while.
“We should anticipate fresh releases and product updates as new cyber dangers arise because, as we have seen, developers have been adjusting their product offerings to the new cybersecurity scenario. The fact that all is not quiet on the cyber front in Ukraine is unquestionable,” Kryvoblotskyi said.
In the meantime, MacPaw is dedicated to helping both its employees and the Ukrainian people in general. The company is providing ClearVPN 2 at no cost to all Ukrainians, and those who work in the country’s media are also eligible for a free one-year subscription to the CleanMyMac programme. Other than that, the company has been donating funds and volunteering on-site while running a series of social campaigns since the war began.