Firmware prank causes LED curtain in Russia to display ‘Slava Ukraini’ — police arrest apartment owner

The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country’s armed forces after a neighbor alerted the police to the message ‘Slava Ukraini’ scrolling across their LED curtains.

When police went to the scene, they saw the garland which the owner had hung in celebration of the New Year and a “slogan glorifying the Armed Forces of Ukraine,” as a spokesperson for the Ministry of Internal Affairs told state-owned news agency TASS.

The apartment owner said the garland was supposed to display a “Happy New Year” greeting, TASS reported.

Several other people in Russia described a similar experience on the AlexGyver web forum, linked to a DIY blog popular in the country. They said at the stroke of midnight on New Year’s Eve, their LED curtains also began to show the “Glory to Ukraine” message in Ukrainian.

It is not clear whether any of these other posters were also arrested. The man in Veliky Novgorod will have to defend his case in court, according to TASS. Police have seized the curtain itself.

An independent investigation into the cause of the message by the AlexGyver forum users found that affected curtains all used the same open-source firmware code.

The original code appears to have originated in Ukraine before someone created a fork translated into Russian. According to the Telegram channel for AlexGyver, the code had been added to the original project on October 18, and then in December the people or person running the fork copied and pasted that update into their own version.

“Everyone who downloaded and updated the firmware in December received a gift,” the Telegram channel wrote. The message was “really encrypted, hidden from the ‘reader’ of the code, and is displayed on the first day of the year exclusively for residents of Russia by [geographic region].”

Oleg Shakirov, an independent Russian cyber policy researcher, compared on social media the LED incident to other examples of open-source software manipulation within the context of protesting the invasion of Ukraine.

These included an intentional amendment to the JavaScript library node-ipc that checked to see if its host machine used an IP address based in Russia or Belarus, and if it did write over all of the device’s files with a heart symbol, as reported by The Register.

Beyond the consequences for the arrested man, the LED prank is unlikely to be remembered as one of the more significant cyber actions of the war between Russia and Ukraine, although it highlights the potential vulnerabilities caused by software dependencies.

Last month, an investigation by Radio Free Europe reported that Russia's intelligence services might have been obtaining video footage from thousands of Ukrainian surveillance cameras equipped with a Russian software program known as Trassir.

On Tuesday, Ukraine’s security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine’s capital, Kyiv.

Numerous supply chain attacks have been observed during the course of the conflict, with Google’s Mandiant unit last year warning that hackers had been targeting Ukrainian government networks using fake Windows installers.

In March of last year, Rosaviatsia — responsible for regulating civil aviation in Russia — reportedly had to switch to pen and paper after a reported supply-chain attack, resulting in the collapse of its entire network and the loss of more than a year’s worth of emails. The agency denied the reports.