For decades, security experts and world leaders alike have been proposing that the battles of the future will occur partially within the digital domain. After a handful of years plagued with ransomware attacks, misinformation campaigns, espionage and sophisticated hacker gangs inflicting state-sponsored disruption, it would appear that the future has finally come in the form of Russia’s “hybrid war” effort against Ukraine.
While the threat of nuclear warfare has remained a specter for generations, the notion of cyber warfare has been steadily percolating in the background as nations all over the world leverage the internet to gather intelligence, defend against foreign espionage strategies and develop offensive online manners in which to both demoralize and logistically hinder opposing nations and organizations.
Russia’s online attacks against Ukraine have thus far not had devastating effects. However, they do highlight how a determined country can infiltrate another nation’s sovereign space without a single boot crossing the physical border. Russia’s campaign is also seen as the first actual implementation of cyber tactics during armed conflict between developed nations.
While it appears that Russia may be taking an everything-but-the-kitchen sink, experimental approach to how they wage cyber war on Ukraine, current events shed light on the ways in which we can expect such efforts to be developed and carried out in future skirmishes.
Attacks on Ukraine’s power grid and infrastructure
While Russia’s takedowns and defacements of Ukraine’s government websites are provocative and confrontational, such hacks have little bearing on day to day life and generally serve more as acts of disrespect and defiance.
Attacks that shut down, slow or otherwise disrupt the utilities and institutions that people depend on, however, could be used to drastically impact an adversary’s movement and morale.
2015 and 2016 saw attacks waged directly on Ukraine’s power grid. The 2015 hack, the first known successful shut down of a major power provider, resulted in a six hour long blackout that affected 230,000 people. 2016’s attack was a shorter but more sophisticated assault on the power supply to Ukraine’s capital city, Kyiv.
Ukrainian authorities attributed the attacks to Russian hackers.
A country that suffers severe disruptions to the internet, water treatment facilities, hospital networks and the supply chain could find itself unable to share conflict-related information, treat the wounded or access food and weaponry. In a world that grows more dependent on internet connectivity and the uninterrupted flow of data with each passing day, depriving an opposing nation of both would take a devastating toll on its defensive and logistical operations.
Given reports that data-wiping software has been found on hundreds of computers in Ukraine, the threat of a widespread, pre-emptive launch of malicious code that could be remotely executed with strategic timing highlights the need for robust cybersecurity measures that not only prevent such an infiltration but also detect and isolate compromised systems.
Social engineering and disinformation
Russia is attempting to misinform Ukrainian soldiers and citizens to chip away at their confidence in the country’s ability to defend itself, as well as its current standing in the conflict.
It has been reported that Russian media sources have attempted to dampen Ukrainian morale by incorrectly stating that the president has fled the country and that large numbers of Ukrainians are surrendering to Russian forces or welcoming them as liberators.
Messaging of Russian origin has described the invasion as one of “unification” and an effort to purge Ukraine of “nazis.” Putin has also been making an effort to turn Ukrainian forces against their government, likely probing for any separatist sentiments that may be present in the country’s military. At this point in time, that particular campaign appears to have had little effect on Ukraine’s fighting spirit in the face of Russian occupation.
The strategy, however, is effective in theory.
A carefully curated disinformation campaign supplemented by fraudulent social media accounts and “fake news” can allow an adversary to weaken a country from within by encouraging citizens to doubt the validity of their institutions, their leaders, the media and the national loyalty of their own neighbors in a way that extends far beyond healthy skepticism.
By socially engineering the population via the internet, elections can be influenced, public opinion can be manipulated and unification of the citizenry can become challenging due to distrust and a loss of the objective truth.
It could be easily argued that the deep political divisions that continue to widen in the US can be attributed to social media algorithms that prioritize and spotlight inflammatory, sometimes fabricated content and the calculated cultivation of mistrust that organizations ranging from media outlets to political campaigns as well as foreign agents utilize to bend narratives to their will.
Manipulating a country into chaos using these methods, an aggressor can weaken their target without the use of physical force by eroding a population’s spirit of unity.
A deployment of ballistic weaponry will cause death and destruction, but will make the world take notice instantly and erase any possibility of denial. A slowly burning disinformation campaign initiated by a savvy, patient regime, however, can rot a nation from the inside out while also preserving deniability due to the nebulous, challenging nature of tracing cyber activity and crime.
Cyber defenses from within Ukraine
It should be noted that when it comes to cyber expertise, talent and sophistication, Ukraine is no slouch. Being Russia’s cyberwarfare guinea pig for years has given the country an acute understanding of the importance of keeping up with the latest and most effective online defense strategies.
The unending pressure on the country’s elections and operations has cultivated a population rich with IT professionals. It has also attracted international security firms and research organizations who welcome the opportunity to dive into the front lines in order to get a leg up on any potential threat actors or tactics that could crop up elsewhere.
Ukraine is second only to India when it comes to providing the world with a steady supply of outsourced IT specialists.
Putin may discover that years of relentlessly meddling in Ukraine’s cyberspace has not worn down the country’s online defenses as hoped, but rather allowed for a unique degree of inoculation by creating an environment in which people have become accustomed to continually keeping cybercrime at bay.
Additionally, the Ukrainian Ministry of Defense has tapped into its citizenry and asked for volunteers among the population to assist in defending the country’s online space from Russian attack. Hundreds of vetted volunteers have thus far been divided into a defensive group, tasked with keeping the country’s utilities and power grid operations safe, and an offensive group that is to focus on espionage and hacking Russian banks, fuel suppliers and more.
Cyber defenses from afar
Putin’s disregard for global stability and the rights of Russian citizens in the interest of his own wealth and power have long made Russia a pariah amongst most other developed nations. His unprovoked invasion of Ukraine has likewise given the international ethical hacking and cybersecurity communities a common enemy.
Anonymous, a self-described “anti-oppression” hacktivist collective with a long history of waging digital battles against American far right hate groups, the Islamic State, former US President Donald Trump, police departments and even the CIA has declared “cyber war against the Russian government.”
Thus far, Anonymous has claimed to have broken into the Russian Ministry of Defense database and knocked several Russian government websites offline.
Anonymous has also hacked various Russian state-run television stations, replacing the programming with information regarding the truth about the country’s actions against Ukraine, pro-Ukraine imagery and Ukrainian music. The majority of Russia’s population, fed a steady diet of state-sponsored media, remains ignorant to the real nature of the conflict with even the parents of conscripted soldiers not knowing where their children are or what they are participating in.
Space-X CEO Elon Musk has stated that the company’s Starlink internet satellites are now active in Ukraine. Thus far, internet connectivity has been “generally available,” but Space-X’s satellites will allow for continued access in the event of a shutdown attempt.
European countries, including Croatia, Poland and Estonia have pledged to provide security support for Ukraine along with Australia, New Zealand and Japan among others.
On the world stage, US President Joe Biden has been vocal about leveraging harsh sanctions to apply political and economic pressure on Putin and the Russian oligarchs who both benefit from and support his leadership.
When it comes to hacking, however, the US is characteristically and deafeningly mum.
Said to have the world’s best tools and expertise at its disposal, the US military is remarkably secretive about its cyber capabilities and campaigns. Unlike countries like China and Russia, who do little to mask or deny their cyber efforts outside of winking denial, it would appear that America prefers to leave the details of its online work almost completely classified.
Because of this, it is difficult to determine what efforts the US has been making with regard to the current conflict. However, intercepted Russian information regarding Moscow’s “false pretext” had been declassified prior to their invasion with the intention of preparing Ukraine, and the world at large, for an onslaught of misinformation orchestrated by Russia with regard to their intentions.
Early reports claim that President Biden was presented with a menu of cyberattack options to initiate against Russia, although the White House has since denied that such a meeting took place.
While it is yet to be seen how America’s cyber strategies will play out, one can assume that the US will continue to adhere to a cyber strategy that keeps its cards close to the vest. This direction has likely been adopted in order to preserve the integrity of its operations but also to avoid opening itself up to the scrutiny that would surely follow any revelations regarding gray area operations into international cybersecurity matters.
While Russia’s cyber efforts thus far appear to be chaotic, blunt force attacks, the battle in Ukraine will no doubt serve as a blueprint for other nations to follow should they wish to undertake their own hybrid assaults.
Power hungry regimes all over the world are carefully taking note of what works, what doesn’t and how Russia’s efforts could be mimicked, refined and customized to suit their needs.
We have already witnessed authoritarian strongmen in other countries utilize social media campaigns to slaughter dissidents within their own borders. We have seen longtime political enemies such as Iran and Israel take pot shots at one another with disruptive cyberattacks against public transport and even online dating sites, daring one another to make a move that could spark an outright conflict.
Even if Russia’s cyber aggression towards Ukraine proves to be mostly ineffective, it will nonetheless pave the way for future maneuvers and has delivered the world into a new era that has been a long time in the making.
Attacks that utilize malware or viruses are also likely to result in collateral damage, as they will certainly not remain contained within the borders of a targeted country. This means that the deployment of malicious code in an effort to weaken an enemy would likely result in the malware spreading globally to countries far removed from the actual conflict, opening them up to further espionage or damage.
After years of warnings and inevitability, it would appear that the Pandora’s box of cyber warfare has finally been cracked open.
- Ukraine power cut ‘was cyber-attack’ 11 Jan 2017, BBC
- The Russia-Ukraine cyberwar may have already begun. Is the United States next? By Sara Morrison, 25 Feb 2022, Vox
- Russia is using an onslaught of cyber attacks to undermine Ukraine’s defence capabilities by Mamoun Alazab, 25 Feb 2022, The Conversation
- Here’s what cyber pros are watching in the Ukraine conflict by Joseph Marks, 24 Feb 2022, The Washington Post
- US braces for Russian cyberattacks as Ukraine conflict escalates. Here’s how that might play out by Rishi Iyengar, 24 Feb 2022, CNN Business
- Ukraine Asks for Hackers’ Help by Sarah Coble, Feb 25 2022, Infosecurity
- Anonymous: the hacker collective that has declared cyberwar on Russia by Dan Milmo, 27 Feb 2022, The Guardian
- Elon Musk says SpaceX Starlink satellite internet service in Ukraine is activated by Emma Tucker and Melissa Alonso, 27 Feb 2022, CNN
- Ukraine Creates IT Army of Volunteer Hackers and Orders Cyber Attacks on Russian Websites by Jody Serrano, 27 Feb 2022, Gizmodo
- Remarks by President Biden on Russia’s Unprovoked and Unjustified Attack on Ukraine 24 Feb 2022, The White House