Hackers on the front lines of the Ukraine war

After Russian troops invaded Ukraine on February 24 last year, the country’s military responded with a range of defensive measures, but it also took steps to open a second front in the war—a digital one. As I reported for CJR at the time, the Ukrainian government posted appeals in online hacker forums, asking for volunteers to protect Ukrainian infrastructure and conduct digital missions against Russia. The posts asked hackers to “get involved in the cyber defense of our country,” and according to Foreign Policy, within a couple of months more than 400,000 had joined the informal hacker army.

Cybersecurity experts say Ukraine had one thing going for it when Russia attacked a year ago, at least in terms of computer warfare: it was already well aware of the risk of Russian hacking. In 2015, a digital attack crippled Ukraine’s power plants and left hundreds of thousands without electricity, and many believe hackers affiliated with the Russian government caused the outage. In 2017, a ransomware attack known as NotPetya, which most experts believe was created by Russian entities, caused an estimated $10 billion in damages globally, and much of that damage occurred in Ukraine. One year later, there have been thousands of digital skirmishes between Russia and Ukraine, but it’s unclear who (if anyone) is actually winning, or what impact all this cyber-rattling has had on the larger war.

According to a recent presentation by Gen. Yurii Shchyhol, head of Ukraine’s State Service of Special Communications and Information Protection, the country’s Computer Emergency Response Team responded to 2,194 “cyber incidents” last year, one quarter of which targeted the federal government and local authorities, Computer Weekly magazine reported. The rest involved defence and other security sectors, as well as energy, financial services, IT and telecom, and logistics. On the other side of the ledger, Russians in close to a dozen cities were greeted one day last week by radio alerts, text warnings, and sirens letting them know about an air raid or missile strikes that never came. Russian officials said the alerts were the work of hackers.

Google’s internal Threat Analysis Group says that hacking and other forms of computerized warfare continue to “play a prominent role” in the Ukraine war. The company released a report last month entitled Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, which says there has been a dramatic increase in digital attacks on Ukrainian infrastructure. The attacks have code names like Shadylook, Skyfall, and DarkCrystal. Russian targeting of users in Ukraine was twice as high last year as in 2020, Google said, and targeting of NATO countries was more than three times as high.

Google’s threat analysis group said it has also tracked a series of “self-described news entities” with ties to Russian intelligence, including News Front, ANNA News, and UKR Leaks. Narratives promoted by these groups include “Russia saving Ukraine from Nazis [and] that the US and NATO were instigators of the conflict,” the report says. The Internet Research Agency, which became infamous for running a disinformation campaign around the 2016 US election, is also still active, Google’s experts say, but the group’s activity has shifted “from a range of domestic Russian political issues to focus almost exclusively on Ukraine and mobilization,” according to the hacking report.

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said on Twitter that the Google report is “impressive work” by a company that has “more comprehensive telemetry than most SIGINT (signal intelligence) agencies today.” One of the most interesting aspects of the Google report, he said, is the “hack-and-leak integration, and the very old-school exploitation and collaboration with activists, often with disinformation and forgeries mixed in.” However, Rid did have some criticisms—the report, he says, only focuses on Russian activities in or related to Ukraine, but “that’s highly likely just one part of the picture, and probably not the most impressive part.”

Meanwhile, some experts have expressed skepticism that all these attacks and counterattacks in cyberspace are materially altering the course of the war. A report from the Center for Strategic and International Studies, a research organization based in the US, stated that: “It may offend the cyber community to say it, but cyberattacks are overrated. While invaluable for espionage and crime, they are far from decisive in armed conflict. A pure cyberattack is inadequate to compel any but the most fragile opponent to accept defeatNo one has ever been killed by a cyberattack, and there are very few instances of tangible damage.” However, the report said that cyber operations “are very useful to conduct espionage, to gain advance knowledge of opponent planning and capabilities, and to mislead.”

In August last year, researchers from the University of Cambridge, the University of Strathclyde, and the University of Edinburgh released a research paper in which they argued that “the widely-held narrative of a cyberwar fought by committed civilians and volunteer ‘hacktivists’ linked to cybercrime groups is misleading.” The researchers collected thousands of web attacks and other hacking attempts and conducted interviews with hackers and said the findings indicate that “the role of these players in so-called cyberwarfare is minor, and they do not resemble the ‘hacktivists’ imagined in popular accounts.” Contrary to some predictions, the report said, the involvement of civilian hackers “appears to have been minor and short-lived; it is unlikely to escalate further.”

Despite all the talk about the risk of cyber warfare over the past several decades, “this is the first time you’ve been able to see in real time how cyber contributes to an overall military campaign,” Dr. Tim Stevens, a senior lecturer in global security at King’s College in London, told Euronews. “Yes, it can be useful under certain circumstances, but it’s not going to win you a war.” In other words, one year in, hackers don’t seem likely to dramatically change the outcome of Russia’s invasion of Ukraine, for all the James Bond-style nicknames. The fighting on the ground will matter more.

Note: This was originally published as the daily newsletter for the Columbia Journalism Review, where I am the chief digital writer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: