A lot of experts expected Russia to start its assault on Ukraine with a massive shock-and-awe cyberattack – turning off the country’s electricity, killing the Internet and phones, emptying all the bank accounts, causing planes to fall from the sky.
Instead, Russia attacked in a fairly conventional way, sending soldiers on the ground and blowing things up, kind of old-fashioned in 2022.
Yet something must be going on. Joe Biden held a news conference a few days ago warning about potential Russian cyberattacks against the US, as if things might heat up.
There hasn’t been much news coverage of cyberattacks in the Russia/Ukraine war. Let’s spend a couple of days on an overview of the cyber conflict. When we’re done, you’ll have a better idea of how Biden’s warning fits in the bigger picture.
These are the four questions:
What has been going on?
Why hasn’t it been worse?
What are the possible ways it could get worse?
What are we doing about it?
What has been going on?
The cyberwar in Ukraine has been fought in the shadows. There have been little feints and salvos by the government of Russia and by forces aligned with Ukraine, but for the most part they have been for small stakes, with small consequences.
In early February, as tension between Russia and Ukraine was mounting, Russia launched a half-hearted series of DDOS attacks against Ukrainian banking and defense websites. Western authorities swiftly attributed the attacks to Russia’s intelligence services and helped get the websites back online quickly. Google is now helping protect 150 Ukrainian websites against similar attacks.
A satellite Internet provider, Viasat, was knocked offline by a cyberattack on the day of the invasion. Although the outage caused some disruption (including outages in wind turbine networks in Germany and other side effects across Europe), it was hardly a knockout blow for Ukrainian communications.
There have been phishing attacks and some new malware has been detected in Ukrainian networks. Some of the malware pretends to be ransomware but in fact takes down networks; others are designed to compromise a network quietly and provide access to attackers. The malware affected a few places but mostly was ineffective because it was neutralized by security companies. Most of those attacks have not been firmly attributed to the Russians yet, although it’s likely the Russian government is either behind them or supports them.
Meanwhile Ukraine has not claimed direct responsibility for any cyberattacks against Russia, but it has embraced the idea of a crowdsourced IT army, using volunteer groups coordinated through social media. They have tried to hack Russian media outlets, they’ve run some DDOS attacks on a Russian defense conglomerate, and they may be responsible for their own malware that takes down networks while pretending to be ransomware. Bloomberg reports that over 400,000 people have volunteered to try to disrupt Russian government and military targets.
Details about the various cyberattacks are here.
Russia has launched far more damaging attacks against Ukraine in the past. In 2015, Russian hackers cut off electricity to around 230,000 customers in western Ukraine. The attackers repeated the trick the following year. In 2017, another Russian attack involving malware named NotPetya disrupted Ukrainian airports, railways and banks. NotPetya spread around the world and took down a variety of businesses, including Maersk Line, Merck pharmaceuticals, DHL, and many others. It’s unclear whether it was intended to spread globally or if the Russians intended only to hit Ukraine and everything else was an “Oops!”
Nothing like that has been launched in 2022. In the cybersecurity world, the current attacks are the equivalent of two kids circling each other on the playground and taunting each other without ever really fighting. It barely rises above the level of cyberattacks that have become routine worldwide during the last few years.
Why hasn’t it been worse?
Yeah, that’s really the question, isn’t it? Because this isn’t over yet and it could still get very cyber-ugly. We’ll talk about that later.
There are several reasons that Russia hasn’t launched large-scale cyberattacks. All of them are true.
1) Russia might be kind of sucky at cyberattacks. Maybe we’ve been giving them too much credit. You know, like their army. Don’t over-emphasize this one – Russians are pretty good hackers! But this may be at least part of the answer.
2) My favorite phrase from articles about Russia/Ukraine cyber issues: “the higher efficacy of kinetic attacks.” Russia is focused on old school bombing and shooting. Once combat starts, military specialists are starting to believe that cyber operations are not likely to play a decisive role. Cyberattacks are better suited for espionage, deception, subversion and propaganda efforts.
3) Cyberattacks to shut down another country’s command-and-control or air-defense systems are hard. Russia may not have been able to get everything in place to carry off that kind of attack. Mortars and bombers are far easier.
4) Ukraine has lots of experience fending off Russian cyberattacks. They’ve improved the security of their electricity grid and they’ve hardened their business networks. They’re doing good defense.
5) The global tech sector has been helping Ukraine’s cyberdefense. Microsoft, Alphabet/Google, and others are working overtime to identify threats, patch vulnerabilities, and share information. The US and Britain dispatched cyber defensive teams to Ukraine before Russia launched its attack, and US teams are currently supporting Ukraine’s cyber defense from Eastern Europe.
6) Russia doesn’t want to destroy Ukrainian phone and data networks because Russian intelligence services are eavesdropping on phone calls and emails.
7) Russia doesn’t want to destroy Ukrainian phone and data networks because the Russian army is using Ukrainian commercial networks to communicate.
8) If Russia succeeds in conquering Ukraine, it will need the communications infrastructure to be functional.
Interesting, eh? Take all those together and it’s a plausible explanation for why the cyberwar has been relatively low-key so far. Because that’s all hindsight and it could change overnight.
So in the next article, there will be bad news and good news. The bad news is, things could get worse. The good news is, the world is actually taking some concrete steps to be prepared and stop cyberattacks before the planes fall from the sky.