- Identifying the source of a cyberattack isn’t straightforward: Hackers can go to great lengths to make it seem like someone else is responsible.
- Since 2015, Ukraine has reported hundreds of thousands of cyberattacks, including on its power grid.
- In the days leading up to the war, the websites of Ukraine’s defense ministry, army, and government offices went down, as well as those of several of its largest banks.
On February 24, the Russian military invaded Ukraine, attacking the nation’s capital and other major cities from the air, ground, and sea.
“A full-scale war in Europe has begun,” Mykhailo Podolyak, advisor to Ukrainian President Volodymyr Zelenskyy, told the Associated Press.
Russia has been assaulting Ukraine in less visible ways for years, using sophisticated cyberattacks to crash the websites of its banks, utility companies, and government offices — and it’s now ramping up the digital front, too.
Under cyberattack: There’s no question that the physical attacks on Ukraine are being levied by Russia — the world has been watching Russian troops gather at the border for weeks, and President Vladimir Putin announced the “special military operation” on television.
But identifying the source of a cyberattack isn’t so straightforward — hackers can go to great lengths to make it seem like someone else is responsible, so investigations can be time-consuming and expensive.
“A full-scale war in Europe has begun.”MYKHAILO PODOLYAK
Case in point: in December 2015, hundreds of thousands of Ukrainian homes were left without power for hours after hackers attacked three of the nation’s energy companies, marking the first publicly acknowledged successful cyberattack on a country’s power grid.
Ukraine almost immediately blamed Russia, and U.S. officials followed suit in February 2016, but it wasn’t until 2020 that the U.S. was ready to reveal enough detail to name and charge six Russian hackers for the attack.
“Aggressive cyber operations are tools that can be used before bullets and missiles fly.”JOHN HULTQUIST
We still don’t know if the charged hackers were operating independently or directly on behalf of the Russian government, which has denied any involvement. That plausible deniability makes it hard to deter future attacks by holding those responsible accountable.
This allows cyberattacks to weaken a nation, prior to launching a physical strike that it can’t deny.
“Aggressive cyber operations are tools that can be used before bullets and missiles fly,” John Hultquist, head of intelligence for cybersecurity firm Mandiant, told MIT Technology Review.
The latest: Since 2015, Ukraine has reported hundreds of thousands of other cyberattacks — including another one targeting its power grid — and in the lead up to Russia’s physical invasion, the attacks have escalated rapidly.
“We have nothing to do with it. Russia has nothing to do with these cyberattacks.”DMITRY PESKOV
On January 14, about 70 Ukrainian government websites displayed an ominous message — “be afraid and prepare for the worst” — just prior to going down. Ukraine blamed Russia, and Russia, as always, denied it.
“We have nothing to do with it. Russia has nothing to do with these cyberattacks,” Dmitry Peskov, Vladimir Putin’s spokesperson, told CNN. “Ukrainians are blaming everything on Russia, even their bad weather in their country.”
On February 15, the websites of Ukraine’s defense ministry, its army, and two of its largest banks were brought down — the largest attack of its kind against Ukraine — and on February 23, the sites of several banks and government offices went down.
The latter attack included a sophisticated malicious software (malware) designed to wipe the data on infected machines — a level up from previous attacks that temporarily rendered websites unusable.
Virtual defense: While other nations may be understandably hesitant to join any fighting on the ground in Ukraine, several — including Australia, the U.K., and the U.S. — have offered to help combat cyberwarfare.
On February 22, Lithuania announced that it would be sending a Cyber Rapid Response Team to Ukraine. It is the first deployment for the CRRT project, which launched in 2020 to prepare teams of cyber experts to rapidly come to the aid of EU allies under cyberattack.
“We can save data, and we can delete data and prevent capturing all this data.”VICTOR ZHORA
Ukraine itself has been building up its cybersecurity defenses against Russia in recent years, and part of that has meant looking for ways to keep valuable data — such as the names and addresses of Ukrainian citizens on Russia’s enemies list — out of the Kremlin’s hands.
It increasingly has stored sensitive information on centralized databases in its capital of Kyiv — not on government employees’ computers — and says it has contingency plans in place if it looks like Russia is going to gain access to those offices. (At press time, Russian forces appeared to be closing in on the capital.)
“We have plans and we have scenarios,” Victor Zhora, a senior Ukrainian cyber defense official, told Politico. “We can move to new locations. We can save data, and we can delete data and prevent capturing all this data.”
On the offensive: Cyberwarfare isn’t just something Ukraine has to defend against — Russia is just as reliant on networked technology, and Ukraine and its allies may launch their own cyberattacks.
On February 24, four U.S. officials familiar with the situation told NBC News that President Joe Biden is considering options for launching a cyberattack against Russia, potentially disrupting its internet, power, or train services.
“A Russian invasion of Ukraine may redefine how we think about cyber conflict.”JASON HEALEY
After NBC published its report, Emily Horne, a spokesperson for the National Security Council, commented that it “is wildly off base and does not reflect what is actually being discussed in any shape or form,” but didn’t specify what is being discussed.
Even if the U.S. isn’t prepared to go on the digital offensive against Russia, though, someone is — Doug Madory, a global internet analyst, told AP News that major Russian websites, including government and military sites, were attacked and unreachable the day of the invasion.
The big picture: The situation in Ukraine is evolving rapidly, and it’s hard to predict what role cyberwarfare will ultimately play, especially with the nation in the midst of physical warfare — at the time of writing, dozens of Ukrainians have been killed and Kyiv is potentially “hours” from falling.
Still, militaries around the world will no doubt be paying careful attention to how the battle plays out virtually, as it could foreshadow the future of war for years to come.
“A Russian invasion of Ukraine may redefine how we think about cyber conflict because it will be the first time a state with real capabilities is willing to take risks and put it all on the line,” Jason Healey, a cyber conflict researcher at Columbia University, told the Washington Post.
This article was originally published by our sister site, Freethink.