Russia is home to some of the most skilled hackers in the world. However, in the early stages of the conflict in Ukraine, Russia’s ability to use malware to cause havoc hasn’t been much noticeable.
Instead, Ukraine has mobilized sympathetic volunteers hackers to help pay the Kremlin for its war on Ukraine. Experts warn that this cyber-free-for-all could escalate a moment fraught with extraordinary danger, after Russian President Vladimir Putin placed his nuclear forces on alert.
The internet in Ukraine is mostly working, the president can still rally support from around the world via his smartphone and its power plants, as well as other infrastructure, are still functional. It has not been the case for cyberattacks as severe as those that were expected to follow a large-scale Russian military incursion.
Michael Daniel, an ex-White House cybersecurity coordinator, stated that it has not played the same role as people believed it would and has not been seen in Ukraine to the degree people feared. That could change, however.
It is not clear why Russia hasn’t been able to land a stronger cyber attack. Russia could have decided that the impact would not be severe enough. Ukraine’s industrial base, for example, is much less digitalized than those in Western countries. Russia could have decided that Ukraine couldn’t be seriously damaged without causing collateral damage outside its borders.
Many cybersecurity experts believe that the Kremlin prefers to keep Ukraine’s communications open for intelligence purposes, at least for the time being.
Whatever the reason, the early days of the conflict were marked by cyberattacks at lower levels that appeared to have been carried out both by state actors and freelancers.
Before the invasion, hackers defaced or knocked down websites of the Ukrainian government and attacked some servers with malicious malware. An ad-hoc army of hackers, some of them marshaled online from Ukraine’s SBU security services — claim credit for the takedowns of Russian media and government sites.
The IT Army of Ukraine is a volunteer group that has over 230,000 followers on Telegram. They are constantly looking for targets to hack, such as Russian banks or cryptocurrency exchanges.
Ukraine’s SBU officially announced Monday that it was recruiting volunteer hackers from allies.
“CYBER FRONT NOW OPEN!” “Help Ukrainian cyber experts hack occupants’ platforms!” it posted on Telegram, asking for tips about vulnerabilities in Russian cyber defenses.
Gabriella Coleman, an anthropology professor at Harvard who has documented the rise of hacktivism, said that this is the first time that the states have asked citizens and volunteers to attack another state.
This is a reflection of Ukraine’s dependence on its citizens in other areas of defense.
“It shouldn’t surprise that Ukraine is using all available resources to defeat the Russians, a much more powerful foe. “Just like how civilians fight on the streets, it doesn’t surprise me that they are trying out civilians to support these through the digital space,” stated Gary Corn, a former Army colonel and general counsel to U.S. Cyber Command.
The Belarus Cyber Partisans hacker group, which first appeared last year claimed Monday that they had disabled a rail service in Belarus. This is the northern neighbor to Ukraine, from which many prongs of Russia’s military attacked. They are trying to stop Russian troop and hardware movement through Belarus.
Sergey Voitekhovich is a former Belarusian railway worker and runs a Telegram group that deals with rail. He told The Associated Press the Cyber Partisans’ digital sabotage Sunday caused train traffic in Belarus to be stopped for 90 minutes. He stated that electronic ticket sales were not working as of Monday evening.
Cyber Partisans was a hack that was meant to disrupt Russian troop movements within Belarus. It was only the second such attack in just over a month. Voitekhovich claimed that the current attack caused delays to two Russian military trains heading for Belarus, departing from Smolensk in Russia. The authenticity of his story cannot be independently verified. Voitekhovich spoke with the AP in Poland. Voitekhovich said that he was forced to leave Belarus by police.
The Conti gang’s ransomware criminals have pledged to use all their resources to attack the “critical infrastructures of an adversary” in a recent posting. Soon afterward, sensitive chat logs believed to be belonging to the gang were posted online.
Experts warn that the situation could spiral out of control as partisans from both sides promise more serious cyberattacks.
Jay Healey, a Columbia University cyberconflict expert who opposes the private sector hacking against Russian or other state-backed cyberattacks, stated that “De-escalation” and peace are difficult enough without external hacking.
Potential “false flag” attacks, in which hackers pretend to be another person when they launch an attack, are a speciality in cyber conflicts. Cyberattacks are almost always difficult to attribute and it could get even more complicated in the fog of war.
Some cyberattacks have already had some spillover. Cybersecurity researchers stated that several hours prior to Russia’s invasion, cyberattacks were launched against Ukraine’s digital infrastructure. They damaged hundreds of computers using “wiper malware” — including one financial institution and offices in Lithuania and Latvia.
Brad Smith, Microsoft’s President, stated Monday in a statement that attacks on civilian targets raise serious concerns under the Geneva Convention.
Smith pointed out that cyberattacks, like the ones in mid-January, “have been precisely targeted” and that “indiscriminate malware technology has not been used to spread through Ukraine’s economy or beyond its borders in 2017 NotPetya attacks.” Smith was referring specifically to the “wiper”, which caused more than $10 Billion of damage worldwide by infecting Ukrainian companies with malware that was downloaded via a tax preparation software upgrade.
The West has attributed the attack to Russia’s GRU military Intelligence Agency. It also blames them for some other very damaging cyberattacks, including two that knocked out part of Ukraine’s power grid in 2015.
This conflict has so far seen nothing like it. Officials say that it may be happening.
At a Monday event, Mark Warner, Chairman of the Senate Intelligence Committee stated that he was “pleasantly surprised” so far by Russia’s inaction against Ukraine. “Do I expect Russia will up its cyber game?” Absolutely.”