The World’s First Digital War has just begun! — must read.
In the first three days of the war alone, the number of cyberattacks on Ukraine’s political and military institutions increased by 196 percent, with more than 260,000 specialists from around the world already active in the Ukrainian digital guerrilla. Both sides also support hacker groups. Ukraine — Anonymous. Russia — Putin’s “patriot hackers.” For the first time in history, we can follow a completely new face of war — in cyberspace. And there are many indications that this is only the beginning.
[Photo: Getty Images]
By the time the first Russian tanks managed to enter Ukraine on February 24, the war had in fact already begun. Not with an assault on the border. Not with bombings. Not even with attempts to seize military facilities. It began with an attack on the cybersecurity of key Ukrainian institutions.
The attack was supposed to be quiet, but so powerful that Ukraine would lose liquidity on the spot and the blockade of government websites would lead to chaos. It was to be like in 2014, when, with the annexation of Crimea, Putin’s cyber warriors managed to paralyze not only Ukrainian telecommunications networks but also the command and control system for the country’s defense.
Except that this first battle unexpectedly took place not so much in Ukraine itself, but in two completely different places. On the other side of the world, in Seattle, the headquarters of Microsoft, and a few hundred kilometers west of Ukraine, in the headquarters of a Slovakian technology company ESET, which specializes in fighting malware.
It was there that experts almost simultaneously detected wiper malware that targeted Ukraine’s financial institutions and ministries. Wiper is a type of pest that simply destroys entire servers and the data on them. To hide their traces, the attackers utilized a digital certificate issued by Hermetica Digital Ltd, a tiny Cypriot gaming developer.
Microsoft experts not only identified the threat and blocked it, but after the January cyber-attack on Ukraine they immediately notified the US services. They alerted allies in Baltic states, but even so, some of the “HermeticWiper” software managed to spread to Lithuania and Latvia.
And although this attack did not lead to digital paralysis in Ukraine, it sent a clear signal: not only did cyberwar break out. It has erupted on a global front.
This is the first war in history where cyber attacks are on par with those on the ground. And probably the first in which there is no expectation that digital operations will end along with conventional ones.
Regardless of the ultimate outcome.
The goal: information supremacy
All indications are that preparations for today’s Russian offensive have been underway for a long time. Not since mid-January and the attack on Ukrainian government websites and electronic banking. Not since last year’s “Sluice” operation on the Belarusian-Polish-Lithuanian borders, which was designed to introduce a hybrid weakening of Ukraine’s allies. Perhaps these preparations have been going on all the way back to the great NotPetya attack of 2017. An attack that actually crippled Ukraine and reflected massive losses on many companies from around the world.
[Photo by Soumil Kumar, Pexels]
Or perhaps the scenario has been in the pipeline for even longer, as today’s increasingly prominent disinformation and Russian aggressive narratives indicate.
The Kremlin-led apparatus used a multi-domain action against Ukraine. Information operations based on a multi-year disinformation campaign against the perception of the state, society, history or international relations. Conducting attacks in cyberspace, diversionary activities and influence operations. Now, with the launching of the armed attack on Ukraine, all these activities combined show the complexity of challenges that face the necessity to ensure security in the confrontation situation on all operational domains: sea, land, air and cyberspace .
From today’s perspective, it can be seen that a review of past cyberattacks targeting Ukraine confirms that most of the actions conducted by the Russian Federation were aimed at topically weakening Ukraine.
Some of the attacks were destructive in nature, aimed solely at excluding from availability the infected machines and the data contained on them, and therefore the availability of systems, sometimes critical. An equally important and inherent domain is the information space. Attempts to destabilize government communications, disrupt communications or media availability for an attacked society is an adversary’s attempt to gain control of the information message.
The goal: to achieve information supremacy.
So far we have been witnessing rather the preparation of ground for fundamental actions. — Russia was investigating accessibility, vulnerability and was looking for gaps in the whole attacked infrastructure. It also tried to leave the so-called backdoors, i.e. vulnerabilities in software allowing to break in. This was the purpose of the February 24 attack, for example. It was a DDoS attack based on clogging the servers and, as a result, paralyzing them. Hundreds of thousands of bots try to enter a given server at once, which is simply not able to accommodate such traffic. To put it in an analogous way, it would be like squeezing all the residents of a housing estate into a tiny grocery store and then being surprised that it is impossible to reach for vegetables, pay or leave, because everyone is simply stuck in the store.
[Photo by Anete Lusina, Pexels]
Only that this digital vegetable store has become a field of action for the services. That Russian GRU intelligence is behind the attempts to clog it up is virtually certain. US intelligence agencies have openly reported that it has been observed that it was the GRU infrastructure that was transmitting large amounts of data to IP addresses in Ukraine.
The fifth domain of war
From the military point of view, cyber operations in modern armed conflicts are increasingly important. Since 2016, cyberspace is officially recognized by NATO as the fifth operational domain: after land, sea, airspace and space.
Which is not to say that there is clarity on what “cyberwarfare” even is. There have been debates for years about whether the term is even accurate. A decade ago, Eugene Kaspersky, founder of Kaspersky Lab, argued that “cyberterrorism” was a better term, because in network clashes it’s generally not entirely clear who attacked and for what purpose. Ron Deibert of the now famous Citizen Lab was also against the “militarization of cyberspace” back in 2011.
However, much has changed since then. The argument that even major cyberattacks — like the power cut of nearly 230,000 people in Ukraine in 2015 or the disruption of medical care by the WannaCry virus in 2017 — did not lead to military action is no longer valid. Even if it is still difficult to directly identify human victims of cyberwarfare, the scale of the use of hybrid methods is such that more and more experts are already willing to talk about cyberwarfare.
The head of the World Economic Forum Klaus Schwab in Davos recently said that he even expects a cyberarmageddon. Personally, I do not subscribe to such a scenario, but the scale of attacks, their range and the power of destruction will be even greater and will certainly exceed the ones we have witnessed so far.
[Photo by Mati Mango, Pexels]
The mechanisms of cyber warfare are currently used by all important countries in the international arena. The goals are various: spying, sabotaging, propaganda, disinformation and even attempts to interfere in economic processes of a foreign country. The latter is particularly delicate because the global economy is a system of communicating vessels, and such interference may also have a negative impact on the country that undertakes the operation.
This was already visible during the Russian war, when it took the Western countries three days to decide to cut Russia off from the SWIFT system. The West was simply afraid that it too would suffer in such a situation.
Not so anonymous
But they are not afraid of Anonymous. The now legendary group of hacker-activists officially declared their “war” on Putin the day after Russia’s attack on Ukraine. And with a bang. Within a week, they stole and published a database of employees of the Russian Ministry of Defense, took down the websites of most ministries, offices and state institutions, blocked Belarusian banks and temporarily disabled natural gas supplies in Russia. They blocked about 300 sites in total.
“This is disinformation. If someone is going to steal your money — it will be the same commissioners who always steal it — not Anonymous. We do it for free because we are activists for activists,” Anonymous wrote on March 1.
[Photo by Tima Miroshnichenko, Pexels]
In this way, they had to straighten out the rumor that they were preparing a series of attacks on Russian banks and stealing their clients’ money. The Russian propaganda machine tried to convince Internet users and especially Russians that the blade of hacktivists’ keyboards is directed against them.
And its focus is rather on stopping the Kremlin’s digital machine. Hence the very cutting off of Moscow from the services of Tvingo Telecom — a company that provides fiber optic networks, Internet or wireless communications. The seizure of Russian military communications, even specifying its “USB 4220 kHz” frequency, or the latest attack on the control center of the Russian space agency Roskosmos so as to disable Russian spy satellites.
But perhaps the most spectacular action was the takeover of Russian propaganda television channels. Since the beginning of the war, the Kremlin has been very careful to ensure that within Russia itself the public is convinced of the peaceful nature of the military operation. The official propaganda argues that there are no casualties in Ukraine, and the inhabitants even greet the soldiers with flowers as if they were liberators after the German occupation. To uncover the truth, Anonymous took over the main channels of Russian television and switched the signal in them. As a result, Russians were able to learn about the war, the casualties and the cruelty of Russian troops. And this may have come as a shock to many of them.
It was actually obvious for Anonymous to side with the Ukrainians. This decentralized group, numbering tens if not hundreds of thousands of specialists, is a strong weapon on the side it takes to fight. And it picks the weaker sides fighting against dictatorships both political and financial. In 2009 it helped Iranians protesting against electoral fraud, a year later it supported Julian Assange and the creators of WikiLeaks, it was also the digital arm of the Arab Spring and was heavily involved in the fight against ACTA. And several times with the Kremlin.
But all this happened mostly about a decade ago. Today, after the wave of arrests of hacktivists that took place a few years ago, Anonymous is not necessarily the same loose collective of cyber-activists inspired by romantic ideas from movies about unrepentant hackers.
[Photo by Tima Miroshnichenko, Pexels]
There are many indications that their current operation is a “false flag” operation. It is too well-coordinated and well-thought-out for the actions of grassroots volunteers who would attack anything as it flies. Instead, it is clear that they are attacking selected areas of the Russian infrastructure, there are attempts to break into banking and data communications networks, i.e. critical areas.
Anonymous is fighting in specific ways. Mainly for access to information sources. They take down propagandistic Russian websites and put their own, with real data, under them. This kind of fight is not accidental — after all, Russia is a power with a century-long tradition of lies and propaganda.
The capabilities of the Anonymous group are enormous. Let me remind you that it is an international organization, bringing together the elite of cybercriminals, which I do not exclude that there are also Russian, Belarusian or Ukrainian citizens. So people who represent states parties to the conflict. However, these are the key persons when it comes to, for example, knowledge of Russian language, which is necessary for reading Russian system security of computer networks .
Volunteer IT army
The longer the war in Ukraine continues, the clearer it becomes that the situation in cyberspace is starting to escalate. And not only because more hacker groups are entering the front lines, often standing on two sides of the conflict. Because while on one side are Anonymous, on the other are the Russian group #Conti. How much this has escalated is shown by the fact that Ukraine itself has asked for support in the fight on the digital front as well.
Just a few days ago, it did not want to create an institutional cyber army, but now, through the mouth of the Minister of Digitalisation, Mykhailo Fyodorov, it has officially appealed to experts from all over the world to join the government-led IT Army made up of Ukrainian technology companies and thousands of cyberspecialists. This is an unprecedented action and proclamation. But no wonder, because according to the Israeli company Checkpoint, in the first three days of the war alone, the number of cyber attacks targeting Ukrainian political and military institutions increased by as much as 196 percent. And there is no shortage of those willing to defend themselves. Nearly 260,000 cyber-soldiers have already joined Army IT, according to Livia Tibirna, an expert at French cyber security firm Sekoia.
Security measures have also been taken by NATO’s eastern flank countries.
“In response to Ukraine’s request, Lithuania, the Netherlands, Poland, Estonia, Romania and Croatia are activating cyber rapid response forces to help the (Ukrainian) authorities respond to cyber security challenges,” Lithuanian Deputy Defense Minister Margiris Abukevicius tweeted on Day 6 of the Russian invasion.
Of course, Ukraine is not defenseless. It has learned lessons from both the 2014 and subsequent 2015 and 2016 attacks on its energy infrastructure, but most importantly from the aforementioned 2017 NotPetya. And it has invested heavily in its digital defenses.
[Photo by Tima Miroshnichenko, Pexels]
Ukraine has been in a state of undeclared war by the Russian Federation since 2014. The Ukrainian state’s cyber capabilities have significantly improved, developed over the years. Not only in the domain that is controlled by the state administration, but also in the non-governmental domain, where specialized groups — let’s call them colloquially hackers — conducted and are conducting activities that weaken the potential of offensive actions of the Russian Federation against Ukraine.
One of the elements is de-anonymization of, for example, Russian military operators who conduct operations in Ukraine. The second are actions like: tracking and tracing, actions connected with espionage, acquiring information, which can harm Russia and decompose its hostile actions.
Moreover, such digital rearmament is progressing everywhere.
The threat of cyber warfare and attacks from states, but also what the effect of this will be on cyber armaments, is already clearly visible in the stock markets. Shares of cyber security companies have jumped. The value of CrowdStrike, whose experts discovered the 2016 Russian hack of Democratic servers, has risen as much as 30 percent in the past five days, Palo Alto Networks by a quarter and Cloudflare by more than a third.
Reuven Aronashvili, co-founder of the Israeli Cyber Army and now head of cybersecurity firm CYE, said in an interview with the Financial Times that within 2 days of the Russian invasion, the number of inquiries from potential customers had increased 10-fold. It looks like a cyber arms race is beginning.
[Photo by cottonbro, Pexels]
In their latest military operational concepts, so-called multi-domain concepts, countries such as China and the U.S. are clearly indicating that the use of cyberspace in military operations will occur on an ongoing basis.
Cyber conflict globally is already underway. The involvement of state actors in conducting attacks on Ukraine will not distract them from cyber espionage activities that are being conducted against other states. And in the case of Russian or Chinese activists targeting the penetration of the NATO alliance system, these activities are going on all the time. And we cannot expect them to weaken .
Lies, propaganda, disinformation
Since the beginning of the war, reports of companies monitoring the Internet have been informing us about the accumulation of trolls and disinformation in the Internet.
Russian tactics of gaining control over information message, even supremacy, became more and more visible. — The recent attack on the TV tower in Kiev by the Russian military can be assessed in the category of actions serving to create conditions for carrying out a psychological operation. Russians probably planned to gain control over information broadcasts by cutting off the society from Ukrainian messages. — Then they planned to disrupt the communication of military units with the command in order to use the moment of inaccessibility of communication to conduct a psychological operation based on false theses about the surrender of Kiev and the Ukrainian army.
[Photo: Press materials]
However, this particular operation did not come to fruition. Which does not mean that Russia will not take further actions.
Creeping, long, cold
Experts agree on one thing: there is no country in the world that is 100 percent immune to cyber attacks. And there won’t be, because the whole game is about constant rearming and developing the tools we already have — both defensive and offensive. That is why an attempt to cut Russia off from modern technologies plays such a large role in the strategies of the West and NATO.
Just as during the Cold War the West blocked the Eastern Bloc countries’ access to modern technologies, including computer technologies, with the special CoCom agreement, which threw the USSR and its satellites into a serious developmental impasse, similar ideas are now returning.
[Photo by Markus Spiske, Pexels]
Almost directly, vividly are quoted today solutions from the embargo on technology there. So we have a recurring ban not only on the export of dual-use technology, but all modern technology in general. This is an attempt to push the Russian military sector to an almost analogue state.
If it succeeds, the new cold war in the hybrid edition will indeed remain cold. If not, however, the reality that awaits us will not look like a 20th-century never-ending arms race.
The digital offensive has been going on for too long, the investments in digital solutions are too large, the actors willing to use digital tools too many. And the global digital war may turn out to be not only a permanent state of affairs, but also not so cold.
That’s all for now
Share the word about this article
Follow me @cybersamarth
J Sai Samartha
Ethical Hacker & Security Researcher
Cheers, Happy Hunting 👍