The fog of cyberwar descends on Ukraine and Russia
Hackers are attacking both countries, but their allegiances and motives can be murky
The Russian invasion of Ukraine has been accompanied by a rash of cyberattacks from all sides, as hackers with a wide range of allegiances take up digital arms.
Hours before the invasion began, there was a “new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure”, Microsoft said in a February 28 blog post. Earlier in the month, Ukrainian banks and defence websites had been taken offline in attacks the US government has attributed to the Russian state. Hackers linked to Belarus, a Russian ally, have also carried out cyberattacks on the Ukrainian military, according to the cybersecurity firm Mandiant.
The Ukrainian government, meanwhile, has urged hackers to target Russia. Ukrainian tech workers shared tips online on deploying malicious software aimed at military officers and government officials. Twitter accounts have appeared purporting to have stolen documents from Russian banks and government entities. In Belarus, a group of activist hackers said they had paralysed part of the country’s rail system in an attempt to slow down Russian troops, though their claims could not be independently verified.
The Russian-Ukrainian conflict illustrates the increasing importance of digital attacks as part of a kind of hybrid warfare that has begun to emerge.
The Russian-Ukrainian conflict illustrates the increasing importance of digital attacks as part of a kind of hybrid warfare that has begun to emerge in recent years. In fact, the countries already have a history as a testing ground for cyberwarfare tactics. Twice since Russia’s 2014 invasion, hackers have targeted the computer systems underpinning Ukraine’s electrical grid, cutting off power temporarily while demonstrating Russia’s capabilities to other potential antagonists.
In the weeks leading up to February’s invasion, Ukrainian government websites were defaced to display messages telling users their data had been uploaded to the internet, or targeted with software that experts said was designed to render the computers unusable. The Ukrainian government said evidence suggested the involvement of hacking groups tied to Russian intelligence in those attacks, charges that Russia denied.
The anonymity cyberattacks provide is part of their power, and digital activity since Russia’s invasion has demonstrated how hard it is to be sure who is behind an attack or what they are trying to accomplish. “It’s impossible to know what someone’s motivations are or what lurks in someone’s heart,” says Emma Best, a co-founder of Distributed Denial of Secrets, which publishes leaked documents, sometimes from anonymous sources. “That’s always true, but especially during heightened times of tension or crisis.”
Many people operating with divergent agendas, for instance, have over the years taken credit for attacks under the flag of the hacker collective known as Anonymous. The group no longer exists as most people think of it, but various accounts associated with it have recently re-emerged, “declaring cyberwar on Russia”, according to the Guardian.
Hackers often have an incentive to pretend they are someone else. Criminals can pose as state actors to intimidate victims, while government-employed hackers may pose as independent political activists or criminals to sow confusion.
“We are for sure, without any hesitation, starting to see false-flag operations appear,” says Jim Guinn, who leads the global cybersecurity practice at the consulting and IT firm Accenture. Guinn and other experts have observed hackers exploiting the increase in political attacks associated with the Russian invasion as a cover for breaking into networks and stealing data for their own ends.
Sophisticated attackers will sometimes try to confuse forensic investigators by using publicly available hacking tools, or tools associated with other hackers, even if they have more advanced techniques at their disposal.
“If you wanted to steal pictures of someone’s diary and get away with it without them knowing, you’d break into their house, flip over the mattresses, and steal their TV to make it really look like a stupid burglary,” says Andrew Morris, founder of cybersecurity firm GreyNoise Intelligence.
So far the conflict has lacked chillingly destructive hacks like the 2014 attack on Ukraine’s power grid or the 2017 NotPetya attack, which Western intelligence agencies have described as a Russian move against Ukrainian targets that ended up also causing significant damage to corporations globally. But experts worry the chances of dangerous cyberadventurism will increase the longer the conflict goes on, whether it comes from Russia or other entities without direct involvement in this conflict.
“We should all just take a moment and light a candle and pray,” Guinn says. “Because I do believe that there are bad actors that are watching and learning how the world responds, and may determine that it’s OK for them to advance their agenda by launching additional cyber and kinetic events against their adversaries.”
More stories like this are available on bloomberg.com/businessweek.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.