“The war in Ukraine is leading both Moscow and Kyiv to engage in increased cyberattacks that are destructive to both infrastructure and civilian lives from meddling with energy networks to manipulating people into committing violent acts,” according to Luke Rodeheffer of the Jamestown Foundation. Both sides are engaging in activities that will leave their mark on the world for years to come as the war has increasingly blurred the lines of official state actions and those of non-state cyber actors. Criminal hacking groups and official intelligence organizations are developing working relationships that offer attractive opportunities to collaborate with good pay.
As the kinetic war drifts into the cyberspace domain, some members of government agencies are moonlighting as hackers and coordinating their activities over the Internet. Early on in the war Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation, announced that the country needed a volunteer Information Technology (IT) Army capable of coordinating activities against Russian targets using Telegram.
Today that IT Army distributes free hacking tools to its volunteers for conducting cyberattacks on the Russian infrastructure and companies. Using tens of thousands of network devices, Ukraine’s volunteers have had success in performing distributed-denial-of-service attacks. “Ukraine has conducted a large-scale call center fraud operation targeting Russia, particularly older and more gullible Russian citizens, which is forcing the Russian state to increase surveillance on communication networks,” says Rodeheffer.
In late June the IT Army overwhelmed Russian target Internet infrastructure with “connection requests” that ultimately led to interruptions in Mir, Russia’s national payment card system, according to Lizzie Simpson writing for Habr. She quotes a Forbes interlocutor in the Russian information security industry as saying: “The attack is 100%, and this is the work of the IT army of Ukraine.” Confirmed attacks such as the Mir incident are changing the character of warfare and are challenging for international security networks to control. The intensity and breadth of the attacks continues to increase on both sides of the conflict, however, it started long before the invasion.
As early as 2010, there are indications Russia engaged in destructive cyberattacks against Ukraine. One of the most egregious strikes occurred in the winter of 2015 against the country’s power grid. Years before the invasion of Ukraine, Russia used hacks to shut down the computer infrastructure of TV channels in the country, according to an expert involved in the investigation of one of the episodes. Russia carried it out in a “multi-stage secret infection of information networks,” says Vsevolod Nekrasov of Epravda.
Russia often employs these weapons against Ukraine in its current war effort against the civilian infrastructure. Using malware capable of permanently erasing data, Russia is seen as the likely sponsor of last December’s attack on Kyivstar, Ukraine’s largest telecommunications company. It resulted in extensive interruptions in telephone and Internet services that disabled the country for weeks. Kyivstar called it “catastrophic” at the time. In April, a response by a Ukrainian security services linked group called “Ukrainian Blackjack,” responded in kind by targeting a Russian data center utilized by several Large Russian companies and defense-related conglomerates. NV.ua reports that the group destroyed 300 terabytes (TB) of data. A DVD-R holds 4.7 GB. One would need 63,830 DVD’s to hold 300 TB of data!
Ukraine has also targeted public figures in Russia linked to the war including high-ranking Duma members and policymakers focusing on the Middle East and Central Asia. Two of those, Alexander Babakov and Semyon Bagdasarov were close confidants of Putin. Their emails exposed sensitive detailed plans on how Russia planned to work with Iran to avoid sanctions.
Simultaneously with the increase in cyberattacks, is a corresponding rise in cybercrime aimed at the Russian citizenry. Many of these incidents were in the form of fraud calls tricking Russians into transferring money out of the country or revealing personal information, according to RIA Novosti. “The scale of Ukrainian cybercrime has provided Moscow with additional justification to bolster its internal communications surveillance systems, under the auspices of detecting fraudulent phone calls,” says Rodeheffer. Radio Svoboda is reporting that it is also being used as an excuse to rush the integration of the occupied regions of Ukraine into Russia’s telecommunications systems and SORM, the communications surveillance system.
What is most problematic is that the criminal elements involved may make it difficult to dismantle this “underground” after the war ends, says Rodeheffer. What is tolerated during a war, including the need for questionable characters with technical expertise, may lead to a new type of 21-century warfare that extends beyond the current geography of the Russia-Ukraine conflict. It could end up as a battle for the survival of both Western military and civilian infrastructures.