Home National housing A gratuitous but not crippling cyberattack in the war in Ukraine

A gratuitous but not crippling cyberattack in the war in Ukraine


RICHMOND, Virginia. —
Russia has some of the best hackers in the world, but at the start of the war in Ukraine, its ability to wreak havoc through malware didn’t have much of a noticeable impact.

Instead, it was Ukraine that rounded up sympathetic volunteer hackers in an unprecedented global collective effort to make the Kremlin pay for waging war on its neighbor. It’s a kind of cyber-free-for-all that experts say is likely to escalate a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on high alert.

So far, Ukraine’s internet is mostly working, its president is still able to rally global support via a smartphone, and its power plants and other critical infrastructure are still able to function. The kind of devastating cyberattacks thought likely to accompany a full-scale Russian military invasion did not occur.

“It didn’t play as big of a role as some people thought and it certainly wasn’t seen outside of Ukraine to the extent that people feared,” said Michael Daniel, former coordinator of the cybersecurity at the White House. “Of course, that could still change.”

It’s unclear why Russia didn’t land a stronger cyber punch. Russia might have determined that the impact wouldn’t be severe enough – Ukraine’s industrial base is far less digitized than in Western countries, to begin with. Or Russia could have determined that it could not cause serious damage to Ukraine without risking a collateral impact outside its borders.

Many cybersecurity experts believe the Kremlin, at least for now, prefers to keep Ukraine’s communications open for intelligence value.

Whatever the reasons, the early days of the conflict were marked by low-level cyberattacks that appear to be carried out by both freelancers and state actors.

Prior to the invasion, hackers took Ukrainian government websites offline or defaced. Now an ad hoc army of hackers – some of them rounded up online by Ukraine’s SBU security service – are claiming credit for takedowns and defacements of Russian government and media sites.

A group of volunteers calling themselves the IT Army of Ukraine has more than 230,000 subscribers on a Telegram channel and constantly lists targets for hackers to hit, such as Russian banks and cryptocurrency exchanges.

On Monday, the Ukrainian SBU formalized its recruitment of allied volunteer hackers.

“CYBER FRONT IS NOW OPEN! Help Ukrainian cyber experts hack the occupiers’ platforms! he said on his Telegram channel, asking for advice on Russian cyber defense vulnerabilities, including software bugs and login credentials.

“This is the first time states have openly called on citizens and volunteers to cyberattack another state,” said Gabriella Coleman, a Harvard anthropology professor who has mapped the rise of hacktivism.

This decision reflects Ukraine’s dependence on its citizens for other areas of defence.

“It should come as no surprise that Ukraine is drawing on all possible resources to fight the Russians, a much more powerful enemy. Just as civilians come out to fight in the streets, it doesn’t surprise me that they try to call out civilians to support this through the digital space,” said Gary Corn, a retired Army colonel. who served as general counsel in the United States. Cybercommand.

A hacker group that first emerged last year, the Belarusian Cyber ​​Partisans, claimed on Monday it had disrupted some train services in Belarus, Ukraine’s northern neighbor from which several Russian military strands are based. attacked. The group attempted to thwart the movement of Russian troops and equipment through Belarus.

Sergey Voitekhovich, a former Belarusian railroad worker who runs a rail-related Telegram group, told The Associated Press that cyberpartisan digital sabotage on Sunday brought rail traffic to a standstill in Belarus for 90 minutes. He said e-ticket sales were still not working on Monday evening.

The Cyber ​​Partisans hack was aimed at disrupting Russian troop movements in Belarus and was the second such action in just over a month. Voitekhovich said the current attack has delayed two Russian military trains bound for Belarus from the Russian city of Smolensk. His story could not be independently verified. Voitekhovich spoke with AP Poland. He said police pressure forced him to leave Belarus.

Pro-Russian ransomware criminals the Conti Gang recently pledged on the group’s dark website to “use all our possible resources to retaliate against an enemy’s critical infrastructure” should Russia come under attack. Shortly after, sensitive chat logs that appear to belong to the gang were leaked online.

While proponents on both sides promise more serious cyberattacks, experts say there are real risks the situation could spiral out of control.

“De-escalation and peace will be hard enough on their own without worrying about outsourced hacking,” said Jay Healey, a cyberconflict expert at Columbia University who has long opposed letting the private sector “hack” against Russia or another state. -sustained cyber aggressiveness.

To complicate matters: potential “false flag” operations in which hackers impersonate someone else when launching an attack, a specialty of cyberconflicts. Attribution in cyberattacks is almost always difficult and could be even more so in the fog of war.

There have already been fallouts in some cyberattacks. Several hours before Russia’s invasion, destructive cyberattacks hit Ukraine’s digital infrastructure, damaging hundreds of computers with “wiper” malware – including a financial institution and organizations with offices in Latvia and neighboring Lithuania, cybersecurity researchers said.

Microsoft President Brad Smith said in a statement Monday that such attacks on civilian targets “raise serious concerns under the Geneva Convention.”

Smith noted that the cyberattacks – like a series of similar attacks in mid-January – “have been precisely targeted, and we haven’t seen the use of indiscriminate malicious technology that has spread across the Ukrainian economy and beyond its borders in the 2017 NotPetya attack, “referring to a ‘windshield wiper’ that caused more than $10 billion in damage worldwide by infecting companies doing business in Ukraine with malware seeded via tax preparation software update.

The West blames Russia’s military intelligence agency GRU for the attack as well as some of the other most damaging cyberattacks on record, including a pair in 2015 and 2016 that briefly knocked out parts of Ukraine’s power grid.

So far, there has been nothing like this in this conflict. But officials say it could happen.

“I’ve been pleasantly surprised so far… that Russia hasn’t launched any other major cyberattacks against Ukraine,” Senate Intelligence Committee Chairman Mark Warner said during a briefing. an event on Monday. “Do I expect Russia to up its cyber game? Absoutely.”


Bajak reported from Boston. Associated Press writer Ben Fox contributed from Washington.

jQuery(document).ready( function(){ window.fbAsyncInit = function() { FB.init({ appId: ‘404047912964744’, // App ID channelUrl: ‘https://static.ctvnews.ca/bellmedia/common /channel.html’, // Channel File status: true, // check login status cookie: true, // enable cookies to allow the server to access the xfbml session: true // parse XFBML }); FB. Event.subscribe(“edge.create”, function(response) { Tracking.trackSocial(‘facebook_like_btn_click’); });

// START: Facebook clicks on the unlike button FB.Event.subscribe(“edge.remove”, function (response) { Tracking.trackSocial(‘facebook_unlike_btn_click’); }); };

var plusoneOmnitureTrack = function () { $(function () { Tracking.trackSocial(‘google_plus_one_btn’); }) } var facebookCallback = null; requires dependency(‘https://connect.facebook.net/en_US/all.js#xfbml=1&appId=404047912964744’, facebookCallback, ‘facebook-jssdk’); });

jQuery(document).ready( function(){ window.fbAsyncInit = function() { FB.init({ appId: '404047912964744', // App ID channelUrl: 'https://static.ctvnews.ca/bellmedia/common /channel.html', // Channel File status: true, // check login status cookie: true, // enable cookies to allow the server to access the xfbml session: true // parse XFBML }); FB. Event.subscribe("edge.create", function(response) { Tracking.trackSocial('facebook_like_btn_click'); });

// START: Facebook clicks on the unlike button FB.Event.subscribe("edge.remove", function (response) { Tracking.trackSocial('facebook_unlike_btn_click'); }); };

var plusoneOmnitureTrack = function () { $(function () { Tracking.trackSocial('google_plus_one_btn'); }) } var facebookCallback = null; requires dependency('https://connect.facebook.net/en_US/all.js#xfbml=1&appId=404047912964744', facebookCallback, 'facebook-jssdk'); });