Cyber warfare, often the thematic backdrop of serial programs involving national security, has now become a reality in the conflict between Russia and Ukraine.
One program in particular, the successful French spy series Le Bureau des Légendes from 2020, is peculiarly apropos. It featured cyberattacks involving hackers duly recruited and selected by the Russian secret service. In the course of the dialogues, the heroes of the series laugh at the amateurishness of the Ukrainians in computer matters. Today, this is no longer fiction, but the reality of war.
Indeed, even before the military attack materialised on the ground, the Russian offensive against its Ukrainian neighbour was observed in computer attacks against the country’s information system. As of Wednesday, February 23rd, the websites of several Ukrainian banks and ministries, including the website of the Ministry of Foreign Affairs, became inaccessible.
French cybersecurity expert Gérôme Billois lists two types of attack. The first, of medium intensity, are so-called “Distributed Denial of Service” (DDoS) attacks. They consist in saturating websites with requests so that they are no longer accessible. The targets are often government or media sites. These attacks are annoying and worry users, but they are not inherently dangerous. As soon as the requests for the targeted site stop, it is usually accessible again within a few minutes.
The second type of attack is much more problematic. These are destructive attacks, called wipers, which delete—wipe—the contents of the targeted computers before blocking them. These machines then have to be reinstalled before they can be used again. It can take two to three weeks for affected organisations to recover lost data.
Ukraine was targeted by an attack of this type in 2017: the computers of Ukrainian government departments were contaminated in June 2017 by a virus called Petrwrap. According to the New York Times, Russian hackers were at work, compromising accounting software widely used in Ukraine. At the time, the country was considered a “playground” and Russian security IT services used Ukraine to test its capabilities. Their intention was to destabilise Ukraine, to highlight its fragility enough to dissuade foreign investors from investing there.
The Russian ballistic attacks of February 23rd has forced the question whether Russia will follow up with its IT arsenal in the coming weeks. The energy sector is an ideal target for such an attack. Russian cyber attacks successfully cut power to the region surrounding the Ivano-Frankivsk power plant in 2015. It is likely that they will try IT sabotage again. “The Russians are perfectly capable of attacking energy infrastructure by targeting the real-time monitoring and data acquisition systems that allow these distribution networks to be managed remotely. They are all the more fragile because they often rely on old equipment that was not originally intended to be connected to the internet,” explains cyber-security consultant and former hacker Olivier Laurelli to BFM TV.
Today, Ukraine has been hit by missiles, but cyberattacks have also been observed in Latvia and Slovakia, due to the interconnection of certain parts of the computer systems of these countries with Ukraine. They are not directly targeted, but are sort of collateral victims of Russian attacks. The Ukrainians may be the first to be targeted, but their Western allies can reasonably fear that fallout will affect them.
Responding to this type of attack requires a combination of anticipation and intelligence in order to react with extreme speed without disabling entire computer systems. The U.S. government is taking the threat very seriously. Although the Americans have not yet planned to send troops to help the Ukrainians, the American intelligence services are considering a computerised response. Joe Biden has been offered several options for cyberattacks on Russia. According to NBC News, these cyberattacks could cut off electricity in Russia, disrupt the country’s internet connections, or obstruct railway-switching systems to prevent the supply of troops. All of this remains unofficial and would be done without the explicit approval of the American authorities: the American National Security Council was quick to deny this information to NBC News.
Entering into a cyberwar is obviously a decision fraught with consequences; the Russians’ capacity for retaliation in this area should not be underestimated. In addition to attack strategies, Russia has been experimenting for several years in ways to strengthen its network infrastructure to gain autonomy. In November 2019, a law in favour of a “sovereign internet” came into force in the country, with the aim of ensuring internet function even if foreign powers blocked access in Russia. The plan, designed for emergency use, was to give the Federal Communications Supervisory Service (Roskomnadzor) the ability to centralise all national internet traffic. Tests in this regard were conducted in the summer of 2021, according to the Russian media outlet RBC.
Russia and China appear today as the two countries best prepared for a large-scale computer war. But the exact extent of their mastery of cyber combat remains difficult to assess, as these are secret and immaterial processes.