Cybersecurity and the Ukraine Crisis: The New Face of Conflict in the Information Age

Since the beginning of the Russian military intervention in the Crimea and Donbass regions of Ukraine in early 2014, public attention has been focused on the military struggle between Ukrainian government forces and Russian backed separatist forces. The Ukraine crisis has also been notable in the cybersecurity community for the flurry of action in the internet and communications spheres. Throughout the conflict, Kremlin backed militia forces and both pro-Russia and pro-Ukraine non-state actors known as “hacktivists” have engaged in a variety of cyber-warfare attacks, providing a glimpse at some of the new characteristics of war in the computer age.

The most prominent example of this kind of attack came during the Russian-backed takeover of Crimea. Pro-Moscow militia groups sabotaged the networks of the Ukrainian telephone company Ukrtelecom to disable the phones of government officials in Kiev, hampering their ability to respond to the chaos in Crimea. Kremlin backed militia forces cut phone and internet cables throughout the peninsula. Russian troops in the region were seen deploying GPS and radar jammers. Using these electronic warfare techniques, the Russians managed to effectively isolate Crimea and disrupt key Ukrainian communications infrastructure, making the military takeover of the area significantly easier.

ICE: Integrated Cyber and Electronic Warfare

Electronic warfare is not a new element in the Russian military playbook, and the attacks in Crimea have drawn comparisons with tactics used by Moscow during the 2008 invasion of the Georgian province of South Ossetia. During that conflict, Russian hackers launched a series of devastating Distributed-Denial-of-Service (DDoS) attacks, blocking key sections of Georgian internet traffic as well as defacing Georgian government sites with Russian propaganda. Similar to tactics later used in Crimea, this cyber-offensive compromised important telecommunications capabilities in Georgia and prevented the government from effectively communicating with its populace.

In addition to its electronic warfare operations in Crimea, many cybersecurity analysts suspect that the Kremlin has been behind a highly sophisticated virus dubbed “Snake” that has infiltrated a significant number of Ukrainian government computers since 2010. Analysts point to the Moscow time-zone stamps and the numerous Russian names in the code as evidence. According to the American IT company Symantec, Snake is known to have infected dozens of computers in the office of the Ukrainian prime minister as well as the networks of at least 10 Ukrainian embassies around the world. Snake essentially establishes a “digital beachhead” in affected computers, allowing its operators to steal sensitive information from within the infected network and disseminate other harmful forms of malware. Through Snake, Russia has gained a valuable position within the Ukrainian government servers, potentially giving them access to important intelligence and providing Moscow with an entry point to easily launch further cyberattacks on Ukrainian networks.

Secure Cloud - Data Security - Cyber Security

Cyberwarfare during the Ukraine crisis has not been limited to military and state forces; a proxy cyberwar between pro-Russian and pro-Ukrainian civilian hacker networks has also been raging since the beginning of the conflict. These “hacktivist” groups have launched many cyberattacks on both Russian and Western business, government and media websites, often looking to release sensitive classified information or to deface websites. For instance, the pro-Russian Ukrainian group known as Cyber Berkut claimed responsibility for a series of DDoS attacks on three NATO websites in March 2014, briefly shutting them down. Cyber Berkut, which some experts believe may be affiliated with Russian intelligence, stated that the attacks were conducted by “patriotic Ukrainians” in response to what they viewed as NATO interference in their country.

On the pro-Ukraine side, a viral social media movement known as OpRussia has called for civilian cyberattacks on Russian government and business networks. Such civilian hacking movements have resulted in several significant attacks on important Russian targets. One prominent example was an attack launched by OpRussia hackers on the state-owned news agency Russia Today, where hackers replaced the words “Russia” or “Russians” with “Nazi” or “Nazis.” Another notable case of civilian hacking against Moscow came when another anti-Russian hacktivist group called Russian Cyber Command leaked around 1000 secret documents from the state-owned Russian military export/import company Rosoboronexport.

The Ukraine crisis has been a valuable case study in the fields of electronic warfare and cybersecurity, providing important lessons about conflict in the information age. Russia’s initial cyberwarfare barrage during its covert invasion of Crimea, as well as its use of sophisticated viruses to infiltrate Ukrainian government computers are examples of the potential crippling effect of well-executed cyberattacks on communications and command infrastructure. As shown by the extent and efficacy of the Russian offensive, cyberspace appears to have become a critical arena of battle, as states aim to gain advantage by hampering their opponent’s ability to coordinate a response by taking out important internet and telecommunications apparatuses.

OSCE SMM monitoring the movement of heavy weaponry in eastern Ukraine (16544235410).jpg

The Russia-Ukraine crisis has also demonstrated the increasing power of civilian actors in cyberspace. The damage inflicted by hacktivist movements like Cyber Berkut and OpRussia upon the internet networks of governments by stealing classified information or sabotaging and disabling websites has given these non-state entities political significance. The reality of cybersecurity is that civilian hackers have the capability to threaten critical government and business networks with simply a laptop and a connection to the internet. This produces a security environment that empowers civilians against governments and corporations. As a result, cyberspace has become a battleground where civilian actors have attempted to take advantage of their newfound power while government forces have begun to secure the internet by adopting increased censorship and surveillance powers.

The Ukraine crisis has demonstrated the rising importance of cybersecurity in political conflict. As information technology continues to develop, and as nations become more and more dependent on their telecommunications infrastructure, cybersecurity will likely continue to become an increasingly important aspect of modern war.

Sandy Vingoe
Sandy Vingoe is a Junior Research Fellow at the NATO Association of Canada. Sandy is a second year undergraduate student at Johns Hopkins University in Baltimore, Maryland. As an International Studies major, his interests include East-Asian politics, military history and cyber security.