As Russian tanks rolled into Ukraine on February 24th it appeared to be the beginning of the conflict. But a war waged by cyber weapons has been raging between the two countries for some time. Many believe the outcome of this war will be decided in the digital arena, not on the battlefield.
Disabling the internet is a tactic heavily favoured by military leaders hoping to sow confusion and so, soon after explosions were heard on the morning of February 24th, internet connectivity dropped in Kharkiv, Ukraine’s second largest city, with Kyiv, Luhansk and Mariupol experiencing similar outages.
Ukrainian government, foreign ministry and state service websites also went down late Wednesday after a DDoS (Distributed Denial of Service) attack overwhelmed them with bot traffic. A ‘wiper’ attack (where a data wiping programme is maliciously installed on computers) was also reported by Ukrainian officials on hundreds of machines in the country. An attack they said, because of its scale, had almost certainly been planned over the past couple of months.
These cyberattacks are similar to a pattern of Russian behaviour seen before and identified by both the US and UK governments over the past few years.
In their Digital Defence Report published in October 2021, Microsoft attributed 58% of all known nation state cyber attacks to Russia over the previous year, with the top three countries targeted being the US, UK and Ukraine.
Ukraine has been ground zero for Russia’s cyber weapons
The US government say that over the past decade Russia has been using cyberattacks and disinformation as a major part of its military activity beyond its borders to destabilise and coerce Ukraine.
In 2016 suspected Russian malware disrupted Ukraine’s electricity grid and cut power to a fifth of Kyiv in the middle of a bitter winter. Two years later Ukraine said it had halted a suspected Russian attempt to disrupt a chlorine plant.
The UK Government also attributed responsibility for both the destructive NotPetya attack in Ukraine 2017, which irreversibly encrypted data on computers and caused $10bn of damage around the world, and the cyber attacks against Georgia to the Russian government.
Disinformation plays a huge part in modern warfare
But a cyberwar isn’t merely comprised of attacks to internet infrastructure and websites. The US government recently revealed insights into how the Kremlin has employed a range of overt and covert media sites to advance propaganda and disinformation in this war, with both Washington and Kyiv having highlighted the issue of Russian influence in Ukrainian media for months now.
In April 2021, Miburo an organisation formed by Clint Watts, a former FBI agent who studies disinformation efforts online, first published an overview of the Russian propaganda and disinformation ecosystem – media networks, outlets, and websites that they claim spread Russian propaganda or disinformation. In an updated 2022 chart, they added elements to reflect several components of Russia’s ‘sustained propaganda and disinformation campaigns’.
Misinformation is unwittingly spread
Bystanders can unintentionally play a part in this, and any, cyberwar too. Old or false images and videos, or those that are real images but falsely labelled, typically go viral during conflicts (as did mis-labelled footage during the pandemic). False videos and images alleging to show Russian attacks on Ukrainian towns and cities were circulating online within hours of the Russian invasion, reinforcing the importance of social media users verifying or checking the source of any footage online before sharing.
Misinformation, by its nature, is often spread by well-intentioned social media users trying to support a cause or conflict, but that doesn’t lessen the impact which can have unintended consequences.
Anonymous ‘declares war’ on Russia
This cyberwar had an unexpected new participant, when hacking group Anonymous announced that it would support Ukraine in its fight against Russia. It has already claimed attacks on Russian state TV channels, hacked to broadcast Ukrainian songs, and says that it has successfully breached and leaked the database of the Russian Ministry of Defence website
However, due to the nature of Anonymous, it’s notoriously difficult to verify attacks, as anyone can claim to be a member of the community without disclosing their identity.
Ukraine’s digital resistance
Ukraine is playing Russia at its own game by using social media to fight back and mobilise against the invaders. A constant stream of real-time videos shared across TikTok, Facebook, Telegram, and Twitter has engaged attention and support across the world.
And the cyberwar is being fought directly by Ukraine’s President Zelenskyy who has been using his personal social media accounts to fight back against disinformation claiming he has fled the country, misleading accounts of atrocities being inflicted on his people, and rumours that his army are surrendering.
Zelenskyy‘s passionate speeches rallying his fellow countrymen to defend Ukraine, filmed in military-style fatigues from the streets of Kyiv, have gone viral.
Ukraine has also enlisted the help of Elon Musk to switch on his Starlink satellites over the country, so that Ukrainians will still be able to use the internet if Russia completely destroys the country’s telecommunications network as the war escalates.
Cyber weapons are not just used on the enemy
The use of cyber weapons by Russia has now allegedly been extended to its own people, with the UK Ministry of Defence reporting that access to a number of social media platforms has been recently been restricted in Russia in what they suggest is an attempt to control details of the situation in Ukraine inside Russia.
Digital daggers drawn could spill over into the West
Western officials are concerned about the possibility of spillover from the cyber-conflict in Ukraine, whether accidental or deliberate. The US Cybersecurity & Infrastructure Security Agency (CISA) issued a warning to American businesses, saying that the use of cyber weapons could escalate “in ways that may impact others outside of Ukraine” and saying organisations should be prepared to defend against cyber attacks originating from Russia.
British firms have received similar warnings, with the UK National Cyber Security Centre (NCSC) urging UK organisations to increase their cyber security resilience including;
- patching systems;
- improving access controls and enabling multi-factor authentication;
- implementing an effective incident response plan;
- checking that backups and restore mechanisms are working;
- ensuring that online defences are working as expected, and;
- keeping up to date with the latest threat and mitigation information.
It’s early days yet in a conflict which has the potential to rage on for many weeks or months, but while many are focused on the devastating impact of a possible nuclear escalation, the impact of a cyberwar that could destabilise global banking, health and transport networks might have been under-estimated.
Damaging cyber attacks may be what ultimately decides the outcome of this war. Or, it may be that strategic use of social media is what wins it for Ukraine, rallying the world to their side. It certainly is a war like none that has gone before, reflecting the many different fronts that now need to be fought on in the 21st century.
My latest book My Brain Has Too Many Tabs Open is all about the unintended ways in which technology is changing our behaviour – and what we can do about it.