Ukraine-Russia: The First Shots Have Already Been Fired – in Cyberspace

“Wait for the Worst”
There has reportedly been a marked increase in disinformation being pushed through Ukrainian social media platforms in the past few weeks. On January 13, Microsoft’s Threat Intelligence Center noted that malware had been placed on vulnerable Ukrainian computers.

It was a program designed to look like ransomware – an attack that effectively holds information captive until a “ransom” is paid. When triggered, the program simply deletes the information instead, causing disruption to organizations in deleting customer, payment or appointment records, for example.

A day later a concerted attack on Ukrainian government and media sites saw their front pages replaced for several hours with the ominous message of “Be afraid and wait for the worst”. Highly emotive propaganda and disinformation is aimed at weakening public morale, making invasion and occupation simpler to achieve.

Russia has a strong track record of intrusions into its neighbors’ cyberspace. In 2007 Russian hackers overwhelmed many Estonian institutions, including banks, media outlets, the parliament, and various public services. It was a distributed denial of service attack, which makes use of a global network of compromised computers to simultaneously place large demands on the target servers, forcing them offline.

The Russian military physically disabled communications technology in Georgia prior to their invasion in 2008. It was, wrote Brian Whitmore, a senior fellow of the Atlantic Council: “a Beta test for future aggression against Russia’s neighbors and a dry run for the tactics and strategies that would later be deployed in the 2014 invasion of Ukraine … When Russian forces attacked Georgia on the night of August 7-8, 2008, it was preceded by a cyberattack, a disinformation campaign, and an all-out effort to meddle in that country’s domestic politics. These are all tactics that are now very familiar to the United States and its allies.”

On December 23 2015, Russian hackers – having located a vulnerability – managed to enter the control panel of a Ukrainian power station, disconnecting 223,000 Ukrainians from their heating for six hours in the depths of winter.

Global Threat
A similar deprivation of electronic communications in Ukraine through physically or electronically attacking them would have a much larger impact today. Ukraine is a modern society that makes extensive use of modern electronic communications and banking systems. We can judge the possible impact of switching these facilities off, by simply thinking through how it would affect us if it were done here.

The stark reality is that Russia is a highly capable cyberpower. Russia uses cyberattacks strategically. It chooses opportune moments and targets to meet its strategic objectives in this case to undermine Ukrainian morale and the willingness of the public to follow government instructions. Ukraine has long experience of Russia’s non-military tactics. It is, in many respects, better prepared than NATO powers to withstand this type of warfare.

But while Ukraine is psychologically better prepared than the west, it will not be able to prevent Russia from shutting down vital infrastructure and communication services. Cyberattacks on businesses and hospitals create a potential spiral of economic disruption in Ukraine that will require direct financial support.

The west should worry about how Ukraine will fight a defensive conflict without this infrastructure and networks. And western governments need to worry about their lack of preparedness if Russia uses its cyber capabilities more broadly. Our societies are far less well prepared.

Robert M. Dover is Professor of Criminology, University of Hull. This article is published courtesy of The Conversation.