The Ukraine-Russia crisis is playing out in cyberwarfare, says Jeffrey Carr
Hackers have been causing service interruptions and breaching databases, he says
Carr says the attacks have similarities to the resistance movement in WWII Europe
He says the most powerful nations cannot reliably defend their infrastructure from attacks
Editor’s Note: Jeffrey Carr is the author of “Inside Cyber Warfare: Mapping the Cyber Underworld” and the founder of Suits and Spooks, an international security conference. He regularly speaks at conferences and seminars and consults on security matters for multinational corporations. He has addressed the U.S. Army War College, Air Force Institute of Technology, Chief of Naval Operations Strategic Study Group, the Defense Intelligence Agency, the CIA’s Open Source Center. The views expressed in this commentary are solely his.
Hackers have been busy causing service interruptions, breaching databases, and defacing hundreds of Ukrainian and Russian websites, as the crisis between the two countries plays out in cyberwarfare.
The attacks have similarities to the resistance movement that sprung up among German-occupied countries during World War II, which took many forms including sabotage, espionage, armed confrontation and counter-propaganda.
In addition to that list, today we can add digital or web-based actions including Distributed Denial of Service (DDoS) attacks, which shut down key websites, the defacement of government websites, and breaching government or key industry networks to access sensitive documents and release them to the world.
Services like Twitter and Instagram may be used to capture events in real-time, and YouTube may be used for recruitment, training and propaganda purposes.
The global networks that enable the incredible global communication and information-sharing applications we have all come to enjoy, all use insecure hardware and software. Just like there’s no human cell that is immune to every virus, there’s no piece of software that is immune from being exploited.
As a result, the most powerful nations in the world today cannot reliably defend their own information and communications infrastructure from targeted attacks, by even a single hacker.
To make matters worse, many of today’s best hackers aren’t employed by their respective governments.
While the resistance movement of World War II had fewer skills to bring to combat than members of the armed forces, today we see a “super-resistance” composed of elite hackers, for whom cracking a secure network is certainly equal to and in some cases superior to that of a militarized cyberwarfare unit.
Shortly after police cracked down on “Euromaidan” street protesters, who were calling for closer integration with the EU, in Kiev in November last year, Ukrainian security engineers began discussing the necessity of forming an all-volunteer cyberdefense force. By March 1, 2014, cyberattacks on both sides kicked into high gear.
OpRussia, a hacker group formed under the Anonymous umbrella, posted a warning to Russian President Putin that his aggression against Ukraine would not stand on March 1, 2014.
Since then, members of OpRussia have been attacking Russian business and government websites on a daily basis, including the website for the Russian Air Force, the website of the Kamchatka region, Russia’s narcotics control service, and even a Russian escort service.
Russian CyberCommand is another group of hackers, some of whom are Russian, who oppose Putin’s annexation of Crimea and have been relentless in their attacks against Russian businesses and agencies such as Rosoboronexport – Russia’s sole agency authorized to sell defense and dual-use products and technologies to foreign entities – and SearchInform.ru – a Russian IT security company that provides services to Gazprom, Skolkovo, and other important organizations.
Like OpRussia, Russian CyberCommand considers itself part of Anonymous.
While the name Anonymous is frequently associated with cyberoperations that support revolutionary movements, that wasn’t the case with these next two groups: Anonymous Ukraine and CyberBerkut, both of whom are Pro-Russia groups.
Anonymous Ukraine attacked NATO websites on November 7 when Ukraine was considering establishing closer ties with the EU as well as NATO membership.
On March 15, CyberBerkut attacked NATO websites again, however those attacks were a small percentage of CyberBerkut’s onslaught against several hundred Ukrainian government and commercial websites from March 3 up until the present.
The group’s logo and name come directly from Ukraine’s old special police unit “Berkut” and there are rumors that the group is composed of either Ukrainian or Russian former security services personnel.
As of March 18, Ukrainian Prime Minister Arseniy Yatsenyuk said that Ukraine would not be seeking NATO membership, a move designed to placate Russia as well as Ukraine’s large Russian-speaking population.
Yatsenyuk also announced a willingness to maintain political ties with the EU but will delay signing any economic agreements for the time being.
’Russian Cyber Playbook’
Some Western pundits have drawn similarities between the current cyberattacks and those that happened during previous conflicts.
Most of the Georgian government’s communications systems were shut down by Russian hackers during the conflict there in 2008. But in fact there’s very little similarity, and no actual evidence linking the Russian government to the current wave of cyberattacks against Ukrainian websites.
This is not a page out of the “Russian Cyber Playbook” for several reasons:
Firstly, the Nashi, a government-financed Russian youth organization that was responsible for the attacks against Estonia in 2007 and Georgia in 2008 is no more.
And secondly, in 2008, Russian hacker forums were actively recruiting volunteers for attacks against Georgia. Not so today. In fact, many Russian hackers are angry with Putin and are supporting an independent Ukraine.
Time has not stood still since August 2008. In 2010, Russia published a new military doctrine which acknowledged the “intensification of the role of information warfare” and assigned as a task to “develop forces and resources for information warfare.”
Russia and most other nations have been investing hundreds of millions of dollars to improve their capabilities to conduct electronic warfare, information warfare, and cyber warfare via increasingly sophisticated means; and by that I mean techniques that include compromising a nation’s electrical grid or GPS navigation system from the canopy of a combat helicopter.
Russia, in particular, has spent the last few years developing dual-use technologies that will never be seen or defended against by its target – for example, malware research that could be used to both defend against malware in peace time and use malware offensively as part of a military operation.
But there will always be highly-skilled civilians who can quickly organize online, distribute easy-to-use denial of service tools, and cause mayhem and embarrassment to the enemy, whoever he may be.
The views expressed in this commentary are solely those of Jeffrey Carr.