A license to hack: Russia in Ukraine
In cybersecurity it is no longer asked if your system gets breached, it is asked when. No system is safe in the 21st century. Since recently, hackers have changed. They are not just computer whizkids in their college dorm trying to hack themselves into a secure system just for ego and fun. Their motivation has changed as state powers saw the opportunity to disrupt other actors: it has become a way of sabotage with minimal risk and cost. Attacks on digital systems can have fatal repercussions in the real world. Since everything, notably public infrastructure, is connected to the internet, the possibility for severe disruption is only several lines of code away.
There are many different types of cyber attacks, all with different goals. Malware can for example be placed on a targeted computer and steal data, possibly without ever being detected, or take virtual control of the computer and modify things on the computer and its connected databases. Ransomware also plays an important role as it allows the criminals to extort something valuable from their victims. Another major type of attacks are the so-called “distributed denial of service” (DDoS) attacks: thousands and hundreds of thousands of fake users try to do the same thing at the same time, for example requesting a form from a certain website. Under this increased traffic, servers can break down rendering their service unavailable to other users.
In the realm of global cyber terrorist attacks, some hackers have found themselves with surprisingly powerful allies: sovereign states. Some Governments realised that cyber warfare was an important tool and that they can use to their advantage. They decided to enrol individuals, and groups, that possessed the necessary skill into their service,to disrupt their opponents. It started to seep into the public consiousnessaround 2010 with Stuxnet, a malware used by the US and Israel to sabotage Iran's Nuclear Program. This publically kicked off a boom in State sponsored cyber attacks, since then rising to new heights. And in this game of digital sabotage, one country stands out above all: Russia.
Russia, through its secret service GRU, has long been waging a war against the world through cyberspace and regularly uses hackers to sabotage other countries. Small groups such as Fancy Bear have been known to attack their targets, mostly government and military services, with financial help from the GRU. Notable victims are NATO, the White House and the OSCE. Perhaps most famously they were behind the email hack against Hillary Clinton supposed to influence the 2016 US Presidential Elections.
One recurring target of Russian hackers has been Ukraine. It is no news that tensions between Russia and Ukraine have been on the rise since the fall of the Soviet Union. Inevitably, those tensions spilled over into cyberspace. Ukraine, as the training ground for Russian hackers, has been plagued with several attacks of varying intensity since 2013. The first major attack was a DDoS assault on the 2014 election commission to try to corrupt the results and nominate a far right candidate. The scheme got caught in time by Ukrainian officials and Petro Poroschenko was lawfully elected President.
The next prominent cyber attack, in December of 2015, was much more severe and showed what damage cyber warfare can achieve: an attack on the companies responsible for the electrical grid of Kyiv and other cities. As the first cyber attack in history where physical infrastructure was attacked, it was a decisive moment and showed that the threat is real and that people can actually achieve this. Especially with a vital element such as the electrical power grid, it can quickly snowball into a real crisis and matters of life and death. A similar cyber attack was executed in December of 2016, again paralysing the electrical grid for hundreds of thousands of civilians in the Ukrainian capital. The attackers planned to overload circuits which could have caused dangerous physical damage in the affected power plant. In this series of attacks, several agencies of the Ukrainian government were also hit, leading to the deletion of terabytes of data and even managed to destroy the national budget of that year.
Both these attacks have now been attributed to a hacker group that allegedly was linked to the GRU called Sandworm. A group of merely six people, that now have been convicted, was thought to be behind the attacks, which shows how easy and cost-effective this type of warfare is. This type of action is difficult to track: besides missing all the regulations of government agencies, hackers also dissimulate their tracks. It is easy to stay anonymous on the internet. And since government agents hire those people to act as separate agents, it is difficult to hold the former accountable. Sandworm struck again in Ukraine multiple times in 2017, but also tried to intervene in that year's French Election. While unsuccessful on that front, they landed another harsh strike with the NotPetya malware.
NotPetya saw its hour of glory in 2017, with a widespread attack on France, Germany, Italy, Poland, the United Kingdom, and the United States but also, and most importantly, on Ukraine and Russia. The Cybersecurity firm ESET reported that 80% of the virus’ activity was concentrated in Ukraine. This series of attacks took place on the 27th of June, only a day before the national holiday of Constitution Day, which prompted suspicions of it being politically motivated by Russia. The virus appeared on computers in vastly different sectors from the military to hospitals, encrypting data on the hard drive and demanding ransom. But the ransom was only a pretext and the virus deleted all the data on the infected computers. Given that it spread all over Europe (and the US), it was bound to at some point reach a computer with critical responsibilities: it did so for the computer systems of Maersk, one of the world's leading shipping firms, which led to a complete breakdown of their logistics and mass confusion in the shipping sector. Another target was pharmaceutical giant Merck whose manufacturing was disrupted. Billions of dollars were lost and hospitals in Ukraine found themselves with no power to care for their patients.
Since then, no Russian cyber attacks as severe as NotPetya have surfaced. Sandworm continues to be active but shifted to other targets such as the 2018 Winter Olympic Games in Pyeongchang. Yet tension between Ukraine and Russia continued on and escalated on the 24th of February 2022 with the armed invasion of Ukraine by Russian troops. Days before the invasion, several Ukrainian government websites had been targeted, notably the one of the ministry of foreign affairs.
With the brutal, armed invasion overshadowing all other aspects of this war, cyber attacks have been more or less forgotten on Ukrainian soil: the focus is now on trying to stop this massacre and helping the people on the ground. Yet all those attacks have left a fear of a full-blown cyber war Cyber warfare is one of the biggest threats in 21st century conflicts because of the impact it can have on the civilian population. The power grid in a major city being shut down means hospitals are unable to care for patients. It means communication and emergency lines are interrupted. Especially in regions already in a state of emergency, such as Ukraine currently, a collapse of the IT infrastructure makes them descend even further into chaos and cost human lives.