For the past week, reports of physical violence have been rolling out of Ukraine: Russian troops storming a base in Crimea, officers beating journalists, and violent brawls at rallies. But as tensions escalate, another part of the conflict appears to be playing out in a cloudier realm: cyberspace.
On Saturday, Ukraine’s top security agency—the National Security and Defense Council of Ukraine—announced at a briefing that it had been hit by severe denial-of-service (DDoS) attacks, “apparently aimed at hindering a response to the challenges faced by our state.” This comes on the heels of a number of alleged hacks involving Russian and Ukrainian targets, including attacks on news outlets and blocking reception to the cellphones of Ukrainian parliament members.
Security experts say the region is currently seeing an unusually high number of DDoS attacks, which aim to shut down networks, usually by overwhelming them with traffic. But many of those seem to be coming from third parties, rather than government entities. In terms of state-sponsored cyberwarfare, “we haven’t seen that much,” says Dmitri Alperovitch, CTO of CrowdStrike, a California-based cybersecurity firm. Alperovitch adds, though, that his firm has seen a significant amount of cyber-espionage on the part of the Russian intelligence services—including tracking the activities of Putin opponents in both Russia and Ukraine—but he would not disclose names of those being monitored.
Ukraine is situated in a region of the world known for breeding some of the most talented cyber criminals. Several Russian universities offer top-notch hacking training, and a Ukrainian hacker is suspected in December’s theft of 40 million credit card numbers from Target. But Ukraine and Russia aren’t on equal footing when it comes to their cyberwarfare capabilities. “Russia is a Tier 1 cyber power,” says Alperovitch. “Ukraine isn’t even in Tier 3.” So Russia has a leg up in this arena—and, during past conflicts with former Soviet bloc countries, it has flexed its cyberwarfare muscles. In April 2007, hackers unleashed a wave of cyberattacks on Estonian government agencies, banks, businesses, newspapers, and political parties, following a spat over the removal of a Soviet war memorial in Tallin, the country’s capital. (The Kremlin took only partial credit for the crippling three-week attack.) Georgia was targeted with similar attacks in 2008 in the days leading up to its invasion of the secessionist republic of South Ossetia. (Russian involvement was widely suspected.)
Ukraine has yet be targeted with these type of widespread cyberassaults on key infrastructure—but it may not be long. “I anticipate continued escalation,” says Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative and the former White House director of cyber infrastructure protection during the Bush administration. So far, the cyberskirmish is playing out differently than past attacks, Healey says. While the Estonia and Georgia attacks were strictly digital, in Ukraine’s case, pro-Moscow forces have also deployed more hands-on attacks on information: “This old-school, Cold War style physical manipulation of equipment. Getting in and physically messing with the switches so Ukrainian civic leaders don’t have phone service,” Healey says. In Ukraine, these sorts of attacks ?are likely to be a bigger threat, because much of the telecommunications infrastructure was installed by Russians during the Soviet era. “Cyberattacks the way we tend to look at them—denial-of-service attacks, and so forth—you don’t have to do those when you’ve got physical access to the guy’s switch!” says Healey.
Here’s a run-down of what has transpired so far:
Media and government:
- According to the National Security and Defense Council of Ukraine, state-run news agency Ukrinform suffered DDoS attacks in recent weeks.
- Ukrainian newswire UNIAN said that it fought off a massive DDoS attack on March 3.
- Glavnoe and Gordon, two other Ukrainian web publications, both said they’d been attacked by hackers.
- Last week, the Russia Today website was hacked, with each mention of the word “Russia” replaced by “Nazi,” leading to headlines like, “Russian senators vote to use stabilizing Nazi forces on Ukrainian territory.”
- The site of Rossiskaya Gazeta, a Russian paper, was hacked last Friday. The paper attributed the hit to a Ukrainian hacker group called “Kibersotnya” (?i????????). The editor in chief called the hack “a little digital rock thrown from the Maidan.” On its Facebook page, Kibersotnya denied responsibility for the attack.
- Anonymous Ukraine posted a video online in late February promising to target Russian sites because of the Ukraine conflict. The group later claimed it hacked Russian government and military websites, including that of Russia’s narcotics control agency and the general directorate of special programs for the president.
- On March 3, Roskomnadzor, Russia’s telecommunications watchdog, ordered VKontakte (Russia’s Facebook spinoff) to block access to the online communities of 13 Ukrainian nationalist organizations, alleging that they were encouraging terrorist activity. VKontakte complied.
- In late February, Voice of Russia published emails allegedly written by Vitali Klitschko, leader of the Ukranian opposition party, that were sent to an adviser to Lithuania’s president. In one, Klitchko thanked the Lithuanian president for funding Ukraine’s protests. Anonymous Ukraine took credit for the email leak, saying that “the e-mails released by Anonymous prove that Vitaly Klichko is a puppet of the West and is being financed through intermediaries in Lithuania.” (Strangely, the amorphous hacker collective has targeted both sides in the conflict, acknowledging that its members are in disagreement about which side to back.)
- Russian state television channels publicized a phone call leaked on YouTube between European Union Foreign Policy Chief Catherine Ashton and Estonian Foreign Minister Urmas Paet. In the hacked call, Paet suggests that snipers who killed dozens of Kiev protesters may have been working for the opposition, not deposed Ukrainian president Viktor Yanukovych.
- The head of Ukraine’s security service announced last week that Ukrainian phone carrier Ukrtelecom had been targeted. He said that equipment had been installed in front of the Ukrtelecom offices in Crimea that blocked the cellphones of Ukrainian parliament members and other deputies.
- Earlier, Ukrtelecom had said that armed men had forced themselves into the company’s Crimea facilities and tampered with cables, causing outages in the region. For a time, almost all internet and phone access in Crimea was cut off.