Are Russia and Ukraine on the Verge of an All-Out Cyberwar?
For the past week, reports of physical violence have been rolling out of Ukraine: Russian troops storming a base in Crimea, officers beating journalists, and violent brawls at rallies. But as tensions escalate, another part of the conflict appears to be playing out in a cloudier realm: cyberspace.
On Saturday, Ukraine's top security agency—the National Security and Defense Council of Ukraine—announced at a briefing that it had been hit by severe denial-of-service (DDoS) attacks, "apparently aimed at hindering a response to the challenges faced by our state." This comes on the heels of a number of alleged hacks involving Russian and Ukrainian targets, including attacks on news outlets and blocking reception to the cellphones of Ukrainian parliament members.
Security experts say the region is currently seeing an unusually high number of DDoS attacks, which aim to shut down networks, usually by overwhelming them with traffic. But many of those seem to be coming from third parties, rather than government entities. In terms of state-sponsored cyberwarfare, "we haven't seen that much," says Dmitri Alperovitch, CTO of CrowdStrike, a California-based cybersecurity firm. Alperovitch adds, though, that his firm has seen a significant amount of cyber-espionage on the part of the Russian intelligence services—including tracking the activities of Putin opponents in both Russia and Ukraine—but he would not disclose names of those being monitored.
Ukraine is situated in a region of the world known for breeding some of the most talented cyber criminals. Several Russian universities offer top-notch hacking training, and a Ukrainian hacker is suspected in December's theft of 40 million credit card numbers from Target. But Ukraine and Russia aren't on equal footing when it comes to their cyberwarfare capabilities. "Russia is a Tier 1 cyber power," says Alperovitch. "Ukraine isn't even in Tier 3." So Russia has a leg up in this arena—and, during past conflicts with former Soviet bloc countries, it has flexed its cyberwarfare muscles. In April 2007, hackers unleashed a wave of cyberattacks on Estonian government agencies, banks, businesses, newspapers, and political parties, following a spat over the removal of a Soviet war memorial in Tallin, the country's capital. (The Kremlin took only partial credit for the crippling three-week attack.) Georgia was targeted with similar attacks in 2008 in the days leading up to its invasion of the secessionist republic of South Ossetia. (Russian involvement was widely suspected.)
Ukraine has yet be targeted with these type of widespread cyberassaults on key infrastructure—but it may not be long. "I anticipate continued escalation," says Jason Healey, director of the Atlantic Council's Cyber Statecraft Initiative and the former White House director of cyber infrastructure protection during the Bush administration. So far, the cyberskirmish is playing out differently than past attacks, Healey says. While the Estonia and Georgia attacks were strictly digital, in Ukraine's case, pro-Moscow forces have also deployed more hands-on attacks on information: "This old-school, Cold War style physical manipulation of equipment. Getting in and physically messing with the switches so Ukrainian civic leaders don't have phone service," Healey says. In Ukraine, these sorts of attacks are likely to be a bigger threat, because much of the telecommunications infrastructure was installed by Russians during the Soviet era. "Cyberattacks the way we tend to look at them—denial-of-service attacks, and so forth—you don't have to do those when you've got physical access to the guy's switch!" says Healey.
Here's a run-down of what has transpired so far: