Ukraine Braces for Sharper Russian Cyber Attacks
Kyiv recruits "IT Army," receives satellite terminals. But worse is to come, says Senate intel committee chair.
Russia has not yet brought its cyber “A-game” to its invasion of Ukraine, but the chair of the Senate Intelligence Committee expects that to change—possibly triggering a wider conflict. Meanwhile, Ukraine is working with SpaceX to boost its internet resiliency and is calling for volunteers for an “IT army.”
“Do I expect Russia to up its game on cyber? Absolutely,” Mark Warner, D-Va., said Monday during a Washington Post event. “This is where [Russian leader Vladimir] Putin miscalculated. I think he felt like he could use his, in a sense, B-Team to try to take down some of the Ukrainian network.”
That was probably a strategic mistake, Warner said.
“One of the most remarkable things is that the internet is still up and these images that Ukrainians are taking of the Russian atrocious actions, you know, it's being released to the world,” he said, declining to comment on specific U.S. intelligence assessments on the issue.
So far, Russia's cyber assaults have mostly been limited to denial of service, or DDOS, attacks. On Feb. 18, the White House attributed a series of DDOS attacks on Ukrainian government websites to Russia, and similar attacks have followed since.
Part of the reason for Russia’s caution may be that, unlike a jet or a missile battery, some of the best cyber tools lose their effectiveness after their first use because they exploit previously unknown vulnerabilities that can be quickly patched.
Last week, former NSA director Michael Rogers warned against underestimating Russian cyber weapons. Expect “cyber activity designed to not just deny access but really ultimately destroy or degrade infrastructure," he said, "to take away Ukrainian military capability, to forestall the Ukrainian government and Ukrainian military’s ability to coordinate forces. In other words, to increase the probability of Russian success.”
Ukraine has taken steps to keep the lights on and networks flowing despite cyberattacks. Mykhailo Fedorov, Ukraine’s deputy prime minister of digital transformation, Saturday asked Elon Musk to allow Ukrainians to connect to the internet via Musk’s Starlink satellite network. Musk responded 10 hours later, “Starlink service is now active in Ukraine.” He also began shipping a number of the ground transceivers required to access the service. On Saturday morning, Fedorov reported success: "Ukraine people have access to the fastest satellite internet system ever created. Russia can not disable the Ukrainian internet access fully without cyber attacking foreign data centers.”
Fedorov has also put out an open call for IT volunteers. “We are creating an IT army. We need digital talents,” Fedorov said on Twitter, also on Saturday. “There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.”
But as Citizen Lab senior researcher John Scott-Railton pointed out on Twitter, if Russia takes over Ukraine’s airspace, users’ uplink transmissions could become targeting beacons.
Russia has historically used a variety of cybertools against Ukrainian targets, to gain tactical, on-the-ground targeting intelligence and to disable civilian infrastructure. But those attacks, like cluster munitions, can cause damage beyond their target. In 2017, Russia deployed a worm weapon dubbed NotPetya against several Ukrainian infrastructure targets. The weapon didn’t just stay in Ukraine. The malware went on to infect computers around the world and, at an estimated cost to victims of $10 billion, is considered the most devastating cyberattack in history.
Warner on Monday reiterated a warning that others, such as NATO General Secretary Jens Stoltenberg, have made, that a major attack that hits NATO allies could trigger an Article 5 response.
“I American troops and a truck crashed because the lights were out, you could get very close to Article 5. So we are still in uncharted territory,” Warner said.
Last week, cybersecurity experts detected a new wiper virus hitting Ukrainian networks. Shortly after, it had spread to systems in Lithuania, a NATO member. But the damage at this point seems limited.
“The Russians could cause extensive damage in the United States, and should we choose, we could cause extensive damage within Russia,” Rogers said.