In the lead up to the Feb. 24 Russian invasion of Ukraine, the world braced for Russia’s cyberwarfare machine to be unleashed as part of the invasion.
Instead, Ukrainian President Volodymyr Zelensky has used social media to rally support from abroad and keep morale high at home. The Ukrainian power grid and other utilities have suffered from conventional military attacks, not by hackers shutting them down.
So what happened?
Ukrainian President Volodymyr Zelensky speaks on social media on March 6, announcing that Russian invaders fired eight missiles at the city of Vinnytsia, destroying the city’s airport. Despite the fearsome reputation of Russia’s cyberwarfare capabilities, the Ukrainian government has effectively used social media to rally support at home and abroad and the Russians appear to have mostly relied on conventional military tactics to attack Ukraine’s infrastructure. (Courtesy Twitter)
“The cyber portion of the invasion is somewhat surprising in that many predicted that cyber would be front and center,” said Tony Coulson, the executive director of Cal State San Bernardino’s Cybersecurity Center. “In the sense of media manipulation, this has certainly been the case. Media manipulation has been in the Russian toolbox and they have garnered quite a reputation. The Ukraine side has certainly been able to counter the noise.”
But actually shutting down the Ukrainian internet is incredibly difficult to do, according to Clifford Neuman, the director of USC’s Center for Computer Systems Security, because, by design, the internet is hard to shut down.
“The fact that they haven’t taken out all of the communications is not surprising. But in large part, that’s likely due to the nature of the internet, to route around problems,” he said. “That was the original goal of the ARPANET, when this was developed.”
More on cybersecurity
These Girl Scouts are learning cybersecurity at summer camp
Rancho Cucamonga-based water district reports data breach
Malware attack prompts suspension of online instruction at Rialto Unified School District
Servers at El Monte City Hall being replaced; investigation of ‘unauthorized access’ continues
Azusa officials hid 2018 cyber attack, used insurance to pay $65K ransom to hackers
When the Department of Defense developed the ARPANET, the predecessor to the modern internet, the goal was to prevent a nuclear attack from shutting down military communications when one or more sites were destroyed: The network would route communications around it automatically. Those core design principles now make it hard for cyber attacks to completely shut down the Ukrainian internet.
“Certainly, that was the first thing they tried to do,” Neuman said. “The internet connections are more commercial. There are many more ways into and out of the country in terms of internet connectivity.”
In other words, taking down the internet in Ukraine would mean successfully attacking a variety of competing networks.
But cyberwarfare isn’t the same as conventional warfare.
“Cyber weapons are very unique in that, unlike a missile, they can be captured and reused once they have been deployed in the wild,” Coulson said. “It may simply be a matter of economics — simpler to fire a shell at the power grid to knock it down than to launch a hack attack that may reveal capabilities that may be used against you in the future.”
Which isn’t to say the Russians haven’t had some successes.
“In the lead-up to the current invasion, there were cyberattacks to critical infrastructure and government agencies,” Neuman said.
Previous Russian cyberattacks likely led to Ukraine’s electrical power grid being taken off the internet, Coulson said.
And much of the cyberwarfare happening during the invasion — on both sides — isn’t officially happening.
Related Articles
Crisis deepens, Ukraine accuses Moscow of ‘medieval’ tactics
Russia snubs UN court hearings in case brought by Ukraine
China calls Russia its chief ‘strategic partner’ despite war
Putin says Ukraine’s future in doubt as cease-fires collapse
Blinken hears harrowing tales from refugees fleeing Ukraine
“The way the Russians operate is they don’t take credit for (the attacks). There are basically underground criminal enterprises that do the ransomware attacks we’ve been hearing about” in the past, Neuman said. “It’s not directly the Russian government, but it’s underground criminal activities that the government either harbor even employ in their attacks.”
The non-governmental attacks go both ways.
The anonymous “hacktavist” collective Anonymous has taken credit for taking down Russian propaganda outlet RT and other Russian assets. But just as with Russian cyber-criminals, the United States doesn’t have any formal ties to Anonymous and members have been prosecuted by American law enforcement in the past.
“Western states don’t necessarily want to directly support the non-aligned organizations, like Anonymous, because they don’t want to be blamed for some of the things they do,” Neuman said.
The real answers on what happened — and didn’t — in cyberwarfare between Russia and Ukraine likely won’t be known in analyses in years to come, Coulson said.