What Will A Russia-Ukraine Cyberwar Look Like?
By Richard Stiennon
Update March 4: According to a Renysis Blog post from February 26 Ukraine has very resilient Internet connectivity not likely to be disrupted by a single event.
According to Reuters Tuesday Valentyn Nalivaichenko, the head of Ukraine's SBU security service, told a news briefing "I confirm that an IP-telephonic attack is under way on mobile phones of members of Ukrainian parliament for the second day in row," .Valentyn Nalivaichenko told a news briefing.
And this report from Georgetown Security Studies Review covered early signs of interruption of communications in Crimea on March 2.
This playbook has already been written. Peaceful street protests. Government crack down. Russian agitation on behalf of “Russian speakers.” And finally, Russian tanks and war planes settling the matter. Of course I am talking about Georgia in 2008, and even some similarities to Estonia 2007.
We have come full circle in one sense. Remember the Orange Revolution in Ukraine and the popular uprising that led to new elections? One of the overlooked repercussions of those events in 2004-5 was the creation of the Nashi in March 2005, a government sponsored youth movement in Russia, reminiscent of Nazi Germany’s Brown Shirts. The Nashi, under pro-Putin Vasily Yakemenko were created as a defense against future youth led protest in Mother Russia.
Numbering some 120,000 aged 17-25 it is no surprise that the Nashi were implicated in the network attacks and web defacements associated with the so-called cyberwar in Estonia and attacks against Estonia’s ambassador to Russia. I say so-called because there was no war. No tanks. No fighter jets. No troops crossing the borders.
The Georgian cyberwar did involve tanks, troops, and fighter jets, along with web defacements, massive DDoS attacks, and cutting of Internet access into Georgia. There was also an eerily similar coincidence with the Olympics. You may recall the 2008 Summer Olympics in Beijing with Putin and George W. Bush sitting in the stands together while Putin’s playbook played out.
If Putin sticks to his playbook here is what can be expected about the time the shooting starts in Crimea.
The “information war” that is playing out now (propaganda) will escalate to web defacement and DDoS attacks against government websites, new sites, and prominent businesses in Ukraine. The purpose will be to silence Ukraine’s side of the story during the chaos.
Of the six fiber links into Ukraine, half connect to Russia. These will be cut off as they were in 2008 against Georgia.
Five and a half years since Georgia we can expect a little more sophistication in the arsenal that Russia can bring to bear. These could include targeted attacks against telecom and power grids using malware, routing, and DDoS. There is probably no need to attack the oil and gas pipelines because Russia already controls those. Putin can simply shut off the flow, just as trains carrying supplies to Estonia were stopped at the border in 2007.
One major escalation that suggests itself is true cyber warfare: targeting intelligence, surveillance and reconnaissance (ISR) capabilities of Ukraine’s military and any country that provides such services to Ukraine. Cyber attacks against Ukraine’s defensive missile guidance and targeting radar systems should not come as a surprise.
If cyberwar breaks out in the Russian-Ukraine conflict be prepared for collateral effects including: network routing issues, network congestion, inaccessibility of Ukrainian news sites, hacktivist attacks on Western news outlets and businesses that support Ukraine.
These reports indicate that communications in the Crimea may already be under attack.