A Year After Russia’s Invasion of Ukraine, Where Does the Digital War Stand?

From a story on cjr.org by Mathew Ingram headlined “One year from Russia’s invasion of Ukraine, where does the ‘cyberwar’ stand?”:

After Russian troops invaded Ukraine a little over a year ago, the latter country set out to reinforce a second front in the war—a digital one. As I reported for CJR at the time, the Ukrainian government posted appeals in online hacker forums, asking for volunteers to protect Ukrainian infrastructure and conduct digital missions against Russia. The posts asked hackers to “get involved in the cyber defense of our country.” According to Foreign Policy, within a couple of months, more than four hundred thousand people had joined the informal hacker army.

Cybersecurity experts say Ukraine had one important thing going for it when Russia attacked a year ago, at least in terms of computer warfare: it was already well aware of the risk of Russian hacking. In 2015, a digital attack crippled Ukraine’s power plants and left hundreds of thousands without electricity; experts believe that hackers affiliated with the Russian government caused the outage. In 2017, a ransomware attack known as NotPetya, which many experts believe was created by Russian entities, caused an estimated ten billion dollars in damages globally, much of it in Ukraine. In the year since Russia’s invasion, there have been thousands more digital skirmishes between the two countries. But it’s unclear who, if anyone, is actually winning, or what impact all this cyber-rattling has had on the larger war.

According to a recent presentation by Yurii Shchyhol, the head of Ukraine’s State Service of Special Communications and Information Protection, the country’s Computer Emergency Response Team responded to over two thousand “cyber incidents” last year. A quarter of these targeted the federal government and local authorities, Computer Weekly magazine reported; the rest involved defense and other security sectors, as well as energy, financial services, IT and telecom, and logistics. On the opposite side of the ledger, Russians in close to a dozen cities were greeted one day last week by radio messages, text warnings, and sirens alerting them to an air raid or missile strikes that never came. Russian officials said that the alerts were the work of hackers.

Google’s internal Threat Analysis Group says that hacking and other forms of computerized warfare have continued to play a “prominent role” in the war. Last month, the company released a report entitled, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape. It concluded that there has been a dramatic increase in digital attacks on Ukrainian infrastructure since 2020, with code names like Shadylook, Skyfall, and DarkCrystal. The targeting of internet users in Ukraine by Russian hackers was twice as high last year as in 2020, Google said, and the targeting of NATO countries was more than three times as high. The Threat Analysis Group said that it had also tracked a series of “self-described news entities” with ties to Russian intelligence—including News Front, ANNA News, and UKR Leaks—promoting narratives that, for example, blame the US and NATO for instigating the war and characterize the Ukrainian government as “Nazis.” The Internet Research Agency, which became infamous for running a disinformation campaign around the 2016 US election, is also still active, Google’s experts say, but has shifted its activity “from a range of domestic Russian political issues to focus almost exclusively on Ukraine and mobilization.”

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said on Twitter that the Google report represented “impressive work” by a company that has “more comprehensive telemetry than most SIGINT (signal intelligence) agencies today.” One of the most interesting aspects of the Google report, Rid wrote, is the “hack-and-leak integration, and the very old-school exploitation and collaboration with activists, often with disinformation and forgeries mixed in.” Rid also had some criticisms, though—the report, he said, focuses on Russian activities in or related to Ukraine, but “that’s highly likely just one part of the picture, and probably not the most impressive part.”

Meanwhile, some experts have expressed skepticism that all these attacks and counterattacks in cyberspace are materially altering the course of the war. A report from the Center for Strategic and International Studies, a research organization based in the US, stated last June that “It may offend the cyber community to say it, but cyberattacks are overrated. While invaluable for espionage and crime, they are far from decisive in armed conflict. A pure cyberattack is inadequate to compel any but the most fragile opponent to accept defeat. No one has ever been killed by a cyberattack, and there are very few instances of tangible damage.” However, the report did allow that cyber operations “are very useful to conduct espionage, to gain advance knowledge of opponent planning and capabilities, and to mislead.”

Then, in August, researchers from the University of Cambridge, the University of Strathclyde, and the University of Edinburgh, in the UK, released a research paper in which they argued that “the widely-held narrative of a cyberwar fought by committed civilians and volunteer ‘hacktivists’ linked to cybercrime groups is misleading.” The researchers collected data on thousands of hacking attempts and conducted interviews with hackers, concluding that “the role of these players in so-called cyberwarfare is minor, and they do not resemble the ‘hacktivists’ imagined in popular accounts.” Contrary to some predictions, the report said, the involvement of civilian hackers “appears to have been minor and short-lived; it is unlikely to escalate further.”

For all the talk about the risk of cyber warfare over the past several decades, “this is the first time you’ve been able to see in real time how cyber contributes to an overall military campaign,” Tim Stevens, a senior lecturer in global security at King’s College London, told Euronews recently. “Yes, it can be useful under certain circumstances, but it’s not going to win you a war.” In other words, one year in, hackers don’t seem likely to dramatically change the outcome of Russia’s invasion of Ukraine, for all the James Bond-style nicknames. The fighting on the ground will matter more.

Speak Your Mind