For a few weeks now, everyone has been keeping a watchful eye on the war that has exploded when Russia invaded Ukraine. There had been a lot of speculation about what a contemporary war in the Western world would be like and now we are seeing it with our own eyes. Undoubtedly, most predictions foresaw that cyberwar would be one of the keys in modern wars. In the Russian-Ukrainian conflict, however, this has not been the case so far. Although there have been several mid-power attacks by Russia on Ukraine during the prologue of the conflict, these seem to have stopped for no apparent reason.
According to Gustavo Sain, a cybersecurity expert, a cyberwar is “an area within the military agencies of countries that aims to find technical vulnerabilities in the enemy’s computer systems or networks in order to penetrate and attack them, as well as to extract sensitive data and information. In this case, cyberspace is the battlefield, and the weapons are computer programs or applications“. Movies have stereotyped the hacker as a nerdy teenager who penetrates the deepest recesses of the Pentagon from his dark bedroom. Nothing could be further from the truth. Countries spend millions of dollars every year on their cybersecurity areas. In some cases, the best defense is a good offense. And in cyberattacks, Russia has a good record behind it.
It is important to clarify that many times in cyberattacks, by their nature, it is difficult to identify whether there is a state government or independent hackers behind them. That is why most of the cases we will talk about have not been able to prove that there were states behind them, but all the evidence indicates that there were.
One of the most notorious cases was the attack against Ukraine in 2017 with the malware named NotPetya. It is believed that NotPetya infiltrated the system during the update of the accounting package MeDoc. MeDoc had approximately 400,000 customers across Ukraine, representing approximately 90% of the country’s domestic businesses. The virus encrypted information on affected devices and infected as many nearby devices as possible. The virus spread to other countries such as Germany, Italy, and France. Global losses from the attack were estimated at ten billion dollars, making it the costliest cyber-attack in history. After months of research, the SBU (Security Service of Ukraine) claimed that the hackers who had attacked them the previous December, were the same ones who had committed this cyberattack. And those hackers were found to be Russian. It is important to remember that in the Russian-Ukrainian tension had been escalating since the Crimea annexation by Russia in 2014, and there is evidence that Ukraine had been the target of the “Russian cyberarmy” at least since 2016.
Going into the current conflict, the weeks prior to the start of the Russian invasion of Ukraine, Ukraine received a series of cyberattacks that severely affected different official websites and other strategically relevant platforms such as banks. During the months of January and February, Ukraine received three massive cyber-attacks. On February 14, the Minister of Defense confirmed an attack that affected Oschadbank, the Ukrainian savings bank, and Privatbank, the country’s largest bank. Moreover, in the January attack, 70 Ukrainian government websites were affected, including Diia, the platform that among other services manages COVID-19 vaccination. After these three major attacks, and coinciding with the start of the war, the cyberattack level has declined to attacks of limited impact but according to Ilya Vityuk, head of cybersecurity of the SBU: “this kind of attacks are carried out by states through intelligence services and specially created infrastructure. We clearly see the footprint of foreign intelligence services.”
For its part, has Russia received any attacks? Only two days after the start of the attack in the Donbas, the Russian Minister of Digital Affairs assured that “if previously their (cyber attacks) power at peak times reached 500 gigabytes, it is now at 1 terabyte. That is two to three times more than the most serious incidents of this type reported earlier.” In early March, the hacking of several electric cars charging stations outside Moscow went viral, with the devices’ screens displaying insults to Vladimir Putin. As in the other cases, it is not known whether behind this attack is the Ukrainian government, independent hackers, or hacker groups, such as Anonymous, who have sided with Ukraine since the start of the invasion. Undoubtedly, all cyber-attacks have one goal: to destabilize the target. Whether with more powerful and economic attacks such as NotPetya, or more viral and international opinion such as the case of the charging stations.
And the next question we should ask ourselves is, what now? Analyst William Merrin, in an interview for Newtral, asserts that Russia may be saving its best cyber weapons for when it needs them. The handicap of cyberweapons is that in many cases they are single-use because when they are used, the enemy can create defenses so as not to be affected again by the same attack. In fact, during the last few days several national bodies, such as the Spanish one, have denounced that they are receiving low-power Russian cyber-attacks. Biden has assured in recent statements that Russia could be preparing cyber-attacks against the US and Europe as a counter-attack to the fines imposed on them.