All quiet on the cyber front?

The stand-off between Russia and Ukraine does not yet appear to have the online clash that might have been expected

Tags: Cyber crimeCyber espionageCyber warfare
  • E-Mail
All quiet on the cyber front? The clash between Ukraine and Russia has yet to spread online in any significant fashion. (ITP Images)
By  Mark Sutton Published  March 4, 2014

As the stand-off between Russia and Ukraine continues, amid all of the threats, political proposals, analysis and sabre rattling, there is one area that is uncharacteristically quiet at the moment - the cyber front.

Increasingly, real world conflict is accompanied by cyber action - from co-ordinated, state-sponsored attacks that are intended to damage communications infrastructure, disrupt information sources or damage economic activity, through to simple hacktivist mud-slinging and site defacement, cyber action has become a part of modern warfare. And Russia has certainly shown its capabilities in this field in the past, which makes it surprising that this incident has not seen more online action.

During the 2008 conflict between Russia and Georgia, which centered on the disputed territories of South Ossetia and Abkhazia, there was considerable hostile activity online before and during the actual fighting. The cyber attacks, which some described as cyber warfare, but others characterised as mere ‘cyber rioting', were used against both sides, although it was predominantly Georgian websites that got the worst of it.

Several weeks before the attacks, DDoS attacks with pro-Russian messages were used against Georgian websites including government sites. Then, a few days before real world hostilities began, South Ossetian news agencies had their sites hacked, with traffic redirected to a Georgian news website.

Once Russian troops invaded Georgia properly, the cyber conflict really took off. The websites of the Parliament of Georgia and the Ministry of Foreign Affairs were hacked and defaced. DDoS attacks brought down a number of websites including sites for governments, media, communications and transportation companies. In the final analysis, the authorities on both sides denied responsibility and blamed 'sympathetic' hackers. Fingers were pointed at the criminal Russian Business Network as a possible facilitator of state-sponsored action, particularly with regard to similarities in attack methodology.

Probably the most likely scenario, suggested by John Bumgarner of the US Cyber Consequences Unit, was that the first-wave of cyberattacks against Georgian targets were synchronized with Russian military operations and that a second wave was conducted by Russian sympathisers.

While the attacks did not have the same financial impact as those against South Korean financial institutions by North Korea last year, which were believed to have cost around $750m to remedy, the evidence is there that the attacks were more than just script kiddies defacing a few websites and were actually aligned with military operations. Given the experience of Russia-based cyber criminals, it is therefore all the more unusual that so far there has been very little cyber action seen in this crisis.

There has been some noted activity - hacks against the RT news website (formerly Russian Today) defaced web sites with anti-Russian messages. Social media sites in Russia have been blocking access to websites belonging to pro-Ukranian groups.

On the ground, and more in the realm of traditional warfare, unidentified personnel took over telecoms infrastructure centres in Crimea that are owned by Ukraine's telecom provider, and which link Crimea to the rest of Ukraine, which disabled mobile, landline and internet services in Crimea. Ukrainian officials now say that seized infrastructure in Crimea is being used to block mobile phones of members of Parliament.

Why there is apparently so little action in the cyber world when the conflict has moved so rapidly is puzzling. It may be that Russian state actors have restricted the ‘sympathisers' who were so active against Georgia, for whatever reason. Ukraine also has a sizeable cybercriminal contingent, so why have there not been more attacks from its sympathisers against Russian assets? Is this an online stand-off, between two countries with well-developed cyber attack capabilities - while they may not be entirely equally matched in cyber strengths, are Russia and Ukraine reluctant to risk an escalation in online conflict? Do they fear that cyber conflict could result in real world conflict? Or perhaps this part of the crisis is still being carried out in the shadows - and attackers have learned a degree of subtlety since 2008? In the world of cyber warfare, who can tell?

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code