Role of Cyber-enabled Technologies in the Russia-Ukraine Armed Conflict
The Cyber Task Force, VIF

The cyber conflict has blurred the distinctions between state-backed hackers and patriotic amateurs, making it harder for governments to determine who attacks them and respond effectively. However, both Russia and Ukraine appear to have welcomed tech-savvy volunteers, opening channels on the messaging app Telegram to draw attention ofpeople to specific websites. There have been significant cyber activities in the ongoing armed conflict. At the beginning of the conflict, Russia allegedly launched wiper malware strikes that deleted/wiped data from Ukraine's government servers.[1] While the Distributed Denial-of-Service (DDoS) attacks halted Ukrainian systems.

Russia-Ukraine Rivalry in Cyberspace & Western Interference

Russia, with excellent cyber capabilities, has been very active in the cyber domain for many years. It would not be an overstatement to say that Russian cyber operational capabilities are so advanced that they have influenced the politics of many countries through alleged interventions, including the 2020 United States (US) elections. Russia's Machine Learning (ML) skill is well ahead of China's capabilities in the same domain. Given Russia's superior cyber capabilities, several experts predicted that the cyber dimension would play a significant role, but on the contrary, conventional warfare has dominated the Russia-Ukraine conflict thus far. So far, not much has been shared in the public domain; however, one question remains: has Russia purposefully avoided using the cyber dimension? Or was it deployed but the world was unaware of it? During this conflict, there were no significant reports of cyber-attacks on the Critical National Infrastructure (CNI), the most crucial part of cyber warfare.

The Russia-Ukraine conflict began in 2014, followed by primary cyber operations in 2015, 2016, and 2017. In 2015, Russia conducted a cyber-attack against one of the major power grids in Ukraine, which crippled the electric supply of over 200,000 homes.[2] A few days before the conflict began Russia reportedly cut the fibre submarine cables in the Arctic Ocean towards the United Kingdom (UK).[3] Concurrently, the Ukrainian government infrastructure, including Ukraine’s citizen services, was attacked but was not paralysed. Taking lessons from cyber-attacks in 2014 and 2017, Ukraine has made enormous expenditures to enhance its cyber-infrastructure, with primary technical and financial aid from the United States and the European Union.

Amid the conflict, Ukraine approached the Internet Corporation for Assigned Names and Numbers (ICANN) to block the “.RU”— Russia’s country-code domain; but ICANN turned down the request as ICANN is a multi-tasking establishment that operates the Internet and Domain Name System (DNS). The ICANN appeared neutral, but the reports indicate that it appears that establishment has supported the US’ interest in monitoring the Domain Name (DN) traffic in this scenario.

Cyber capabilities of any nation mainly depend on three factors:

  1. Political Will: the conflict did not witness a lack of political will as far as Russians are concerned.
  2. Organisation Structure: the Federal Security Service (FSB), GRU (Main Directorate of the General Staff of the Armed Forces of the Russian Federation), and SVR (Foreign Intelligence Service) have undoubted capabilities with sound organisational structure.
  3. Technical Prowess: the cyber capabilities of Russians far exceed the US and China.

A month before the conflict, i.e., in January 2022, suspected Russians hacked numerous Ukrainian websites with a message— “be afraid and wait for worse”.[4] A week before the conflict, Russians carried out a DDoS attack on Ukraine’s Ministry of Defence (MoD), Banks, and Army, which was supposed to be the most significant DDoS attack in Ukrainian history.

Ukraine’s Foreign ‘Cyber-Warriors’ Legion& Information Warfare

Within a few hours of the armed conflict, Ukraine established a ‘cyber army’ under the Ministry of Information Technology. It was a countermeasure adopted by Ukraine against the possibility of a large-scale Russian cyber-attack. The ministry opted for the Telegram channel calling for cyber warriors for crowdsourcing. It is said that around 300,000 so-called ‘cyber warriors’ joined the call.[5] Consequently, Ukrainian ‘cyber warriors’ actively attacked almost every system in Russia, including media infrastructure, public radio stations, and the Central Bank. Along with the so-called ‘cyber army’, several hackers from Anonymous groups also joined the clan. On 12 April 2022, the energy infrastructure of Ukraine was targeted by the group—SandWorm— an alleged Russian cyber-military unit of the GRU, but the attack was foiled because of Ukraine’s strong cyber-defence.[6]

Information Warfare (IW) is one of the essential parts of cyber operations. Ukraine has shown much higher Information Warfare (IW) capabilities in the Russia-Ukraine conflict. Ukrainians have been extensively using social media by posting images from war, including pictures of dead soldiers. Russia and Ukraine are engaged in IW, where the latter [Ukraine] receives support from the Western countries and their respective media. Therefore, Ukraine has the edge over Russia in such an aspect of cyber-warfare. Russia and China have good IW capabilities, but the trust factor worldwide is lower than the vis-à-vis trust factor in the US.

On 04 May 2022, Microsoft suspended related products and services in Russia, and on the same day, they [Microsoft] offered cyber security services to Ukraine. The Anonymous group supporting Ukraine launched a DDoS attack on Gazprom, stealing around 800 GB of data.[7] As part of Ukraine’s cyber army, several hackers carried out DDoS attacks on Kremlin, Moscow Stock Exchange (MSE), and the Russian Space Agency— ROSCOSMOS. All these incidents result from the call made by Ukraine’s Deputy Prime Minister. On the third day of the conflict, Deepfake videos of Ukrainian President Zelenskyy emerged where he urged his fellow citizens to lay down arms and cooperation with Russian troops and return home. It was a disinformation operation, but the quality of Deepfake was inferior, and it was banned on Twitter.

Technically, information operations are easily manageable as compared to cyber operations. While Ukraine may not have the cyber capabilities matching with Russians, Ukraine handled it much better as far as IW is concerned. By that time, Russia must have understood that the cyber conflict would not remain only between Russia-Ukraine but also Russia versus the rest of the world. Also, Russia may not be confident enough to control the escalation matrix if they go for a large-scale cyber-attack against Ukraine.

Cyber-Weaponisation & “Norms of Behaviour”

In the Russia-Ukraine conflict, cyber played a limited role in the early stages of the conflict, contrary to common assumptions. The limited role of cyber has prompted competing theories, including if we overestimated Russia’s cyber capabilities. As cyber-weapons cannot be generalised, the ongoing Russia-Ukraine conflict should be understood in the context of warfare and not technical demonstration. Cyber weapons must be utilised based on target, timeframe, and effectiveness. Cyber-warfare targets dismantle combat and economic capabilities without demonstrating technical superiority over the adversary.

Out of the conflict, questions were emerging that, likewise, in 2017, why have Russians not attacked the power grid and railway infrastructure to unsettle the movement of the Western supply of arms to Ukraine? Why did the Russians fail to defend the large-scale destruction of armoured vehicles, including tanks? Or If Russians are exercising restraint? One thing is sure: developing and launching cyber weapons is not an easy task and requires in-depth planning, coordination, testing, and deployment.

Another aspect— geopolitical, plays a significant role in this conflict. In 2021, the US and Russia set up “Norms of Behaviour” , backed by the United Nations General Assembly (UNGA).The agreement between the US, Russia, and other 25 nations on the norms of behaviour has not been followed in the ongoing Russia-Ukraine conflict, as hospitals and citizen services-related establishments have been attacked.

Lessons for India

Ukraine prepared its cyber defence after the incidents of 2014 and 2017, with the assistance of the US and other Western nations. Ukraine utilised their telecommunication infrastructure intelligently and managed to obtain resources, such as terminals, from giant tech companies such as SpaceX. As a lesson, India must consider the need and prepare for cyber-defensive operations. Along with cyber-defence, India must prepare itself for effective cyber defensive and cyber-offensive capabilities. India must take a stand on its digital interests on geopolitical issues related to cyber policies. For Information Warfare, India must learn the ability to utilise the national and international media, though we cannot rely on international social media entirely. Also, India must trust the private sector's capabilities to sustain the entire communication infrastructure in a war scenario.

India must have a cyber-weaponisation programme, which must be declared openly, to express the capabilities, including cyber-deterrence. At short notice, India must develop a ‘Cyber Volunteer Force’. One of the lessons from the Russia-Ukraine conflict is that we can outsource and let experts worldwide support us if we lack specific capabilities.

Deepfake is a strategic tool that can be deployed to change the narratives of a battle. First, India must learn how to counter it and effectively use it. In the conflict, many Ukrainians act as ‘hand radio’ operators to listen to the communication. Similarly, India must revive to teach school-going students— how to operate hand radios as this will assist India to sustain in a situation of communication blockade. India must have its indigenous DNS to create and run its own (internal) Internet without disruptions or foreign interference.

Cyber-warfare is not very different from the tradecraft used in intelligence operations. India must opt for integrated strategic planning to use cyber to optimise available resources worldwide. Along with strategic planning, we must form defensive planning that narrates how to protect our infrastructure (critical and non-critical) so that India can withstand a large-scale cyber-attack in the future. India must have a Standing Committee or such mechanism to work on an international cyber policy framework.

Endnotes :

[1]Roopali, “Russia Ukraine Conflict: Wiper Malware Used to Target Ukraine”, Cybermetrics, 28 February 2022, accessed on 24 July 2022, available from: https://cybermetrics.eu/2022/02/28/russia-ukraine-conflict-wiper-malware-used-to-target-ukraine/
[2]Jim Finkle, “U.S. firm blames Russian ‘Sandworm’ hackers for Ukraine outage”, Reuters, 08 January 2016, accessed on 24 July 2022, available from: https://www.reuters.com/article/us-ukraine-cybersecurity-sandworm-idUSKBN0UM00N20160108; “Foreign Secretary condemns Russia’s GRU after NCSC assessment of Georgian cyber-attacks”, National Cyber Security Centre, 20 February 2020, accessed on 24 July 2022, available from: https://www.ncsc.gov.uk/news/foreign-secretary-condemns-russia-s-gru-after-ncsc-assessment-of-georgian-cyber-attacks
[3]Meg Hill, “Russia cutting underwater cables could be an act of war, says UK defence chief”, Independent, 08 January 2022, accessed on 24 July 2022, available from: https://www.independent.co.uk/news/uk/russia-moscow-ben-wallace-liz-truss-jens-stoltenberg-b1989124.html
[4]Katharina Krebs and Jake Kwon, “Cyberattack hits Ukraine government websites”, CNN, 15 January 2022, accessed on 25 July 2022, available from: https://edition.cnn.com/2022/01/14/europe/ukraine-cyber-attack-government-intl/index.html
[5]Amit Chaturvedi, “Ukraine War: over 300,000 volunteer hackers come together to fight Russia, says report”, NDTV, 15 March 2022, accessed on 25 July 2022, available from: https://www.ndtv.com/world-news/ukraine-war-over-300-000-volunteer-hackers-come-together-to-fight-russia-says-report-2824436
[6]Andy Greenberg, “Russia’s Sandworm hackers attempted a third blackout in Ukraine”, Wired, 12 April 2022, accessed on 25 July 2022, available from: https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/
[7]Miroslav Trinko, “Anonymous hacked Gazprom and leaked 768,000 emails from company employees”, gagadget, 14 April 2022, accessed on 25 July 2022, available from: https://gagadget.com/en/116384-anonymous-hacked-gazprom-and-leaked-768000-emails-from-company-employees/

(The paper is the author’s individual scholastic articulation. The author certifies that the article/paper is original in content, unpublished and it has not been submitted for publication/web upload elsewhere, and that the facts and figures quoted are duly referenced, as needed, and are believed to be correct). (The paper does not necessarily represent the organisational stance... More >>


Image Source: hhttps://portswigger.net/cms/images/dc/32/bd2b-article-210223-ukraine-main-image.png

Post new comment

The content of this field is kept private and will not be shown publicly.
3 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Contact Us