Beyond the appalling imagery from Ukraine, new reports have been emerging of Russian hacking campaigns, shedding light on a more complex element of the invasion: cyberwarfare. But what is this very modern phenomenon?
No longer a rag-tag army of grifters, the increasing impact of cyber warfare is now driven by dedicated teams, working within an organised, political framework.
Cyberwarfare has not been a problem for the UK government, as far as we know, but it is only a matter of time. The US Government recognises the threat and manages a portfolio of risk that has an umbrella department covering all eventualities. They call it what it is: cyber terrorism.
Events in Ukraine are not new. In the last few years in America, there were two remote and devastating events. One you can guess, the other being more hush-hush. You know about the airborne virus that wiped out hundreds of thousands of American lives, but you may not be familiar with the random series of cyber-attacks that left the country without access to key vital services.
In the face of it, even the US Government openly confessed that it hadn’t kept up with the world we live in. Here are some recent headlines you would have woken up to as an American:
‘Iowa Grain Co-Operative Hit in Cyberattack Linked to Ransomware Group’ Wall Street Journal, September 21st 2021
‘The Latest Cyber Security Threat: Pay Us or We Release the Data’ Wall Street Journal, February 1st, 2021.
‘Biden Says Cybersecurity is the ‘Core National Security Challenge’’ Wall Street Journal, October 1st 2021.
Last year the US Government was clearly bewildered, because such attacks were no longer hypothetical, they had become an actual ‘thing.’
Cyber terrorism or cyber warfare has become the great leveller. On the international stage, it represents an opportunity for poorer, non-state actors to give any ‘superpower’ a bloody nose.
Understandably, major corporations like Apple, were left quaking with their intellectual property and customers now technically exposed. And it turns out that very few corporations wanted to talk about the phenomenon, fearing that acknowledgement of the risk was an open invitation to be hacked.
However, no country should leave ignorance and grievance to drive policy, so let’s rectify misconceptions to one of the most spellbinding technological challenges.
On the 7th May 2021, a large chunk of the Colonial Pipeline, running from Texas to New York City, was shut down. The wall of security protecting essential services, had been breached.
The FBI hadn’t seen the attack coming and as the operator put it after paying the hefty $4.4m ransom price tag:
“Everything we do is co-ordinated to the minute, when you throw a seven-hour wrench into it, it takes months to re-set properly.”
It isn’t the bad intentions of the actors that’s the concern here, in this case the Russian group ‘DarkSide,’ so much as the evolution of the practice itself and that it has now become one of Russia’s weapons in its war on Ukraine.
It’s clear that Russian operators, encouraged by their government, have evolved their function. No longer content to solely target individuals or corporations, these entities, possessing only moderate cyber warfare capabilities, can now with a little more organisation, attack a country. Somewhere like Ukraine. Russia is sharpening its teeth in this respect.
This is no small point. Malware and Logic Bombs could theoretically stop air traffic in Paris or make trains collide in Berlin. But in the end, before they picked on Ukraine, they had picked on a Texas pipeline – bringing South Carolina to a stand-still.
The first terrorism programmes appeared in 2005 and have popped up sporadically ever since:
Of course, no one wanted to calculate the financial risks – because no one dared to make the evaluation. It’s as if a whole new department needed to be set up to combat the attacks or somehow, to employ a bank of security gurus who knew how to respond to any particular strain of an attack. Which is what the US Government has now done.
And so, we arrive at the latest generation, with operators adopting a franchise model almost akin to a fast-food restaurant chain, like McDonald’s. In Russia, it’s called The Russian Main Intelligence Directorate (GRU). Cyberwarfare in Russia has gone corporate.
But not to worry.
Managing risk is an act of the imagination and the US and Ukraine have been smart about responding to these attacks.
Progress in the cyberwarfare world is just about keeping up – and in the book of challenges, this is just one more new challenge. There are a lot of seriously smart people in Ukraine working around the problem of Russian cyber-attacks, it isn’t the most delightful of considerations when you’re also being bombed, but it is necessary if the war is to be won.
The key point is that you want to avoid being held hostage, to avoid being placed in an impossible position. To do that, you need to be smarter than the other guy. And Ukrainians make great programmers.
And they have their frame of reference right because they were already prepared for the Russian cyber-attacks, which when it boils down to it, is no different to being vigilant about fraud.
Right now, Ukrainian organisations are being rigorous, ensuring that all systems are running the most current version of their operating systems with all associated applications and libraries. They will have support from the US on this. Updates and security patches are being performed like clockwork, limiting the time opportunity for an attacker to exploit.
Yes, there are high-tech forces out there managing a new generation of cyber-attacks but until the Court of International Justice rules on the use of ethical algorithms, Ukraine is doing an extraordinary job of mitigating the effects of Russian cyber warfare on their country. They’re a smart people after all and they’re doing us all a favour.
Many predicted that Russia would launch cyber-attacks on Ukraine, shutting down the country’s electrical grid for example. But while larger-scale operations have not yet materialised, the smaller forays have already started to emerge, with Ukraine proving once again, that they are surprising the world by being resilient and smarter than the Russians.
Do you have any comments or questions for Christopher? Share your thoughts in the comments below.