Information Warfare: Ukrainian Cyberwar

Archives

November 3, 2022: Russia has a reputation for being a formidable presence when it comes to Cyber War. Like many other capabilities, that reputation was tarnished and diminished during the recent war in Ukraine. For Russia the defeats were frequent and victories few in this network battle space. Russian defeats began the day before Russian troops crossed the Ukrainian border. On February 23rd Russian hackers released FoxBlade malware onto Ukrainian networks. FoxBlade was a program that attempted to get onto systems by hiding in a file attachment. Despite this known vulnerability, it can still work. Once inside the target system FoxBlade seeks to spread to all computers on the network and delete all their files. Microsoft, the creator of Windows, the most widely used PC operating system, detected FoxBlade first and notified Ukraine, which promptly took measures to defeat FoxBlade on February 24. Since the 1990s Microsoft created a formidable Internet security organization that monitors networks worldwide for signs of malware, especially new malware, being used. Network security features have been added to the Windows operating system and one of them for PCs is to automatically send back to Microsoft potential hacker presence information back to Microsoft. At the same time, Microsoft will quickly send out fixes to infected PCs. Ukraine and Microsoft began developing a cooperative relationship over the last two decades because after 1991 Eastern Europe, especially Ukraine and Russia, were major sources of hacker activity. Ukraine cooperated with Microsoft to reduce the hacker threat while Russia insisted it didn’t exist.

For example, back in 2009 Ukraine cooperated with the United States and Microsoft to deal with a Ukrainian gang (six specific individuals) who put together one of the largest botnets (PCs secretly controlled via hacker attacks) ever encountered. In early 2009 (February and March) the gang used spam, containing hidden programs, to take control of 1.9 million PCs. A computer security firm discovered the botnet, and cooperation between Ukraine, the United States and other countries led to the server controlling the botnet being found and taken off line. At the same time this effort identified members of the gang. Ukrainian police arrested the six after participating in the international effort to find them.

The Soviet Union, which Ukraine was part of until 1991, created a lot of software engineers who worked for the government. Most of these programmers and software engineers were out of work after the Soviet Union collapsed in 1991. Some left for the West and found good jobs but most sought opportunities at home and the most lucrative ones involved illegal hacking, often for criminal gangs. Russia never cleaned up this problem, Ukraine did. Russia allowed the gangs to operate in Russia as long as they did not hack Russian networks and did jobs for the government. This included developing malware to be used against neighbors and Western nations in general. Ukraine vigorously enforced laws against hacking and the local hackers either left the country or found legit jobs.

Other East European nations also cracked down on the hackers. Many, but not Ukraine, joined NATO, and sought to have NATO declare massive hacker attacks as a cause for war against the aggressor. After the 2022 Ukraine invasion Russia launched major Cyber War attack on Lithuania because of Lithuanian threats to disrupt access to Kaliningrad, a Russian enclave on the Baltic Coast that must use Lithuanian or Polish railroads to reach the enclave.

Back in 2007 Russia planned Cyber War efforts against the more prosperous and affluent former Soviet territories. At the top of this list was Estonia, which was hit by a massive Russian Cyber War-scale attack. The Estonians withstood the attack despite the temporary damage it did to their economy. This was something a NATO member had never faced before and Estonia pointed out that if there was no NATO response to the Russian attack on Estonia, the Russians would be tempted to try it on other new NATO members in East Europe.

This led to a 2010 agreement with NATO to facilitate cooperation between NATO and Estonia if Estonia is hit by another Internet based attack. In 2008, NATO established a Cyber Defense Center in Estonia. This, and the 2010 agreement, was a result of being called on by Estonia, in 2007, to declare Cyber War on Russia. That was because Russia was accused of causing great financial harm to Estonia via Cyber War attacks, and Estonia wanted this sort of thing declared terrorism, and dealt with. NATO agreed to discuss the issue, but never took any action against Russia. The new agreement did create a legal framework for striking back, or at least to defend Estonia more vigorously if there is another attack.

In 2014 Russia seized Crimea province from Ukraine and half of two east Ukrainian provinces.There was not a lot of physical violence but Russia did use Ukraine as a test site for new Cyber War tactics and techniques. In late 2016 Ukraine accused Russia of employing hackers to insert trackers into cell phones used by Ukrainian military personnel fighting in Donbas. Ukraine has also found evidence of the same or similar hackers, usually civilian groups working as contractors for the Russian government, going after numerous government and commercial networks in Ukraine. Some of these hackers were also identified as going after targets in the United States. The hacking of cell phones used by military personnel is believed to be the cause of several accurate and fatal attacks on Ukrainian troops in Donbas. The hackers made it possible to track the location of the phone owners and accurately fire shells or rockets at them.

These capabilities had already attracted the attention of the U.S., which was supplying Ukraine with military equipment and technical assistance. American and NATO electronic warfare experts paid close attention to what the Russians were up to in Donbas and the cell phone hack was not unexpected. When it did arrive, it was scrutinized and dissected. That led to countermeasures that were ignored by the Russians and used by Ukrainian forces fighting the 2022 invasion.

By the end of 2021 Ukraine had created a network of half a million software engineers, information specialists and other experienced Internet users to deal with Russian Cyber War attacks as well as carry out information campaigns worldwide to let the world know what was really happening in Ukraine. The Ukrainian efforts were successful and this resulted in Ukrainian attacks against Russian networks and propaganda. The existence of these formidable Ukrainian Information and Cyber War capabilities is another reason NATO is eager to have Ukraine join the EU (European Union) and after that NATO.