Don’t Believe the Hype—Ukraine’s Cyber War Didn’t Bite
Vandalism does not equal Internet warfare
As Russian military forces invaded Crimea on Feb. 28, unidentified men raided several offices housing critical infrastructure connecting cell phone and Internet service to the rest of Ukraine.
The men cut the connections.
Did Russia, in addition to its ground invasion, also launch a cyber war?
Numerous articles shortly after the attacks made that suggestion. Foreign Policy ran a long piece about the disruptions and hack attacks on Ukrainian Websites. An article in Georgetown Security Studies Review raised questions about the vulnerability of Crimea’s information infrastructure and its reliance on Russia.
The disruptions also brought comparisons to cyber attacks on Estonia in 2007 and Georgia in 2008. But the reality is a bit more complicated. And it probably doesn’t qualify as a cyber war.
To get a clearer picture about what’s going on, we reached out to P.W. Singer of the Brookings Institution and the author of Cybersecurity and Cyberwar: What Everyone Needs to Know.
“Yes, there have been a lot of articles on the ‘cyber war’ in Ukraine,” Singer wrote via email. “But fortunately not a lot of actual cyber war so far. There has been a mix of things called ‘cyber’ in the media and pundit-land which are not cyber or war, and in turn, a variety of cyber activities that are real but don’t yet hit the level of what played out in Estonia or Georgia on the cyber front.”
Ukrtelecom, the state-owned Ukrainian service provider, reported incidents of masked men breaking into their servers and cutting Internet and phone lines. Ukrtelecom replaced the cables and restored Internet and phone service after a few days.
“Yes, someone physically cutting a cable could be called a ‘denial of service’ but not the way the cyber folks mean it,” Singer wrote.
On the other hand, if Russia really wanted to destroy Crimea’s communications infrastructure, it would have been pretty easy to do so.
Crimea is a peninsula, and many of the Internet exchange points linked to it run through Russia. But there’s only one exchange point—in the capital, Simferopol—that controls all traffic running through Crimea. If Russia really wanted to turn up the heat on the cyber front, they would have destroyed that exchange point or cut off the flow on their end.
That hasn’t happened. What we’ve seen amounts to crude infrastructure damage and some light hacking by fringe elements who enjoy defacing Websites and shutting down portals.
Ukrainian hacktivists are on the offensive as well, with some groups actively recruiting new members and targeting Ukrainian Websites friendly to Russia.
“We’ve seen various prank hacks, blacklisting news on social networks, patriotic hacker groups trying DNS, targeting government official communications, etc., but nothing of massive scale and organization that has a physical impact on the ground yet,” Singer writes.
Estonia in 2007 and Georgia in 2008 both saw a deluge of cyber attacks. Hackers employed ping floods, botnet raids, simple hack ‘n’ swamps and denial of service attacks to disable local news and government Websites—and damaging both countries’ communications infrastructure.
“It certainly could rise to this level, especially if we see escalation on the ground, which might unleash these forces, but we are not there yet,” Singer writes.
Moscow denied direct involvement in the Estonia and Georgia attacks, pointing to fringe nationalist groups and—in the case of Estonia—rogue elements within the government.