The Second Front in Ukraine: Cyberattacks, Disinformation, and Defenses
More than half a million people have fled their homes to escape the war in Ukraine as major cities remain under attack, according to the BBC. But there are two fronts in this war: the physical fighting and the cyber domain, where cybersecurity professionals battle disinformation, psychological warfare, and cyberattacks.
Ukraine has called on the country’s hacker underground to help protect critical infrastructure and conduct cyber espionage operations against Russian troops, Reuters reported. The country will also create an “IT army” to fight digital intrusions, according to Ukraine’s Vice Prime Minister Mykhailo Fedorov.
A post on Twitter from the State Service of Special Communications and Information Protection of Ukraine called for people with information about vulnerabilities in Russian cyber defenses to share them with a chatbot.
CYBER FRONT IS NOW OPEN!— SSSCIP Ukraine (@dsszzi) February 28, 2022
If you possess any information regarding vulnerabilities in Russian cyber defenses (bugs, backdoors, credentials), please report it via the chatbot @stop_russian_war_bot
Ukrainian cyber experts will use your information to fight against the occupant
In a Twitter post, Fedorov linked to a Telegram messaging app channel that published a list of 31 prominent Russian websites, including businesses, state organizations, banks, and government websites. The official website of the Kremlin, Kremlin.ru, was taken offline Saturday in an apparent distributed denial of service (DDoS) attack, Reuters reported.
Ukraine has faced an onslaught of DDoS incidents, phishing attacks, and malware during the conflict. On 25 February, Ukrainian officials warned that Belarusian hackers were targeting Ukrainian soldiers and civilians with a new wave of phishing emails, according to CyberScoop. This is after a series of DDoS attacks that hit Ukrainian government sites since the conflict began, and malicious data-wiping software hit hundreds of computers in Ukraine last week.
Meanwhile, hactivists worldwide are joining the fray. ZDNet reports that ransomware groups and members of hactivist collective Anonymous announced that they will launch attacks against the Russian government, defacing local government websites and taking down others.
On the other side, ransomware groups Conti and the CoomingProject published messages online that they supported the Russian government and would strike back at enemy critical infrastructure as needed—especially if foreign governments were to take cyber-based action against Russia.
Those foreign governments and enterprises are shoring up their defenses, though, in case Russia chooses to retaliate against sanctions by launching cyberattacks on banks or other infrastructure.
Conti ransomware group announces support of Russia, threatens retaliatory attacks https://t.co/Sc7aqCup5u by @AJVicens— CyberScoop (@CyberScoopNews) February 26, 2022
Global banks are increasing network monitoring, drills for cyberattack scenarios, combing through their networks for threats, and lining up extra staff in case hostile activity increases, Reuters reported.
“Unlike more traditional and historical military norms, defensive cyber superiority, not offensive capability, will decide cyber supremacy moving forward," said Marcus Fowler, senior vice president of strategic engagements and threats for Darktrace, a British cyber defense company, in a statement. “Non-state cyber actors (hacktivists, cybercriminal groups, proxy groups, vigilante lone wolf hackers, etc.) are going to increasingly become a bigger part when it comes to the more global aspects of this story. They may also be less controllable, less precise in their targeting, and less conscious of the implications of their actions… despite welding highly sophisticated tools. This involvement increases the chance of unintentional escalation of the conflict or miscalculation and greater intentional private sector targeting.
“The Conti declaration, specifically, is interesting as it could be an indicator of a larger ransomware campaign against the West to come,” Fowler continued. “These actions provide the Russians with plausible deniability that it was unsanctioned, and therefore, they can’t be held responsible for the actions of criminal groups that publicly express their intentions. All these things are absolutely part of the escalation of the conflict beyond Ukrainian borders and the more likely long-term battleground if/when a stalemate is reached. The warmest part of the next cold war will play out in cyberspace.”
Psychological warfare is also being waged online, as different factions seek to undercut disinformation and propaganda. Groups of Ukrainian technology professionals have joined forces to overwhelm disinformation-spreading websites, The Washington Post reported. The campaign has ramped up to keep pace with the disinformation coming from the conflict zone; volunteers gather information on attacks and casualties to fact-check and challenge the Russian state media’s version of events, posting messages on Telegram and Russian social media platforms. Other activists are targeting Russian military and intelligence officers, flooding their email inboxes with messages.
Europe more broadly has increased scrutiny on Russian propaganda. Poland announced last week that it would ban Kremlin-based TV channel RT, European capitals imposed sanctions on the network’s editor-in-chief, and French lawmakers formally asked for the channel’s license to be removed, POLITICO reported. RT has been part of an effort to disseminate pro-Russian rhetoric, including the narrative that Russian President Vladimir Putin is a peacemaker in this conflict.
"The Kremlin has weaponized information."— POLITICOEurope (@POLITICOEurope) February 25, 2022
As the world responds to Russia's invasion of Ukraine, European capitals have also ramped up the pressure on Moscow-backed broadcaster RT.
But the channel is part of a much wider Russian information operation.https://t.co/TCA0MSDJIp
“The Kremlin has weaponized information,” Commission Vice President for Values and Transparency Věra Jourová told POLITICO. “Disinformation is part of Russia military doctrine and so is running of foreign influence operations.”
Lithuanian Prime Minister Ingrida Šimonytė sent a joint letter on 27 February from the prime ministers of Estonia, Latvia, Lithuania, and Poland to the CEOs of multiple technology firms to encourage them to restrict the spread of Russian disinformation about the invasion.
“Although the online platforms have undertaken significant efforts to address the Russian government’s unprecedented assault on truth, they have not done enough,” the letter said. “Russia’s disinformation has been tolerated on online platforms for years; they are now an accessory to the criminal war of aggression the Russian government is conducting against Ukraine and the free world.”
The letter calls on technology and social media platforms to:
- Proactively suspend accounts engaged in denying, glorifying, or justifying wars of aggression, war crimes, and crimes against humanity;
- Suspend official accounts of Russian and Belarusian government institutions, state-controlled media, and leaders who disseminate disinformation about the situation in Ukraine;
- Comply with restrictions introduced by national regulators against Russian state-controlled media and prevent them from using technological services to circumvent restrictions (such as RT streaming content in a country where its broadcast license has been revoked);
- Engage with local fact-checking initiatives to find volunteers to reinforce content monitoring in Russian and Ukrainian to quickly address illegal content or disinformation;
- Immediately take measures to help users find trustworthy information on the war in Ukraine;
- Fully demonetize all accounts of purveyors of disinformation controlled by Russia or Belarus; and
- “Resist the pressure from the Russian government to censor or restrict access to your platforms on Russia’s territory for Russian citizens, civil society, and independent media.”
Strong support by 🇪🇪 🇱🇹 🇱🇻 🇵🇱 Prime Ministers to fight Russian disinformation.— Věra Jourová (@VeraJourova) February 28, 2022
We are fully mobilised and intensifying efforts on all fronts.
Ongoing discussions together w/ @ThierryBreton w/ big tech, regulators, Member States.
EU is united against Kremlin’s war propaganda. https://t.co/tFV9vhEF3N
U.S. Senator Mark Warner, chairman of the Senate Select Committee on Intelligence, also sent letters to key social media and technology platforms urging them to prevent disinformation spreading online.
“In addition to Russia’s established use of influence operations as a tool of strategic influence, information warfare constitutes an integral part of Russian military doctrine,” Warner wrote. “As this conflict continues, we can expect to see an escalation in Russia’s use of both overt and covert means to sow confusion about the conflict and promote disinformation narratives that weaken the global response to these illegal acts. While social media can provide valuable information to civilians in conflict zones, and educate audiences far removed from those conflict zones, as well as a platform for some relatively independent media outlets—including in Russia—it can also serve as a vector for harmful misinformation and disinformation campaigns, and a wide range of scams and frauds that opportunistically exploit confusion, desperation, and grief.”