Russia-Ukraine crisis: What role do cyberattacks play?
February 28, 2022It was like a war before the war. The very same day that Russian groups invaded Ukrainian territory, important Kyiv government websites were suddenly inaccessible — including that of the parliament, government, Foreign Ministry and other state institutions.
Hackers had launched a distributed denial-of-service attack, known as DDoS, in which servers are flooded with illegitimate requests so that the infrastructure is overwhelmed and crashes.
Ukraine blamed Moscow for the attacks. Data-wiper malware — software that can destroy huge amounts of data without detection — was found on Ukrainian computers. The cyberattack echoed a similar operation in 2017, when Russian wiper malware targeted Ukraine with the so-called NotPetya malware that caused enormous economic damage.
But now that heavy fighting is underway in Ukraine, cyberspace has become a secondary battlefield. Ukraine is mobilizing its IT experts in addition to its military: According to Reuters, the government is looking for volunteers who can defend it against Russian hacker attacks as well as to prepare their own attacks on important Russian IT infrastructure.
Ukraine is also getting help from Anonymous, the international, loosely organized hacker collective that has declared digital war on the Kremlin. Numerous Russian government websites were inaccessible until February 26, which Anonymous activists were believed to have caused. The website of Russian government broadcaster RT, which Western countries consider a Kremlin propaganda tool, was also affected by retaliatory cyberattacks.
Hacker attacks in hybrid warfare
Can such attacks help decide the outcome of the conflict? Cybersecurity experts are skeptical, including Sven Herpig of the Stiftung Neue Verantwortung think tank. "We are talking about a hot conflict in which things explode and people die. If someone leaks data from the Russian Defense Ministry, I am not convinced that it is really decisive for the outcome of the war."
It is clear, though, that Russia is using cyberspace for hybrid warfare. Not only by attacking critical IT infrastructure, but the targeted dissemination of false information by Russia appears to be part of that.
Even before the invasion, cyberoperations had become part of psychological modern warfare: "It was about unnerving the population and breaking the spirit of resistance," Herpig said.
Digital manipulation — and potential
In some cases, digital attacks can have a concrete impact on combat. The more digitized an army is, the more potential targets it presents. For example, Russian actors had tried to compromise apps that operate Ukrainian artillery. Such an undertaking could result in getting access to geodata that could then be used to bomb a particular position.
Hackers from the Anonymous collective attacking Russia and bringing down websites like kremlin.ru may have generated a lot of publicity, but Herbig doubted they made a great impression on Russian decision-makers. He pointed out that danger also lies in the hackers' well-meaning activities: They draw Russia's attention to vulnerabilities that Western or Ukrainian secret services intelligence agencies may have had their eye on. "Then these access points are burned. With that, intelligence agencies' work is made more difficult," said Herpig. "That is problematic."
Experts expect an expansion of Russian cyberattacks as the conflict continues — but with a focus on disinformation. Incidents last week indicated as much. Numerous German newspapers reported cyberattacks on their websites and social media accounts and suspected a "pro-Russian disinformation campaign." German media publisher Funke confirmed that bots had attacked their newspapers' websites and social media accounts in several waves.
Could a cyberattack trigger NATO's mutual defense clause?
It seems unlikely that Russia would attack the infrastructure of NATO states on a large scale. That's because it can't be ruled out that a cyberattack could be viewed as grounds to activate Article 5 of the North Atlantic Treaty, the mutual defense clause.
"If the cyberoperation had an impact tantamount to that of a kinetic operation, a cyberoperation would trigger Article 5. The means employed are irrelevant, it comes down to the effect," Herpig said.
The German Interior Ministry, however, did not currently see any signs of such cyberattacks on German targets. But they were prepared, a ministry spokesperson said on Sunday.
This article was originally written in German.