INVESTIGATION. Cyberwar: Why Russia is so far held in check by Ukraine

This was one of the major fears of some experts at the time of the Russian invasion. “We feared a digital Pearl Harbor”explains Julien Nocetti, teacher-researcher at the military academy of Saint-Cyr Coëtquidan in Brittany, specialist in digital and cyber strategies of Russia, “but it didn’t happen”.

Russia is a cyber power whose ability to attack no longer needs to be demonstrated. Since 2014 and the annexation of Crimea, Ukraine has been constantly pounded by Russian hackers. The most striking example is the use of NotPetya ransomware which paralyzed part of the Ukrainian economy in 2018. Its effects had then largely overflowed the country’s borders. Even in France, several companies like Saint-Gobain had been affected. More surprisingly, the malware had also had undesirable effects as far away as Russia.

But since then, his attempts have ended in partial failures. On February 24, at the very beginning of the invasion in Ukraine, “an American ViaSat satellite was the target of a cyberattacktells the investigation cell of Radio France Stéphane Duguin of the CyberPeace Institute, based in Geneva. Its ground modems fell victim to a malicious update. This satellite is widely used by the Ukrainian army. But he also had other customers, including individuals in France who use it to access the Internet. Results : “Nearly 10,000 French people found themselves without a connection, nearly 40,000 people in total in Europe. And in Germany, we lost control of nearly 6,000 wind turbines controlled by this satellite.”

Effects clearly far removed from those sought by hackers, summarizes Rayna Stamboliyska, expert in digital diplomacy: “The point of such a maneuver was to prevent the Ukrainians from coordinating with each other at the start of the invasion. Mr. Putin and his team were planning a lightning invasion. That’s why it would have been relevant to interrupt communications between the Ukrainian armed forces to sow disorder, prevent them from reacting, and resisting.” But that didn’t happen. In total, around 30 Russian cyberattack campaigns have been documented by the CyberPeace Institute, but again with fairly limited effects.

Unable to bend the Ukrainians through conventional cyberattacks, Russian hackers then entered fully into another aspect of digital warfare: informational warfare. But then again, so far the Ukrainians are dominating the fight, according to Rayna Stamboliyska. She believes that “The contrast is striking between the framed, cold communication of the Russians and the spontaneous communication of the Ukrainians.”

“A former KGB propaganda specialist is double-crossed by an actor-turned-president with his smartphone.”

Rayna Stamboliyska

at franceinfo

The Russian hackers, however, went to great lengths in their attempts at misinformation. A few days ago, a video of President Volodymyr Zelensky appeared on social media. A video faked by artificial intelligence called a deepfake, explains Julien Nocetti: “It was a question of lending Mr. Zelensky words urging the population to surrender, to abandon the fight and the resistance. Again, in vain. But we can very well imagine in a few weeks depending on the escalation, deepfake videos of Emmanuel Macron or Joe Biden announcing the launch of nuclear strikes against Russia. This could have an impact on audiences, populations and decision-makers.”

If, for the moment, Russia is held in check, cyber experts remain cautious about the potential consequences of the war. “The digital weapon can still be used in the rest of the conflictvalued Nicolas Arpagian cyber threat specialist, as it is available. States can use it either directly or through cybermercenaries: people who will carry out offensive attacks without formally incurring state responsibility.” In this area, Russia is well armed. Direct links between groups of cybercriminals and the FSB (the Russian secret services) have been documented very recently thanks to the “Conti Leaks”a giant data leak from one of Eastern Europe’s leading hacker groups.

This group of hackers was made up of Russians, Belarusians but also Ukrainians who worked together until the invasion of Ukraine. Conti having taken a public stand for Vladimir Putin, Ukrainians from Conti seceded and decided to break up the group. But as they left, they took care to leak thousands of internal documents onto the dark web. The public was thus able to discover for the first time what was going on inside a large group of hackers. A blow for the criminal organization, which we learned about its mode of operation, its targets, its income, and its links with the Kremlin.

But that does not mean the end of Russian hacking, warns François Deruty, cybersecurity expert and former Deputy Director of Operations at the National Information Systems Security Agency (Anssi): “There is always a way to revive a group, or to create a new one, which will use the same tools under another name.” This data leak could even be a godsend, believes the cybersecurity expert. “They are now available for the entire attacker ecosystem, and we will probably find them used in six months or a year in other types of attacks.”

While Russia is stalling, the Ukrainians on the contrary are preparing. They have been developing defense capabilities for their systems for several years. And a few days before the war, they received precious help from the United States, says researcher Julien Nocetti: “There has been dense cooperation between kyiv, NATO and the United States to beef up cyber defense and the resilience of Ukrainian infrastructure prior to the conflict. We are seeing closer cooperation between American intelligence, the NSA, and Ukrainians.” The Europeans also sent experts in the first hours of the conflict.

Added to this is the support of volunteers from all over the world. Two days after the start of the Russian invasion, the Ukrainian Minister of Digital Transformation announced the creation of a digital army or “IT army”. Thousands of people from all over the world then joined a discussion forum on Telegram messaging, in order to attack certain Russian targets, government sites or others. Today, these volunteer hackers go so far as to identify and contact the families of Russian soldiers who are fighting in Ukraine, to warn them of the actions of their loved ones. A very wide field of action to try to disrupt the Russian offensive as best as possible.

These actions are not without risk, however, warns Rayna Stamboliyska: “The people carrying out these attacks have no official mandate other than replying to a tweet and participating in a Telegram group. They are Ukrainians, but also Americans, French, Danes, and they intrude. They are therefore in violation.”

“It becomes even more problematic when Mr. Putin says he can consider all the countries where these pirates live as belligerents in the context of an armed conflict.”

Rayna Stamboliyska

at franceinfo

Some Western countries therefore fear possible retaliatory digital measures or cyberattacks that would target Europe or the United States. US President Joe Biden clearly mentioned this risk a few days ago: “My administration has warned me that the Russians are planning cyberattacks against us. The Russian potential is very great, and the threat is becoming clearer. The government is ready. National security is at stake.”

In the process, the American cyber defense agency published two notes accusing Russia to have deposited implants in companies linked to the energy sector. These implants, like digital time bombs, could be triggered later by some hackers and have serious consequences. France itself discovered this kind of implants: in 2018, Guillaume Poupard, the director general of Anssi announced before senators : “We have detected very disturbing cases, including an attempted intrusion of mapping systems related to the energy sector, which had only one purpose: the preparation of future violent actions. Imagine the consequences on the functioning of a country from an attack on the energy distribution networks.”

“Knowing the objective of these attacks is always complicatedsays François Deruty, the former deputy director of operations at Anssi. We find malicious codes but as long as we do not know if it is simply a matter of spying on communications or destroying them we do not really realize the desired final effect. And it’s complicated to go back to the sponsor.”

Anssi had published a note on the subject at the time, but without ever mentioning Russia. “French doctrine consists in not publicly naming the culprits as other countries do.continues François Deruty. We can discuss it bilaterally, we can use the diplomatic channel. There are other ways to point fingers or let people know that they know about things.” According to our information, however, Russia seems to be behind this deposit of implants. A criminal group called Energetic Bear, close to Moscow and also spotted in the United States under other names, would be behind these attacks.

Faced with these fears, France is preparing. Anssi published a note at the start of the war to ask French companies to protect themselves. The operators of vital importance (ministries, nuclear power plants, etc.) are particularly monitored, especially in the run-up to major events such as the Rugby World Cup in 2023, or the Olympic Games in 2024. The army is also preparing. It held its annual crash test: a simulation of cyberattacks to facilitate the functioning of the chain of command. This year, the theme of the exercise was “a country excluded from the Olympics decides to invade a border region of a state allied with France”. The implication is clear.

But if the fear is mainly about computer hacking, the risk of a physical attack on network infrastructures also exists. A hostile state could very well attack the submarine cables that connect the countries between them, and thus disrupt Internet communications. Bernard Barbier, former technical director of the Directorate General for External Security (DGSE) explains: “These cables are visible, placed at the bottom of the sea. They look like large garden hoses, easy to cut. You can very well with a submarine go to 5,000 m deep and cut them. If you cut one, there is no effect, but if you cut five or ten, there is a severe slowdown in the internet, and if there are no longer these cables, the digital will collapse.”

This fear is for the moment a fantasy for some experts, but it is based on a precedent: in 2015, a Russian oceanographic vessel, the Yantar, approached a little too close to cables located near the American east coast. The United States then suspected him of spying. But if it is possible to listen to a cable, it is also quite possible to damage it.

We would like to say thanks to the writer of this post for this remarkable content

INVESTIGATION. Cyberwar: Why Russia is so far held in check by Ukraine

Check out our social media profiles and also other related pages