Russian cyber attacks on Ukraine: the Georgia template

Ukraine is in turmoil, being ripped apart by internal uprisings that appear to be supported by Russia as eastern towns steadily fall into the grip of separatists, writes Matthew Bell.

More regions seem poised to follow the path of Crimea, which seceded to Russian control in March following a spate of sophisticated and co-ordinated cyber attacks which crippled communications networks and overwhelmed government websites.

Ukraine’s critical infrastructure suffered a series of assaults before Crimea was annexed, which also played into the propaganda war waged win the country.

The mobile phone network and internet connections were severely hampered, government websites were overwhelmed with “denial of service” attacks, social networks were corrupted, and some of Ukraine’s phone and internet cables were cut by pro-Russian forces.

This was an ominuous repeat of the cyber chaos wreaked in Georgia six years ago, before Russia rolled in with its tanks to claim one of over a dozen former Soviet states that became independent after the end of the cold war.

Pierluigi Paganini, cyber analyst at information security firm Bit4Id, told Channel 4 News that a comparison of the cyber attacks on Ukraine and Georgia shows “many analogies in the way Russian entities are trying to compromise critical infrastructure of targeted government”.

Russia eventually withdrew most of its troops from Georgia but kept thousands stationed in parts of the country, contravening the ceasefire drawn up with western powers, and possibly signaling an overarching strategy for the remainder of the former Soviet states.

State-on-state warfare

Russia’s ultimate military thinking on Ukraine remains a mystery, and there may be no need for Moscow to send in troops for a classic “boots on the ground” invasion if pro-Russians continue to destabilise the country from within and draw it ever closer to Moscow’s bosom.

The cyber attacks on Ukraine have been met by a powerful response from third party “hactivists”, or cyber mercenaries.

But seen in conjunction with the cyber salvos previously launched on Georgia, the attacks are a powerful sign of what modern “state-on-state” warfare may look like – and it is one that western powers may not be entirely prepared for.

For several years now the UK and its allies have been slashing equipment and troops, partly to fit their forces into far slimmer budgets, but also because they see far less of a threat from conventional types of warfare – and more cuts are coming.

There has been little collaboration on cyber weapons, partly because countries are unwilling to reveal exactly how much – or how little – they can do.

As Britain’s national security strategy puts it, the UK is no longer dealing with a “clear and present” danger of conventional attack, facing “Soviet armies arrayed across half of Europe and the constant threat of nuclear confrontation between the superpowers”.

The focus has moved to new types of threat from states but also “non-state actors”: terrorism, unconventional attacks using chemical, nuclear or biological weapons, and yes – you guessed it – cyber attack.

The UK even became the first western power to officially reveal that it was developing cyber weapons, and is working with the US and its other “Five Eyes” intelligence partners – Australia, Canada and New Zealand – to improve cyber defences.

But the highly sensitive nature of the technology means there has been little collaboration on cyber weapons between the Five Eyes partners, partly because countries are unwilling to reveal exactly how much – or how little – they can do.

Read more: Ukraine suspects Russia as source of cyber attacks on MPs

Vulnerable to attack

Does this mean the UK and its allies would be ill prepared for a full-on cyber war with a hostile state, one which might prepare the ground for a conventional attack?

It might seem like a fantastic prospect, but Russia sits alongside China as one of the world’s leading cyber powers. And while the prospect of large-scale war among states seems possibly more ludicrous, Britain’s military commanders are required to plan for the worst.

Andrew France, chief executive at cyber security firm Darktrace and a 30-year veteran of GCHQ, told Channel 4 News that the basic structure of the internet makes the UK and other modern countries painfully vulnerable to cyber attacks, and the security community “is struggling to keep up with the pace of technology”.

The internet was never designed to be secure, and if you attach your critical national infrastructure to it, then you’re asking for trouble. Andrew France, Darktrace

“The internet was never designed to be secure, and if you attach your critical national infrastructure to it, then you’re asking for trouble,” France said.

“The cost of entry for someone wishing to damage someone else on the internet is quite low. You can just download simple tools that can cause a lot of damage.”

According to Paganini, developing a cyber weapon as sophisticated as the devastating Stuxnet or Duqu viruses would previously have cost millions of dollars, but could now be devised for as little as $10,000.

This causes “serious concerns” for cyber security experts “because it is lowering the barrier to entry to the global cyber arms race”, he said.

‘Complex techniques’

One series of sophisticated cyber attacks on Ukraine bears all the hallmarks of Russian cyber hackers. In March, BAE released a report detailing a complex cyber espionage campaign called SNAKE that targeted Ukraine heavily in the early weeks of 2014.

SNAKE had been running for eight years, and comprised “complex techniques for evading host defences and providing the attackers covert communication channels”, BAE said.

The SNAKE campaign included a potent form of malware called Uroburos, which was able to take control of computers, shut down programmes, steal vast amounts of data and smuggle it out via the internet. It too appeared to have been authored by Russian cyber experts, although – as with all such attacks – it is nearly impossible to say for certain that the Russian state was behind it.

While Ukraine has certainly been the target of cyber attacks, according to internet intelligence firm Renesys it shares a great deal of its internet infrastructure with Russia. This means Moscow would have been very unwilling to launch a devastating attack upon Ukraine’s computer networks, in case of “blowback” into its own essential data systems.

For this reason, it remains unclear exactly what kind of cyber attack might be unleashed as a precursor to a renewed form of state-on-state warfare.

But a new template has emerged, encompassing powerful propaganda and real-life damage to essential national networks, that gives a disturbing vision of how future warfare may look.