World braces for cyberwar as Russian invasion intensifies

As bombs, bullets and bodies fall to Ukrainian streets in the nation’s battle against an ongoing full-scale Russian invasion, cyberattacks between the two nations continue, stoking fears that such attacks may soon extend beyond either country’s borders.

Before Russian boots ever reached Ukrainian soil, Russian code was used to disrupt, intimidate and immobilize both civilian and government activities in Ukraine. Beginning with the 2014 Maidan Revolution — which saw the pro-Russian President of Ukraine ousted and replaced with one more open to EU ties — cyberattacks against Ukraine grew exceedingly common as relations between the two nations grew increasingly hostile.

“Following that event, Russian trolls and various people capable of cyberattacks took up the task of undermining the new Ukrainian government, which had not yet put a person in power,” said Dick Farkas, a political science professor at DePaul. “So, it was kind of a leaderless, headless system, and particularly vulnerable to cyberattacks.”

Because malware can remain dormant in computer systems once implanted, Farkas suggests there’s no clear way to determine the extent to which Russia has infiltrated Ukrainian systems.

“The extent to which a country like Russia has tapped into important features of Ukraine’s capabilities is unclear and will continue to be unclear,” Farkas said. “This is not like conventional warfare, where somebody attacks, and you see the damage and respond. This is much more sinister, much more subtle.”

Cyberattacks on Ukraine have continued from the 2014 revolution to today. In 2015 and again in 2016, attacks on Ukraine’s power grid resulted in temporary power outages for nearly 230,000 consumers in Ukraine and about one-fifth of the Ukrainian capital’s power consumption, respectively.

In 2017, malware known as “NotPetya” targeted Ukrainian banks, government agencies and electricity firms, causing billions of dollars in damage globally.

In January, around 70 government websites were attacked and replaced with a foreboding message reading: “Ukrainians! …All information about you has become public. Be afraid and expect worse. It’s your past, present and future.”

And in February, two separate DDoS attacks temporarily shut down several of the country’s banking and government websites.

Agnes Venema, a researcher at the National Intelligence Academy in Romania, suggests that many of these attacks were likely conducted as attacks on civilian morale.

“If you attack the website of the Ministry of Finance or the national bank, even if such an attack is resolved within a matter of minutes, [you start thinking] ‘When is the next one going to be?’” she said. “‘How long is it going to take for that one to be solved? And does it mean our money is safe in our banks?’ These are attacks on the psyche of a population that can have some serious on-the-ground effects when it comes to trusting institutions, trusting processes.”

Additionally, Ukrainian civilians recently received mass text messages falsely claiming the country’s ATM services were down. Sending false or demoralizing text messages to both Ukrainian civilians and soldiers has been an ongoing cyberwar tactic for years as attempts to instill fear and confusion within the populace.

“Once you know something can be fake, you’re going to start regarding pretty much everything as fake, even if it’s true,” Venema said. “So you really start questioning what you see, what you hear and what you read, especially in a conflict zone. What do you do when a text message says that you need to evacuate? What do you do?”

Despite several national intelligence sources accusing the Kremlin of perpetrating all of the aforementioned cyberattacks, Russia has denied any involvement in all instances. Farkas notes that by digitally concealing a cyberattack’s origin, governments actively engaging in cyberwarfare can often hide behind the notion of plausible deniability.

“If the president [was asked], ‘How certain can you be that this attack came from, say, Russia?’, the honest answer is, the logic seems to support it,” he said. “But the answer is probably, in reality, not more than 80 percent confidence. It leaves 20 percent in the gray area, and that makes it particularly difficult [for the government to respond]. At best, you can only speculate, and speculating is not the firmest ground to platform a public policy, especially one that can damage huge numbers of people.”

As hybrid warfare between Russia and Ukraine continues, NATO members and affiliates have begun raising alarms over the threat of Russian cyberwarfare extending far beyond conventional combat lines.

In both the U.S. and the U.K., government officials have warned their respective country’s private firms to prepare for possible Russian-sponsored cyberattacks. And in Australia, cybersecurity experts warned of possible inadvertent spillover effects from cyberattacks.

Maria Robson Morrow, program coordinator of The Intelligence Project at Harvard University, notes how the 2021 ransomware attack on the Colonial Pipeline serves as a stark example of the cybersecurity vulnerabilities in both U.S. corporations and infrastructure.

“While that attack was conducted by non-state actors for financial gain, national states have surely taken note, or had already identified this type of attack as a good way to destabilize or retaliate against other states,” she said.

On Wednesday, Senate Intelligence Committee Chairman Mark Warner (D-Va.) took these concerns a step further, raising the possibility that Russian cyberattacks in the near future could risk pulling NATO countries — including the United States — into war by triggering the alliance’s Article 5 collective defense principle.

Article 5 commits each NATO member state to consider an attack on one member as an attack on all members, requiring members to assist the attacked party by taking any action deemed necessary. It has only been invoked once, after the 9/11 attacks on the United States.

In a 2021 press release, NATO affirmed that the alliance could theoretically trigger Article 5 over a cyberattack and that such a decision would be made “on a case-by-case basis.” Furthermore, the communique asserts that any NATO response to a cyberattack “need not be restricted to the cyber domain.”

Warner indicated two ways digital attacks could rope NATO countries into war with Russia. For one, the Kremlin could directly target infrastructure within NATO member states as retaliation for harsh economic sanctions imposed in response to the invasion of Ukraine.

Perhaps more worrisome though is the threat of Russian cyber weapons launched in Ukraine inadvertently spilling across NATO borders. Such an event has happened before — while about 80 percent of the 2017 NotPetya attack’s infections were in Ukraine, malware extended to U.S., German, British and French computer systems, among others.

Warner suggested possible justification of invoking Article 5 if an attack on Ukraine’s power grid were to spill into a neighboring NATO member state, impacting hospitals or causing car accidents due to disruptions in traffic signals.

“The risks are not limited to Ukraine,” Morrow said. “We should be very concerned.”