“How Ukraine’s Internet Can Fend Off Russian Attacks”
WIRED, March 1, 2022
By Gian M. Volpicelli
“The besieged country’s complex internet infrastructure has evolved to promote resiliency.”
As Russian tanks rolled into Ukraine on the morning of February 24, the internet shuddered—and for some, stopped completely. Major Ukrainian internet service provider Triolan had been temporarily knocked out, in a blackout that mostly affected the northeastern Kharkiv region—a target of the Russian invasion. Even as the network came back online the following day, smaller disruptions plagued it throughout the week, according to data from the Internet Outage Detection and Analysis (IODA), an internet connectivity observatory affiliated with Georgia Tech. The Russian-occupied regions of Donetsk and Luhansk also experienced drops in connectivity.
Since the beginning of the conflict, there have been concerns that Russia-backed hackers might attempt to disconnect Ukraine’s internet, in the same way they took down the country’s power grid in 2015. Since February 23, Russia’s cyber army has been carrying out repeated distributed denial of service (DDoS) attacks against government websites, overwhelming them with spurious traffic in order to take them offline. (Ukraine’s own cyber warriors have been retaliating in kind.) But despite what happened to Triolan, Russia’s chances of carrying out a full-fledged internet shutdown against Ukraine are low.
Internet shutdowns, as a rule, are enacted by governments with the ability to order internet service providers (ISPs) to disconnect, throttle, or restrict access to the internet. Staging a shutdown as an external attacker is much harder to pull off. Russia could try aiming its DDoS or other cyberattacks at the border routers that connect an ISP’s network to the global internet, says Doug Madory, director of internet analysis at internet measurement company Kentik, but an attack that could take down a website might have a harder time knocking out internet infrastructure. “It wouldn’t be really practical to take the whole country offline with a DDoS attack,” Madory says. “Those routers are pretty robust. And probably, if it was easy, they would have done it by now.”
It is not impossible in the abstract: After all, earlier this year an American hacker orchestrated a DDoS attack to take down North Korea’s servers. But Ukraine has been battle-hardened by its past brushes with Russia’s cyberattacks, and its preparedness and sophistication are much higher than North Korea’s. More important, however, is the fact that any attacker would be presented with a vast number of targets rather than a single vulnerable bullseye. Ukraine’s size and geographic position mean that it is deeply interconnected with Europe’s internet backbone. A spokesperson for the Ukrainian Internet Association says the country boasted over 4,900 ISPs as of December 2021; some of them have been making preparations ahead of the crisis, establishing fail-safe links with each other and setting up new backup network centers, according to The New York Times.
“The Ukrainian government has zero interest in shutting down the internet, obviously,” says Hudyma. “But the same can be said for the Russians: They are trying to push their propaganda and influence operations on the Ukrainian populations. It is useful for them to have this communication network online.”
About the Author:
Gian M. Volpicelli is a senior writer at WIRED, where he covers cryptocurrency, decentralization, politics, and technology regulation. He received a master’s degree in journalism from City University of London after studying politics and international relations in Rome. He lives in London.