“The Threat of Russian Cyberattacks Looms Large”
The New Yorker, March 22, 2022
By Sue Halpern
“So far, the Russian invasion of Ukraine has not involved the sort of devastating cyberattacks that many anticipated. But it’s not clear why, or whether that pattern will hold.”
Fifteen days into the Russian invasion of Ukraine, Senator Angus King, of Maine, asked the director of the National Security Agency, General Paul Nakasone—who is also the commander of the United States Cyber Command—a question that was on the minds of many observers of the conflict: Why hadn’t the Russians launched a concerted cyberattack on the country? Russia, after all, is home to both sophisticated state-sanctioned hackers in its military and intelligence services and to cybercriminal gangs, loosely affiliated with the government, that have been active in Ukraine in the past. Just before Christmas of 2015, for instance, hackers believed to be Russian sabotaged parts of the power grid in western Ukraine, leaving people in the cold and the dark. Though the outage lasted only a few hours, the operating systems of the three regional power-distribution companies that had been affected remained compromised long after the lights were back on. Two years later, in June of 2017, attackers struck Ukraine again, shutting down government offices, banks, ports, and the postal service. The malware used in the attack, which the Ukrainian security service attributed to Russia, then spread from the computers of companies based in Ukraine to those of their affiliates around the world, causing damage reported to have cost ten billion dollars. Just last year, according to Microsoft’s 2021 Digital Defense Report, which tracks cyber threats against nation-states, Ukraine was second only to the U.S. in the number of cyberattacks it had experienced over the past year. Given this history, it stood to reason that future Russian incursions in Ukraine would likely involve cyber weapons. “Much can still occur,” Nakasone said. “We will be very, very vigilant to see what occurs there.” Still, the fact that devastating attacks haven’t occurred so far has raised doubts in some quarters about the viability and efficacy of using malicious software as a weapon of war.
There are many theories floating around as to why the Russians didn’t go all-out and take down Ukraine’s cellular networks, electric grid, municipal water supplies, and other crucial utilities, either in the run-up to war or in its first days. It may be that the Kremlin, high on its own propaganda, believed that the Russian army would conquer Ukraine in record time and install a puppet government that would need to have those services intact. When that didn’t happen and the Russians began bombing cities, it made cyber weapons that could turn off the lights, say, largely beside the point: a bomb dropped on a power plant is a definitive way to destroy it, with little chance that it will come back online. “If you’re already at a stage in a conflict where you’re willing to drop bombs, you’re going to drop bombs,” Jacquelyn Schneider, a fellow at the Hoover Institution who is a former Air Force intelligence analyst, told me. In other words, bombs are blunter, more peremptory instruments.
But it also may be that Russia never had the capabilities that its adversaries ascribed to it in the first place: unlike conventional weapons, which can be counted, cyber weapons are invisible until they are deployed, making it impossible for outsiders to assess the size and power of a nation’s cyber arsenal. Or it may be that the Russian generals prosecuting the war were skeptical of relying on weapons composed of zeros and ones. Or that the Russians tried to replicate their earlier attacks but that Ukraine’s digital defenses, which are much stronger now, successfully fended them off. Cyber weapons, which exploit software vulnerabilities, can take years to develop and may be held in reserve for months or years. If those vulnerabilities are patched in the meantime, the weapons become useless. After the 2017 cyberattack, Ukraine, with help from its allies, fortified its computer networks. It received ten million dollars from the U.S. State Department in 2018 to secure critical infrastructure, with an additional eight million dollars in 2020 and a pledge for thirty million more, as well as cyber assistance from the U.S. Army and from NATO. Days before the invasion, Ukraine also requested and received help from the European Union’s Cyber Rapid Response Team.
But that same report made clear something that has largely been lost in the musings about Russia’s failure—so far—to use cyber weapons to crippling effect in the war: Ukraine has actually been under a constant barrage of cyberattacks that began before the invasion. Since February 15th, Ukraine has experienced more than three thousand DDoS attacks, including two hundred and seventy-five in a single day. Tom Burt told me that, as early as January, his team discovered wiper malware—malicious software that erases the targeted computer’s hard drive—on Ukrainian government networks, and shortly before the invasion they detected new wiper attacks against both the government and the private sector. He also said that “there have been dozens of espionage attacks on high-value targets.” Just last week, Ukraine’s Computer Emergency Response Team detected new malware, distributed through phishing campaigns, against state bodies, most likely from a hacking group with ties to Russian intelligence. Perhaps most crucial, on the morning of the invasion, hackers jammed the satellite signal that delivered broadband satellite Internet services to much of Ukraine and other parts of Europe and, through a malicious software update, disabled Internet modems used to communicate with the satellite, taking out ten thousand terminals around Europe. The service has not been fully restored. Viasat, the company whose satellite was targeted, provides Internet service to the Ukrainian army and a number of Western militaries. (The company said that the attack did not affect the U.S. military, which relies on Viasat for some of its battle-management systems.) The source of the attack is not yet known.
It is too early to know, yet, the true role that cyber weapons are playing in this particular conflict—or will play in those to come. Indeed, the only thing we know for sure is that the Internet is its own battlefield, and we’re all on it.
About the Author:
Sue Halpern is a staff writer at The New Yorker. She is the author of, most recently, the novel “Summer Hours at the Robbers Library.”