Hackers, big tech and Article 5: catch up on the cyber front of the Russia-Ukraine war
Russia’s cyber aggression could impact not only Ukraine, but the entire world
Russia’s cyber war against Ukraine has been going on for months – years, in fact – but state-backed actors have exponentially increased the onslaught of attacks since Thursday morning. Over the past three days there have also been numerous retaliatory attempts, as well as government and social media involvement. Let’s try to make some sense of what’s been going on.
DDoS attacks against Russian websites
Several Russian government websites were down on Saturday night, including that of the Kremlin, Duma and Ministry of Defense, in what appeared to be a DDoS attack. Hacker collective Anonymous assumed responsibility, tweeting that “Russia may be using bombs to drop on innocent people, but Anonymous uses lasers to kill Russian government websites.”
Russian government and state-backed media websites have been under continuous attack over the past few days, coming back online sporadically. Anonymous first declared on Thursday that it is waging war against the Russian government, and has turned to the power of social media, tweeting extensively to its seven million followers regarding actions taken and what more can be done.
“If you don't know how to help out, start by exposing and reporting Russian disinformation, it's an important job during these times,” was one tweet from Friday, replying to a question posted by a user, who asked how people without programming or hacking skills can help.
The group also said that it leaked Belarusian arms manufacturer blueprints, adding that those are the “Same bombs that are being dropped on Ukrainians as we speak.”
But Anonymous are not the only hackers who have reported for duty. Following Wednesday’s discovery of a new malware deployed against Ukrainian targets, hours before the Russian invasion, Reuters reported that the Ukrainian government has turned to hackers to step up and help protect critical infrastructure from cyber attacks, as well as conduct cyber espionage missions against Russia.
Ukrainian websites down
On top of the numerous cyber attacks on state websites and other targets, such as the personal email accounts of Ukrainian military personnel attributed to Belarus, internet connectivity in Ukraine has also been severely affected by the Russian invasion, especially in areas of heavy fighting.
“ Real-time network data show a major disruption to Ukraine's internet backbone provider GigaTrans, which supplies connectivity to many other networks. The incident comes as heavy fighting is reported in Vasylkiv and Kyiv,” tweeted cybersecurity watchdog NetBlocks.
On Saturday morning, the organization tweeted an update, stating that some connectivity has returned to GigaTrans, “but service remains intermittent at present…It is unclear if connectivity will be sustained.”
Georgia Tech’s Internet Outage Detection and Analysis project has also been monitoring the situation. On Friday, as the city of Kharkiv came under attack, the project’s measurements “shoed that connectivity of one of the major Internet operators in the area was disrupted.”
In recent hours, aid has come from an innovative source: Starlink, the satellite internet constellation operated by SpaceX, had began opertions in Ukraine.
"Starlink service is now active in Ukraine. More terminals en route," tweeted SpaceX founder, Elon Musk, replying to a requested tweeted at him by Mykhailo Fedorov, Vice PM of Ukraine and Minister of Digital Transformation just hours earlier.
"@elonmusk, while you try to colonize Mars — Russia try to occupy Ukraine! While your rockets successfully land from space — Russian rockets attack Ukrainian civil people! We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand," pleaded Fedorov.
Social media vs. Russia
On Thursday, Russia has announced a “partial restriction” to Facebook, after Meta refused to “stop independent fact-checking and labelling of content posted on Facebook by four Russian state-owned media organizations,” tweeted Meta VP of Global Affairs, Nick Clegg.
Roskomnadzor, Russia’s communications watchdog, demanded that Meta lifts restrictions from pro-Putin news sites Lenta and Gazeta, as well as state news agency RIA Novosti and TV channel Zvezda. The restrictions included marking content as unreliable.
Another Meta executive, Head of Security Policy Nathaniel Gleicher, also took to Twitter on Friday, to announce that the tech giant is now prohibiting Russian state media from running ads or monetizing on its platform anywhere in the world.
Other actions taken by Meta include continuing to apply labels to other Russian state-media outlets, establishing a special operations center staffed by experts who can provide real-time response, adding safety features in Ukraine such as the ability to lock accounts, removing the ability to view friends lists to help protect people from being targeted, working to fight misinformation with the help of native Russian and Ukrainian content reviewers, and more.
Twitter also issued various recommendations, including setting up strong passwords, two-factor authentication, or even deactivating one’s account fore safety measures. “When using Twitter in conflict zones or other high-risk areas, it’s important to be aware of how to control your account and digital information,” read the Twitter Safety thread.
Like Meta, Twitter blocked Russian ads and has been heavily restricted Russia. “We’re aware that Twitter is being restricted for some people in Russia and are working to keep our service safe and accessible,” the company announced on Saturday.
And citing “extraordinary circumstances” on Saturday, YouTube (owned by Google) also announced that it has barred Russian state-owned media outlet RT, as well as other Russian channels, from monetizing on ads that run through their videos. According to Politico, the broadcaster’s English-language editor-in-chief, Margarita Simonyan, will face EU sanctions for “spreading government propaganda.”
US: we are prepared to respond against Russian cyberattacks
Since assuming office, US President Joe Biden has been working hard to create an international coalition that would stand up against Russia’s cyber aggression. The cyber war is a major point of contention between Biden and his Russian counterpart Vladimir Putin, and while Russia has repeatedly denied involvement in major attacks such the SolarWinds and Colonial Pipeline hacks, as well as attempts to disrupt US elections – quite frankly, no one believes them.
“Let me also repeat the warning I made last week: If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” Biden said on Thursday. “For months, we have been working closely with the private sector to harden their cyber defenses, sharpen our ability to respond to Russian cyberattacks as well.”
However, White House Press Secretary Jen Psaki denied an NBC news report that claimed that Biden had been given a “menu of options” for conducting offensive cyberattacks against Russia. Psaki tweeted that the report is “off base and does not reflect what is actually being said in any shape or form.”
Could Article 5 be triggered?
On a Friday press conference, NATO Secretary General Jens Stoltenberg was asked whether a Russian cyberattack against Ukraine, which spills over to a NATO member state, could trigger an article 5 collective defense.
“We are sending a very clear message to Russia that we provide support to our partner, Ukraine. NATO helps Ukraine also with their cyber defences,” replied Stoltenberg, adding that “for NATO Allies, we provide the absolute security guarantees under the Washington Treaty Article 5. An attack on one will be regarded as an attack on all.”
While Stoltenberg reiterated the agreement that cyberattacks can trigger Article 5, he added that NATO has “never gone into the position where we give a potential adversary the privilege of defining exactly when we trigger Article 5.
"We are focused on strengthening our cyber defences. We are very much aware of that that’s a risk. And therefore, we are stepping up. Both the protection of our cyber networks but also providing support to Ukraine. And we are very focused on the need for de-confliction.” Said the NATO chief.