The Cyberwar in Ukraine
President Biden warned today that Russia is gearing up for cyber attacks on US businesses. Given the administration’s stellar track record in predicting Russian moves in its attack on Ukraine, we should take this warning seriously.
At the risk of being cocky, I’ll note that we shouldn’t take Russia’s cyber warfare power too seriously. We used to think the empire had a powerful and effective conventional military, but we’ve learned that its only real skill is shelling schools and hospitals.
Four weeks into Russia’s invasion of Ukraine the Internet is still standing and the once-vaunted Russian expertise in cyberwarfare has produced little. All in all, Russian cyberwarfare capability is on par with the rest of the Russian military, vastly over-rated.
The Volunteer Hacker Army
While Russia is fighting a 20th century war relying solely on state resources, Ukraine has responded with a hybrid force of state assets and volunteers organized on social networks. In late February (which now seems like ages ago) Ukraine organized The IT Army of Ukraine on Telegram, now up to 311,000 subscribers.
The IT Army includes both white hats and black hats such as the Conti ransomware gang. Russia relies on independent contractors for much of its cyber mischief, and they’re just not into the invasion.
Just as the troops have suffer from low morale, so to are the hackers uninterested:
All seem plausible, and most are not mutually exclusive. Am also intrigued by reports of Russia’s troops demonstrating low morale/unwillingness to fight — could be true of some of their cyber units too.
Am most skeptical of “wow cyberdefense won for the first time ever” theory.
— Dustin Volz (@dnvolz) March 2, 2022
Five Russian generals have been killed in action amid speculation that they were trying to rally low-morale troops by moving to the front lines.
Not For Lack of Trying
It’s not that the Russian cyber army isn’t trying. Quad 9 reports a 10x increase in cyber attacks over the pre-war baseline, and attacks are spilling over into other nations such as Romania.
Russia is trying like mad and many are afraid of where this will go. Some Ukrainian ISPs have been taken out, but Starlink is filling the void they’ve left behind.
DDoS attacks have been largely contained by CDNs Imperva and Cloudflare and traffic levels are up. Russia’s main priority seems to be preventing its own citizens from seeing Western news sites, but people in Russia are turning to VPNs to circumvent the new iron curtain.
Side Effects and Unforced Errors
Secure communications systems developed by the Russian military are out of commission and Ukraine is now able to monitor Russian communication over its own cellular networks. Russia should have thought twice before attacking the 3G/4G masts.
Open Source developers are adding code to frustrate Russian and Belarussian attacks, even wiping computers. This raises ethical concerns, but developers aren’t exactly morally neutral. When the whole world is against you, the sentiment shows up in all kinds of ways.
It’s entirely possible that Russian has more tricks up its sleeve, but that would suggest the bear intends to use an entirely different strategy in cyberspace than the one it has used to such bumbling effect in meat space. When your best weapon is attacking civilian targets in hopes of winning a war of attrition you’re in deep trouble.
The Nature of Cyberwar
Conventional warfare is fought between states with trained soldiers and hardware such as tanks, artillery, and bombs. The hardware becomes obsolete – as the Russian tanks are – as countermeasures are developed, such as Javelins and Stingers.
Cyberwar is a business conducted by firms and individual actors with a rapidly changing arsenal of software-based tools. The cycle of obsolescence is extremely short and the success of the enterprise depends on brain power.
Silicon Valley has the assets to succeed in cyberwar and it was on the job as soon as Russia started making moves on February 23rd:
Within three hours, Microsoft threw itself into the middle of a ground war in Europe — from 5,500 miles away. The threat center, north of Seattle, had been on high alert, and it quickly picked apart the malware, named it “FoxBlade” and notified Ukraine’s top cyberdefense authority. Within three hours, Microsoft’s virus detection systems had been updated to block the code, which erases — “wipes” — data on computers in a network.
Who would you bet on to win the game of cyberwar, the best minds in the world or a sad bunch of hacks whose highest professional aspiration is working for a madman? We shouldn’t get overconfident, but I’m not impressed by Russian prowess any more.
Pay Attention to Biden’s Warning
I believe Russia is desperate enough to step up its cyberwar against the US shortly. This means we should get prepared by installing anti-virus software set to maximum protection.
It also means we should follow the news and check for patches and updates daily. And it means closing down web-accessible services if we have any.
And more than anything back up your data and keep a copy offline in case you need to wipe your computer and install the backup. The best defenses are not 100% but offline backups are golden. Or as close to golden as you can get.
This is all quite inconvenient for those of us in the West, but thank your lucky stars you’re not in Ukraine or Russia.