Why There's No Real Cyberwar in the Ukraine Conflict

Photo: Oleksandr Rupeta/Alamy
Kiev, Ukraine: On 2 February 2014, a man sits with a laptop near to a fire at the so-called EuroMaidan demonstrations that began after plans for closer integration with Europe were scrapped in November 2013.

Warnings of a cyberwar between Ukraine and Russia over the recent Crimean crisis have been greatly exaggerated. From the start, Russia seems to have relied upon traditional military force and a barrage of old-fashioned "information war" propaganda in its swift takeover of Crimea. Whatever cyber attacks that have occurred so far probably represent the work of Russian or Ukrainian "hacktivists" rather than strategic military strikes, experts say.

Russia's military certainly has the capability to launch strategic cyber attacks. But the Russians have shown restraint so far in the cyberspace realm during their takeover of Crimea and ongoing dispute with Ukraine, says John Bumgarner, chief technology officer at the U.S. Cyber Consequences Unit, a non-profit research institute. Similarly, Ukraine has not launched strategic cyber attacks against Russian targets. Instead, groups of hackers on both sides have launched scattered denial-of-service attacks aimed at overloading website servers. Others have defaced government and media websites with the equivalent of digital graffiti and political messages.

"We haven’t seen large-scale, strategic cyber attacks against Russia or Ukraine," Bumgarner says. "The longest duration of the [denial-of-service] attacks that did occur was several hours. Some lasted just a few minutes."

Cyber attacks by suspected pro-Ukrainian hacktivists managed to briefly knock out the main websites of the Kremlin, the central bank, and the Foreign Ministry late Thursday and early morning on Friday (14 March), according to Reuters. Such attacks may have been an act of retaliation for similar attacks on Ukrainian government websites, but caused only minor disruptions overall.

Most virtual defacements of Ukrainian and Russian websites in the past few months have been "traditional defacements" from pro-Syrian, anti-Israeli hackers worldwide, rather than pro-Ukrainian or pro-Russian groups, Bumgarner explains. He has collected hundreds of screenshots along with underlying metadata from major Ukrainian websites (with .ua domain names) to look for signs of cyber attacks over the past few weeks.

Ukraine's SBU security service announced an "IP-telephonic attack" originating from Russia-controlled Crimea had blocked cellphone service for members of the Ukrainian Parliament at least two days in a row, according to a Reuters news report on 4 March. But Bumgarner says it was unclear whether the cellphone disruptions were actually cyber attacks or the result of traditional electronic warfare based on jamming. In a possibly unrelated incident, the Ukrainian telecommunications firm Ukrtelecom also reported that armed men had broken into its Crimean facilities and disrupted local phone and Internet service by physically tinkering with fiber optic cables.

By comparison, the countries of Estonia and Georgia suffered sustained cyber attacks lasting for days during earlier political disputes with Russia. The overall intensity of the cyber attacks in those earlier cases was much greater than what experts have seen so far in the Ukrainian dispute with Russia over Crimea.

Suspected Russian hackers launched a "cyber riot" in response to Estonia moving a Soviet memorial to a less prominent place in April 2007. The distributed denial-of-service (DDoS) cyber attacks took down the websites of all of Estonia's government ministries, two major banks and several political parties for about 10 days—a major disruption of daily life in a country with an advanced electronic infrastructure that allows the vast majority of citizens to regularly vote, bank, and make payments online.

In Georgia's case, cyber attacks occurred when Georgian military forces moved into the region of South Ossetia to confront separatist forces in 2008. When the shooting started, Russian military forces responded by also moving into South Ossetia and soundly defeating the Georgian military in battle. A series of strategic cyber attacks—DDoS and website defacements—began targeting Georgia's government websites and media outlets just hours before Russian military forces moved in, and continued throughout Russia's military campaign until Russia and Georgia signed a preliminary ceasefire agreement.

Hacker groups will do what they will outside of government control. But the Georgia incident and the more recent Ukrainian incident suggest that Russia has shown great restraint in its strategic use of cyber attacks, Bumgarner says. He points out how the cyber attacks on Georgia stayed on target with respect to certain websites throughout the Russian military campaign. Furthermore, Russia held back from doing long-term damage to Georgia's cyberspace infrastructure at a time when it could have easily cut fiber optic cables or hacked into Georgia's telecom servers—some of the latter lacked password protection.

Russia appears to have held off on strategic cyber attacks in the recent dispute with Ukraine over Crimea because it doesn't need them, Bumgarner says. Aside from severing telecommunication links between Crimea and Ukraine, Russia appears to have focused on more traditional "information war" by putting up billboards on the ground, controlling the local media in Crimea and even denying that the unmarked troops pouring into Crimea belong to the Russian military. The sparring between hackers sympathetic to either Russia or Ukraine remains far below the levels of cyber attacks seen in either the Estonia or Georgia cases.

Some experts have claimed that Estonia represented the first cyber war, but Bumgarner disagrees. He sees "cyberwar" as an overused term at a time when he believes the world has yet to witness a full-blown cyberwar—but he does not rule out the possibility of such a damaging event in the future. He certainly does not see the current cyber attacks between pro-Ukrainian and pro-Russian groups as constituting a cyberwar. Instead, he points to traditional military conflict as the bigger concern stemming from the current tensions between Russia and Ukraine.

"We should be more concerned about bullets than bytes at this time," Bumgarner says.

Photo: Oleksandr Rupeta/Alamy

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement