The tense on-the-ground standoff in Ukraine has already tipped into open hostilities online, with hackers targeting members of parliament and state agencies.
The government in Kiev has linked Internet and phone service disruptions in recent days to cyberwar attacks. Ukraine’s National Security and Defense Council reported a “massive denial-of-service attack” that overwhelmed its servers for several hours last week. Even some Ukrainian news outlets say their websites have been hacked, along with similar reports of attacks on news outlets in Russia.
A pro-Russian group calling itself CyberBerkut is claiming on its Facebook (FB) page to have blocked the phones of more than 700 Ukrainian government officials, whom it describes as “political traitors.” The group said it also has attacked websites belonging to government agencies and to protest groups that helped oust former President Viktor Yanukovych. The name Berkut refers to a former special police unit, disbanded by the new government, that Yanukovych used to crack down on protesters.
But is it really cyberwarfare, or just the time-honored practice of psychological operations? Even if the attacks are being coordinated from Moscow, which so far isn’t clear, what’s happened looks, at least to this point, mainly like skirmishing for propaganda advantage, says John Bumgarner, a former intelligence officer in Charlotte, N.C., who now works for the nonprofit U.S. Cyber Consequences Unit and advises governments on security issues. “If Russia really wanted to deal a devastating blow,” he says, “they could have definitely done it.”
Some of the disruptions appear to have little to do with cyberwar. There have been reports of telephone and Internet service disruptions between Crimea and the rest of Ukraine, but those appear to have involved cutting of phone lines, a military tactic that predates the Internet era by decades. Some Ukrainian government agencies have also been infected by a vicious malware called Snake that has plagued the Pentagon and some other governments in the past, according to the New York Times, which cited a new report by British defense group BAE Systems (BA/:LN). But Snake seems to have appeared in Ukraine before the recent showdown with Russia.
The cyber attacks in Ukraine pale by comparison with what happened in Georgia during Russia’s military intervention in South Ossetia in 2008, Bumgarner says. Moscow effectively shut down more than 30 websites used by Georgian civilian groups opposed to Russian intervention and kept them offline until Russia had achieved its objectives. Bumgarner, who has studied the Georgia cyber attack, says there was clear evidence it was orchestrated from Moscow and designed to complement its military action.
Even in Georgia, however, Russia didn’t deploy all its cyberwarfare capabilities. The country’s electrical and transportation systems could have been disrupted by cyber attacks, Bumgarner says, but that never happened.
Russia has also been blamed for a cyber attack that hit the Baltic country of Estonia in 2007, during a dispute over removal of a memorial to Soviet soldiers in the Estonian capital of Tallinn. The Kremlin denied involvement in that attack, which nearly shut down the government and the banking system for several days.
By contrast, most targets of recent attacks in Ukraine have gotten their service restored in a matter of hours. Whoever is behind the attacks, Bumgarner says, has “shown considerable restraint.”