Russia-Ukraine Standoff Going Online as Hackers Attack

Photographer: Filippo Monteforte/AFP via Getty Images

A Russian soldier stands guard near a Ukrainian navy ship in the harbor of the Ukrainian city of Sevastopol on March 5, 2014. Close

A Russian soldier stands guard near a Ukrainian navy ship in the harbor of the... Read More

Close
Open
Photographer: Filippo Monteforte/AFP via Getty Images

A Russian soldier stands guard near a Ukrainian navy ship in the harbor of the Ukrainian city of Sevastopol on March 5, 2014.

Cyberspace is fast becoming a battlefield for Ukrainian and Russian partisans even as ground troops from the two countries continue their military standoff.

Hackers have launched attacks on the websites of state agencies and publications on both sides. A Russian government watchdog has ordered a shutdown of the social-network pages of Ukrainian nationalist groups. And a Ukrainian phone company said its network in parts of the Crimean peninsula was damaged as unidentified men took over communication centers.

“We’re going to see a very large cyber component to whatever happens” in Ukraine, said Rodney Joffe, senior vice president at Neustar Inc., a technology research firm near Washington, D.C. “The damage can be quite debilitating.”

A Snapshot of Ukraine's Past and Future

U.S. intelligence analysts are closely watching the roles hackers are playing in the Ukraine conflict for clues to how Russia and others might employ cyber capabilities in future conflicts, said two U.S. officials who spoke on condition of anonymity to discuss intelligence issues. The officials said cyberspace is quickly rivaling traditional battlefields as a place where wars may be won or lost.

Russia Today, an English-language website backed by the government of President Vladimir Putin, said hackers on March 2 added the word “Nazi” to headlines. The sites of Russian newspaper Vedomosti, news agency RIA Novosti, and several TV and radio stations have been hit with attacks meant to block readers, though none have been pushed offline, according to Group-IB, a Russian online security company.

Anonymous Video

“There has definitely been an increase in malicious activity,” said Ilya Sachkov, Group-IB’s chief executive officer. “But the difference isn’t as intense as, for example, what we saw during the most recent elections for Moscow mayor or the Russian parliament.”

In Ukraine, newswires Unian and Gordon said they had been attacked by hackers, the latter asserting that the culprits were Russian. And a group claiming to be affiliated with Anonymous, a loose collection of Internet activists, posted a video on sharing site Vimeo that said it was targeting Russian websites due to the conflict in Ukraine.

Russia’s foreign ministry declined to immediately comment on preparations for cyber warfare. The defense ministry didn’t return phone calls. Ukraine’s computer security agency said it had registered attacks on websites and phone networks in the country. The security police didn’t answer repeated phone calls.

Hacked Phones

Russian state television channels yesterday reported a leaked phone call between EU Foreign Policy Chief Catherine Ashton and Estonian Foreign Minister Urmas Paet, who recently returned from Ukraine. In the hacked call, according to the reports, Paet said that snipers who killed protesters in Kiev had been working for the opposition, not now-deposed President Viktor Yanukovych. The Estonian Foreign Ministry said the call was authentic, but said Paet hadn’t blamed the opposition for the shootings.

And on Feb. 23, state-funded Voice of Russia published e-mails alleged to have been written by Vitali Klitschko, a pro-Western candidate for the Ukrainian presidency. The documents leaked by a hacker group calling itself Anonymous Ukraine included one in which Klitschko thanked an adviser to Lithuania’s president for funding the Ukrainian protests.

“The fact that this was published in the Russian media hints that the hackers may be linked to Russia,” said Andrei Soldatov, who runs a Russian computer security website called Agentura.ru.

While there has been a cyber component in many recent armed conflicts, it’s likely to be particularly intense in Ukraine because of the level of programming skills in both countries. Absent a crisis, Ukrainian and Russian Web wizards often deploy their skills against companies and consumers, aiming to profit from stolen bank data and corporate secrets.

Targeting Target

The theft of 40 million credit card numbers from Target Corp. at the height of Christmas shopping season last year has been linked by security experts to a hacker based in the Ukrainian city of Odessa, and the U.S. Justice Department last July indicted Russians and Ukrainians in the theft of at least 160 million credit card numbers from several companies.

The key to winning the cyber conflict largely depends on whether the political leaders on each side can rally the hackers to their cause, said Sean Sullivan, an adviser at F-Secure Oyj (FSC1V), a tech consultant in Helsinki.

“There’s quite a lot of cyber crime coming out of that region, so there are a lot of guys who know how to get around legitimate blockades,” Sullivan said. “There’s going to be a lot of cat and mouse, for sure.”

WWII Monument

Cyber warfare can include blocking websites with so-called distributed denial of service attacks, in which millions of computers bombard servers with communication requests, causing them to shut down. More sophisticated -- and damaging -- techniques include switching off a phone network or remotely damaging oil refineries, said Costin Raiu, director of research at Kaspersky Lab, a computer security company in Moscow.

Estonia was hit by attacks that disabled the websites of the president, parliament, ministries, banks and newspapers in 2007 during a dispute with Russia over the relocation of a World War II monument. Estonian authorities at the time said computers around the world were used to overload servers with a barrage of access requests coordinated in Russia.

Georgia Attacks

In 2008, hackers targeted the website of Georgia’s president in the weeks leading up to a military conflict with Russia. The attacks were more intense than those that hit Estonia, according to Internet security firm Arbor Networks. Russian officials at the time declined to comment on whether the government was involved.

On March 3, Roskomnadzor, Russia’s telecommunications watchdog, ordered social-networking site VKontakte to block access to the online communities of 13 Ukrainian nationalist organizations. The agency said the Ukrainian groups had called on Russians to participate in terrorist activities and illegal gatherings. VKontakte complied with the order in Russia, but the groups can still be accessed by users in Ukraine, according to the St. Petersburg-based social network.

Ukrainian phone carrier Ukrtelecom said yesterday that its operations in parts of Crimea have been limited since Feb. 28 because of takeovers at several switching centers. Though there have been no communications failures on the peninsula, the carrier said, some traffic had to be redirected.

“You might have not just patriotic hackers, but even criminal groups, on each side,” said Jason Healey, director of the Cyber Statecraft Initiative of the Atlantic Council, a research group in Washington, D.C. It makes sense, he said, that “individuals that are angry would come together in this kind of operation.”

To contact the reporters on this story: Cornelius Rahn in Berlin at crahn2@bloomberg.net; Ilya Khrennikov in Moscow at ikhrennikov@bloomberg.net; Aaron Eglitis in Riga at aeglitis@bloomberg.net

To contact the editor responsible for this story: Kenneth Wong at kwong11@bloomberg.net

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.