One of the dogs of war that has so far not barked during the war in Ukraine has been a full-scale Russian cyber offensive. For the past eight years, Ukraine has been on the receiving end of one of the most sustained and vicious hacking campaigns in history. According to Microsoft’s 2021 Digital Defence Report, 58 per cent of all nation state cyber attacks in the world that researchers were able to identify came from Russia. Some security experts expected that the outbreak of war would be accompanied by a huge Russian cyber assault. But, if anything, Ukraine has been taking the fight to the Russians in the cyber domain. Ukraine is now hacking back.
To help protect Ukraine’s cyber infrastructure, the country has been admitted as a contributing participant to Nato’s cyber defence centre, where it can share knowledge and expertise.
Some big tech companies are also lending a hand. For example, Microsoft has helped to alert Kyiv to cyber attacks and protect against malware. Yet perhaps the most striking feature of this cyber conflict has been how Kyiv has mobilised support of thousands of hackers, or “hacktivists”, from around the world. Ukraine’s government has launched an “IT army”, co-ordinated on the Telegram messaging app, to strengthen cyber systems and conduct cyber espionage against Russia.
Most defensive “white hat” hacking activity is to be applauded, although there are clearly co-ordination problems. Strengthening civilian infrastructure, such as hospitals and electricity grids, against cyber attacks can help prevent further misery being heaped upon the Ukrainian people. Hacktivists can often identify and patch bugs in software and networks. They can also expose and counter Russian disinformation. The open source intelligence community is informing the world about what is really happening on the ground in Ukraine.
However, concerns arise when this hacking activity is directed at disrupting Russia’s own civilian infrastructure. The Telegram channel of Ukraine’s IT army initially flagged 31 Russian cyber targets, including the energy companies Gazprom and Lukoil, and several government ministries. Hackers already claim to have co-ordinated distributed denial of service (DDoS) attacks against some of these targets, although from the outside it is hard to assess their impact. Anonymous, the hacktivist collective that has previously hacked several governments as well as Isis and the Ku Klux Klan, has also said it is targeting Russia.
Although hacktivists say they are only responding in kind to previous Russian activity, such cyber attacks are illegal in many jurisdictions, for good reason. The risks posed by disrupting a Russian nuclear power station, for example, are obvious. Some cyber weapons are also messy and indiscriminate and can rebound on their users, as the Russians found to their cost after unleashing the NotPetya malware against Ukraine in 2017. The risk of blowback is considerable if cyber militias run out of control. Criminals could also potentially pose as hacktivists to rob Russian companies while pretending to be defending Ukraine.
The biggest danger is that Russia misconstrues sporadic hacks against its systems as co-ordinated nation state attacks and escalates the conflict. That makes it all the more imperative to step up international efforts to create a Digital Geneva Convention, establishing humanitarian norms and legal standards for cyber warfare. Reaching any consensus will be extremely difficult. But the very debate is itself useful in highlighting the world’s collective cyber vulnerabilities.
