Russia has invaded Ukraine. Well, at least the province of Crimea. Are we about to see cyber-war unfold?
After months of hearing about cyber-war, cyber-espionage, and attacks against critical infrastructure, it's only natural to wonder if the physical conflict between Russia and Ukraine is about to spill over into cyberspace. Most countries, the United States included, have cadre of forces trained in digital attacks and defences, and this kind of provocation seems like the perfect scenario to unleash them.
Also, it wouldn't be anything new for the Russians, since they have already been accused of coordinating their military activities with cyber-attacks (namely distributed denial-of-service attacks) in their conflicts with Georgia and Estonia back in 2007 and 2008.
However, much of the cyber-activity in this conflict may come from the Ukrainians. "While the Ukraine is inferior in conventional warfare, they have phenomenal hackers who can steal intelligence from the Russians, intelligence that could become very valuable as the Ukraine reaches out for help from the international community," said McCall Paxton, a SOC analyst at Rook Security.
People will always make mistakes, and Ukrainian hackers would be able to take advantage of those mistakes to track down and steal sensitive information. There is no need to deploy the resources on the ground to infiltrate Russian defences to steal the information if it can be done remotely from a computer, said JJ Thompson, CEO of Rook Security. The cyber-efforts would bolster the efforts in the physical world, in terms of diplomacy as well as conventional warfare.
A lot of Ukraine's neighbours, and much of the international community, are nervous about Russia re-asserting its power in the region. So even though Ukraine doesn't have the manpower or the armed resources to fight Russia, and many of its neighbours may not be able to intervene directly, it is a reasonable assumption that there are plenty of allies ready to lend a hand in the digital realm, Paxton said.
Hacktivists would be launching against Russian targets on the behalf of Ukraine, and it is to be expected there will be retaliatory attacks as well. Let's also not forget that hacktivists have already been targeting pro-government Websites over the past few months as part of the ongoing protests. These additional attacks are just another sign of escalating tensions, Paxton said.
Attacks on communications infrastructure
We are already seeing attacks against critical infrastructure. According to a United Press International report, Ukrtelecom, Ukraine's only landline provider, said unknown saboteurs seized telecommunications nodes and destroyed cables in Crimea, leaving the region with almost no phone or Internet service over the weekend. The attack on the telecommunications infrastructure appears to follow other incidents in Crimea by pro-Russian groups, just before the military moved in.
In any kind of conflict, shutting down or restricting communications is essential, but as Arab Spring in Egypt showed, people will always find a way to get word of what is happening out, Thompson said.
Effects outside of Ukraine
What does the unrest in Ukraine mean for the rest of us, far away from the danger and chaos? It turns out that cyber-criminals are taking advantage of the events to launch their own malicious campaigns. Most of the activity appears to be in the form of social media phishing attacks and embedded malware, Paxton said. Just as in the days after US forces shot and killed Osama Bin Laden, cyber-criminals are pushing out fake sites claiming to have exclusive images and the latest information.
While these kind of opportunistic attacks are not anything new, it's dangerous because these attacks are getting increasingly sophisticated. "I am worried that we are going to see the perfection in the means [these events] can be exploited," Thompson said.
You should rely on established news sources for information about the events as they unfold in Ukraine, and don't click on links in social media or email claiming to have the latest details. And in case you are tempted to take up digital arms on the behalf of Ukraine, don't forget that taking part in DDoS attacks, even with the best of intentions or hiding under the banner of Anonymous, is illegal and can get you in trouble.