With Russia’s de facto military occupation of Crimea, cyber attacks and disinformation campaign have intensified. Unusually large distributed denial-of-service (DDoS) attacks are currently being directed at both pro-Western and pro-Russian Ukrainian news sites as the New York Times reports. Since the start of the crisis, pro-Russian and pro-Crimean “hacktivists” have hacked into the email and social media accounts of Ukrainian opposition leaders, and posted falsified messages to their Twitter accounts. Security analysts worry that hitherto small-scale attacks – such as defacing Ukrainian web sites, censoring pro-Ukrainian content on social media (see also The Moscow Times) – could be expanded to more substantial attacks against critical infrastructures which could disrupt critical services. If attacks were raised to the level of the attacks against Estonia in 2007 and Georgia in 2008, the consequences would be more severe.
With Russia’s de facto military occupation of Crimea, cyber attacks and disinformation campaign have intensified. Unusually large distributed denial-of-service (DDoS) attacks are currently being directed at both pro-Western and pro-Russian Ukrainian news sites as the New York Times reports. Since the start of the crisis, pro-Russian and pro-Crimean “hacktivists” have hacked into the email and social media accounts of Ukrainian opposition leaders, and posted falsified messages to their Twitter accounts. Security analysts worry that hitherto small-scale attacks – such as defacing Ukrainian web sites, censoring pro-Ukrainian content on social media (see also The Moscow Times) – could be expanded to more substantial attacks against critical infrastructures which could disrupt critical services. If attacks were raised to the level of the attacks against Estonia in 2007 and Georgia in 2008, the consequences would be more severe.
On February 28 in a video message Anonymous Ukraine declared “cyberwar” on countries and organizations that, it said, posed a threat to freedom and independence of Ukraine. On the same day many Ukrainian websites, followed on March 1 by Polish websites, came under DDoS attacks; responsibility for the attacks was taken by Anonymous Ukraine.
On February 28 unidentified militias took control of Crimean premises operated by Ukraine’s telecom provider Ukrtelecom and tempered with fibre optic cabling was tampered with causing loss of service for some users. Subsequently mobile phones of members of the Ukrainian parliament have been interfered with using equipment installed in Russian-controlled Crimea. Security analyst Pierluigi Paganini, a Certified Ethical Hacker, writes that Internet connections in Crimea have been severely hampered; and power lines and Ukrainian naval communications stations round Sevastopol have been sabotaged by Russian naval vessels carrying jamming equipment to block radio communications.
On March 3 “hacktivists” calling themselves Cyber-Berkut announced they have hacked over 40 Ukrainian sites – among others opposition party Batkivshina (Fatherland) and government sites – to protect Ukraine from “traitors” and clear it of “neofascists”.
On the Russian side of the border, RT television was hacked and defaced. After the Russian Parliament approved on March 1 the deployment of Russian troops in Crimea, hacktivists calling themselves Anonymous Operation OpRussia announced on March 4 cyber attacks against the Russian President Vladimir Putin who “invaded a sovereign nation in the name of Russian hegemony, and threatened peace and stability in the region”; and hacked hundreds of Russian websites. On March 6 “hacktivists” under the Russian Cyber Command have leaked around 1,000 documents allegedly stolen from Rosoboronexport, the state’s agency for import and export of Russia’s defence products, technologies and services; and claim they have stolen documents from other Russian companies including major telecom providers and FSB related espionage companies.
Illegal activities of secret services have been used to discredit top-level Western politicians and the Ukrainian new interim government, in support of the objectives of Russia’s disinformation campaign. Phone calls of Western politicians involved in Ukraine crisis have been intercepted. In the beginning of February, weeks before the Russian armed forces entered Crimea, a mobile phone call between US Assistant Secretary of State Victoria Nuland and the ambassador to Ukraine, Geoffrey Pyatt (who was in Ukraine at the time of the call), was leaked, and posted on Twitter by Dmitry Loskutov, an aide to Russian Deputy Prime Minister Dmitry Rogozin. More recently, a mobile phone call that had taken place on February 26 between Estonian Foreign Minister Urmas Paet and EU High Representative for Foreign Affairs and Security Policy Catherine Ashton was intercepted and leaked on March 5 on the internet. Paet said in the live-program of the Estonian public service TV channel ETV that falsified versions of their conversation have been circling in the Internet. The distortion of information aims to show events so that they advance the objectives of Russia’s propaganda campaign.
During the conversation with Ashton, Paet quoted a woman named Olga: “What was quite disturbing, this same Olga told that, well, all the evidence shows that people who were killed by snipers from both sides, among policemen and people from the streets, that they were the same snipers killing people from both sides,” Paet said, and continued: “So there is a stronger and stronger understanding that behind snipers it was not Yanukovych, it was somebody from the new coalition.”
Immediately after the leak the Russia Today reported under the headline “Kiev snipers hired by Maidan leaders”, that “the snipers who shot at protesters and police in Kiev were allegedly hired by Maidan leaders”. The headline is untrue because in the phone conversation Paet said what he had been told in Kiev by a civil activist and the head of Euromaidan’s medical service Olga Bogomolets; thus it was not his opinion nor an established fact as the headline of Russia Today suggested. Paet was concerned that “there will probably be an attempt to use the recording to discredit the new government of Ukraine”.
The leaked call was the top item on Russian state news agency RIA-Novosti, and state television channel Rossyia-24 suggested the EU had now proof that sniper shootings at police and protesters had been carried out by the same people (Reuters, Marc h 6).
The timing of the leak is not coincidental. According to an Estonian security expert Jaanus Rahumägi in such cases it is not possible to collect court-proof evidence; however, most Estonian security experts say that both calls were intercepted by (Russian) secret services. Estonian Security Service (Kapo) has started to investigate the case.
The aim of the leak – to compromise Ukrainian interim government – is obviously in the interest of Russia. Lately, Russia’s “soft power” has been targeted to Russian speaking Ukrainian population; while Western media has reported on Russian “massive” propaganda offensive regarding Ukraine that has been carried out for months (see also NYT article). Falsified and verifiably false news have been reported by Rossiya-24 television, the English-language Russia Today television, news agency Rossija Segodnja, Russian state TV channel RTR and even on social media sites. Targets of Russia’s English-language media campaign are European residents. Besides, researchers argue that Vladimir Putin uses state-controlled media to display his power to the siloviki who are central to his control in Russia.
Notoriously – given that Russian public opinion research centres can be trusted – Russian population has accepted a false narrative regarding the Ukraine that the Kremlin has spun. All-Russian Center for the Study of Public Opinion (VTsIOM), a state-run institution, found that the majority of those polled described the latest developments in Ukraine as a “coup d’etat and an armed seizure of power,” “anarchy, lawlessness and banditry,” and a “civil war”; a description that reflects verifiably untrue stories published by Russian state-owned television channels and media. Another opinion poll by VTsIOM, found that as of early March, Vladimir Putin’s rating is at its highest in the last two years. Almost 68 percent of Russians approve of the work of Putin, reasons for his improved image are ongoing crisis in Ukraine, including the situation on the Crimean, and the Sochi Olympics, explain researchers. These results indicate that Putin’s decision to use military force has been popular among Russians.
Propaganda has been part of traditional Russian information operations arsenal. As put by Hannes Hanso, a non-resident Research Fellow at ICDS, Russians have been always been very good in using this tactic. Russia uses every possibility to distort information to show events in a certain light. In Crimea, the Council of ministers threatened to disconnect a number of the Ukrainian TV channels because of “one-sided” illumination of a situation in the republic, according to media reports, and a Twitter posting from March 6 reports that they did so. Pro-Russian “patriotic hacktivists” have started their own misinformation campaign on the social media publishing disconcerting stories and images about atrocities committed by Ukrainians in Crimea.
In today’s inter-state conflicts, whatever their precise nature, the use of cyber weapons, disinformation campaign and information operations in conjunction with other means is not an exception but the rule. Secret services and “patriotic hacktivists” are also engaged in advancing the objectives of the state’s propaganda campaign. Professor Richard Andres, of the US National War College, says that Russia’s cyber capability is comparable to the capability of the most sophisticated cyber state in the world, the US. He regards Russia as “the biggest cyber threat to the US”. Jason Rivera, an active duty Army Officer in US Army Cyber Command, writes that there is evidence that Russia conducts joint kinetic and cyber operations in pursuit of its political and military objectives in Crimea, and recommends that “the international community should carefully monitor the situation.”
He warns that if situation escalates, the likelihood of Russia’s sophisticated cyber offensive raises. Crimea is a vulnerable target because of the positioning of its Internet exchange points, Rivera explains. If this IXP located in Crimea were severely limited or shut down, which may have already happened, the peninsula would be completely isolated, allowing Russia to control Internet activity in Crimea.
Jason Healey, a leading cyber expert at Atlantic Council, warns that in the Ukrainian crisis Russian-backed proxies will use cyber means against Ukraine, and that the technical means are likely to be more dangerous than those used against Estonia in 2007 and Georgia in 2008. Healey believes that the West should prepare in advance to offer cyber assistance to Ukraine. The West should use early warning techniques ( e.g. monitoring Russian nationalist message boards), cyber disruptions with an aim to warn the Kremlin, and start preparations to disrupt the possible large-scale attacks against the Ukrainian government institutions and critical infrastructures once they begin. In case of a more serious cyber attacks against Ukraine, the West should send their cyber specialists, and provide financial support to reinforce their defences (e.g. pay network providers and technology companies to allocate more bandwidth).
Luckily, other security experts say that attacks against Ukraine are not going to raise to the same scale as happened in Estonia and Georgia. Activity from “patriotic hackers” will probably remain on small-scale defacements and disruption, those experts believe.
Admiral (ret.) James Stavridis, the former Supreme Allied Commander in Europe, suggests NATO member states should plan at minimum to defend the country if is attacked in the cyber domain. Ambassador Matthew Bryza, Director of ICDS, suggests that Estonia should offer its cyber expertise to Ukraine, Georgia and Moldova in support of their Euro-Atlantic aspirations. What concrete steps Estonia can take to show our support to Ukraine and help them to reinforce cyber defence capabilities? Estonia could provide stipends for Ukrainian students to study IT and cyber defence at Estonian Universities, invite Ukrainian IT-experts to observe and participate in Estonian cyber exercises, organise a seminar for Ukrainian officials to assist them to formulate effective cyber security and defence policy, strategies and doctrines. To mitigate the negative effects of information operations, Estonia could offer for independent Ukrainian and Russian journalists a media site to present their views on the unfolding crisis.
Information operations – actions taken to affect adversary information and information systems while defending one’s own information and information systems (STANAG-2484). Information operations are described in the US Joint Staff and Army Doctrine as the integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision-making of adversaries and potential adversaries while protecting our own. Information-related capabilities are electronic warfare, computer network operations, psychological operations, military deception, and operations security.
Psychological operations are planned activities using methods of communication and other means directed at approved audiences in order to influence perceptions, attitudes and behaviour, affecting the achievement of political and military objectives (AAP-6).