Russia is on the verge of annexing Crimea without ever having fired a shot – at least in the real world.
Below the surface of relative calm, the tug-of-war over Ukraine has seeped into the cyber realm in the form of attacks on the websites of government agencies, media publications and social networks.
While these incursions have not reached the point of Russia’s alleged cyber warfare in Estonia and Georgia last decade, the activity is the latest example of geopolitical conflicts increasingly playing out in cyberspace. As more and more people and businesses around the world rely on the Internet, these types of attacks are only likely to continue.
“Any current and future conflict will likely include a cyber component to it,” said Frank Cilluffo, a former Bush administration adviser who is currently director of George Washington University’s Homeland Security Policy Institute.
The Russia-Ukraine conflict underscores how cyber attacks continue to be motivated by ideological, not just financial, causes.
Other instances of geopolitics playing out in cyberspace include the Stuxnet virus believed to be sent by the U.S. and Israel to scuttle Iran’s nuclear program and widespread attacks on media websites by hackers aligned with the regime in Syria.
“Just as the web has proven to be an effective tool to help strengthen the distribution of one’s message against ideological and political differences, it has also been a target-rich environment for those who wish to send a message by trying to take down state-run websites,” said Carl Herberger, vice president of security solutions at Radware (RDWR).
‘Blind and Deafen’
Russia has a history of alleged cyber warfare against former satellites of the Soviet Union.
In the middle of a conflict with Russia in 2007, Estonia suffered a 10-day attack on its Internet services that caused major disruptions to the country’s banking system. While Russia denied wrongdoing, Estonia pointed the finger at Moscow.
“What makes cyber unique is the potential for plausible deniability. Smokey keyboards are harder to find."
- Frank Cilluffo of George Washington University
“It was essentially punishment from pro-Russian hackers against the country as a whole. It was a broadside against government, economic, media and commercial” interests, said Ken Geers who moved to Estonia in 2007 where he served as U.S. representative to the NATO Cooperative Cyber Defense Center of Excellence.
And then in 2008, Georgia was slammed by even more egregious cyber attacks ahead of Russia’s invasion of the former Soviet territory.
“They took out communications to blind and deafen the Georgians,” said Cilluffo.
Cyber Fallout of Crimean Conflict
The recent activities in Ukraine have combined physical and cyber attacks in an effort to isolate Crimea from Kiev, Cilluffo said.
Reports indicate armed men caused widespread service outages in Crimea by sabotaging fiber optic cables at Ukrtelecom, the country’s largest telecom provider.
“By and large, what you’re seeing is low-intensity cyber conflict at this point. It does have the potential to escalate -- and escalate quickly -- given Russia’s sophistication and capabilities in this space,” said Cilluffo.
Herberger noted that the website of the National Security and Defense Council of Ukraine appears to be currently down: http://rnbo.gov.ua.
One area of particular concern is Ukraine’s energy facilities, which are central to the ongoing political conflict. Ukraine has the largest gas transit infrastructure in the world, transiting about 100 billion cubic meters per year of Russian gas to European markets, according to the International Energy Agency.
“There are some unique cyber vulnerabilities to the infrastructure itself. That’s something we ought to be paying attention to, not just there but that could spill over to the West, including the United States,” said Cilluffo. “That’s probably the trump card” if the situation escalates, he said.
Pattern of Cyber Warfare
All of this highlights the growing role of cyber attacks in geopolitical conflicts in general, not just ones involving Vladimir Putin.
Increasingly, militaries, terrorist organizations and other groups are relying on these digital intrusions to support traditional activities. Cyber attacks can enhance information or propaganda wars, intelligence-gathering efforts, bolster military capabilities or even stand alone as acts of war by themselves.
Geers, who is now a senior global threat analyst at FireEye (FEYE), said cyber attacks are ideal for propaganda efforts.
“At the end of the day, you want to convince hearts, minds and wallets of a certain point. The Internet is perfect for that. You can manipulate conversations, place new stories and alter the course of history,” he said.
For example, the Syrian Electronic Army, which is aligned with Syrian President Bashar al-Assad, has carried out countless attacks on Western media organizations, including The New York Times and the Washington Post. Earlier this year, the hacking group claimed its breaches of CNN social media sites were to “retaliate” for the news service’s “vicious lying” in reporting on the conflict in Syria.
One of the most egregious examples of cyber intrusions with geopolitical implications was the 2012 assault on Aramco that destroyed 30,000 of the Saudi Arabian national oil company's computers.
Nation-states like Russia may decide it’s easier to avoid international outcry by resorting to cyber attacks, which are far more difficult to trace than traditional military activities.
“What makes cyber unique is the potential for plausible deniability. Smokey keyboards are harder to find,” said Cilluffo.
As tensions around the world remain elevated, it seems reasonable to expect more of this type of cyber activity.
“I see no reason for geopolitical attacks to decrease in the near future,” said Herberger.