Three big cyber takeaways as the Ukraine war enters its third month
As Russia’s war in Ukraine enters its third month, the hacking component of the conflict has not unfolded in the way anyone suspected.
There have been major Russian hacks, but none that have played a crucial role in the military conflict. Ukraine, meanwhile, has more than held its own, both in defending its own digital assets and in countering Russia in cyberspace.
Here are three big takeaways about where the cyber conflict stands now.
1. Cyber conflict often gives underdogs an advantage.
Ukrainian hackers and their allies stole and leaked emails, passwords and other data from Russian institutions and individuals, my colleague Joseph Menn reports. They have also defaced Russian websites and conducted intelligence operations to undermine Russian public support for the war.
The lesson: Many of the factors that give nations an advantage in conventional conflicts – such as economic strength and technological capabilities – are far less effective in cyber conflicts.
This is the same fundamental lesson that has allowed North Korea – a rogue nation with almost no economic power – to harass far wealthier adversaries like South Korea and the United States.
Developing a decent hacking skill is much easier and less expensive than developing conventional military skills. And it’s comparatively easy to find and compromise targets that can at least harass and embarrass an adversary given the generally inadequate level of cyber protection around the world.
The most powerful nations also tend to rely the most on the internet, making them particularly rich targets for hackers.
- For 20 years since the invasion, hackers supporting Ukraine have leaked emails from a state TV and radio chain along with reams of passwords and other credentials from Russian online accounts, Joseph reports.
- In March, more credentials related to Russian emails were leaked online than any other nation, said security firm Surfshark Joseph — a distinction usually held by the United States or India, both far more populous nations.
2. Hacks that steal data can be more powerful than those that cause disruption or destruction.
Since the invasion, most media has focused on hacks that aided Russian military action, such as an early satellite hack that disrupted Ukrainian communications.
But Russian hacks that stole oodles of Ukrainian data could have the larger long-term impact — especially if Russia ends up occupying parts of Ukraine for extended periods and can use the data to locate the most likely members of a resistance.
Kremlin-backed hackers appear to have ramped up such attacks prior to the invasionincluding access to government databases at the agency overseeing police, national guard and border affairs and a national database of motor insurance information, the Associated Press Frank Bajak reports.
Top cyber officials of Ukraine Victor Zhora claimed the aim was to identify the people most likely to resist an occupation and kill or imprison them.
Here is Jack Watlingan analyst at British think tank Royal United Services, told AP: “Fantastic useful information if you’re planning a career… knowing exactly what car everyone drives and where they live and so on.”
3. Hacktivists and other non-state hackers can play a crucial role in future conflicts.
The vast majority of known digital operations targeting Russia have been carried out by hackers who appear to be volunteering their efforts rather than working directly for the Ukrainian government.
For example, the Russian channel’s data was stolen by a newly formed hacktivist group calling itself Network Battalion 65, Joseph reports. This group has also launched ransomware attacks and locked Russian companies’ data.
“We pay for our own infrastructure and devote our time to it outside of jobs and family commitments,” an unnamed spokesman told Joseph. “We don’t ask for anything in return. It’s just right.”
Such operations have given western cyber officials and analysts heartburn who fear hacktivists might unwittingly launch hacks that cause major damage or escalate cyber tensions between Russia and the West.
Still, it seems inevitable that they will play a role in future conflicts – especially when there is widespread public sympathy for a side that leaves many people with digital skills wanting to help.
“Normally you don’t want to encourage confident hackers,” said the former State Department cyber czar Christopher Painter said Joseph, adding that “we are not in a normal course of events”.
Lindell briefly returned to Twitter after being banned from voting for disinformation
My Pillow CEO Mike Lindelwho was permanently banned from Twitter last year, created a new account that was online for several hours on Sunday before Twitter removed him.
Lindell was one of the biggest advocates of unsubstantiated claims that the 2020 election was rigged, and he regularly tweeted such claims before being banned.
While his new unverified account was briefly online, he posted a video urging people to follow him and beware of accounts that claim to be him but aren’t. Twitter Rules prevent people from creating new accounts after their existing accounts are banned.
Context: The stunt came amid widespread speculation that Elon Musk, who is in the process of buying Twitter for $44 billion, could relax disinformation rules that led to bans on Lindell and former President Donald Trump.
Here’s the predictable result about that The Daily Beast Zachary Petrizzo:
FBI data requests from Americans have more than doubled in the past year
From December 2020 to November 2022, FBI officials conducted approximately 3.4 million queries of data collected by the National Security Agency that likely contained information about Americans, Devlin Barrett and Shane Harris report.
That’s compared to about 1.3 million such searches last year. The numbers come from an annual transparency report by the Office of the Director of National Intelligence.
The revelation could reignite long-standing concerns about the scope of US government surveillance the flooded after Edward Snowden revelations in 2013.
From Devlin and Shane: “A senior FBI official, speaking on condition of anonymity to discuss details of the intelligence gathering, said the spike was largely the result of a single suspected Russian hacking case. This case, related to attempts to compromise critical US infrastructure, accounted for about 1.9 million inquiries, the official said.”
The searches authorized by Section 702 of the FISA Amendment Act are conducted on databases collected for foreign intelligence purposes, but sometimes collect information about Americans.
Romanian websites hit by pro-Russian hack
The digital attacks targeted Romanian government websites for the country’s defense ministry and border police, as well as a Romanian railway and financial company, Bloomberg News reports.
The attacks flooded the websites with fake traffic, leaving some of them offline for several hours. Romanian authorities blamed a Kremlin-affiliated hacking group called Killnet. The attacks come as Romanian officials have considered providing military aid to Ukraine.
South Korea arrests 2 accused of spying for North Korea (New York Times)
War in Ukraine puts spotlight on rented spy satellites (Wall Street Journal)
How French Fiber Attacks Highlight Critical Infrastructure Vulnerabilities (CyberScoop)
Ukraine’s defense learns lessons from 15-year-old cyberattack on Estonia (NPR)
Thomson Reuters reviews contracts, including immigrant tracking database (by Drew Harwell)
A tip of the hat to the UK’s National Cyber Security Centre.
- Google and Microsoft executives will testify Tuesday at 2:30 p.m. at a Senate Armed Services Committee hearing on applications of artificial intelligence in cyber operations
- CISA Director Jen Easterly, Rep. Jim Langevin (DR.I.), and cybersecurity officials speak at the Hack the Capitol conference Wednesday.
- Homeland Security Secretary Alejandro Mayorkas testifies before the Senate Homeland Security Committee at 2:30 p.m. Wednesday
Thank you for reading. See you tomorrow.