I’ve added an update for May 9th below.
The hacktivist war against Russia has been dismissed as ineffective, but my own reading indicates that it is unprecedented and formidable. The final results are not yet visible, but something exciting is happening.
History
Russia has been a center of excellence for cybercrime since the dissolution of the Soviet Union in 1991 when the centrally planned and controlled Soviet economy shattered and became a kleptocracy. The accepted story is that trained software and computer engineers lost their jobs in the broken system. In desperation, they turned to cybercrime. The narrative goes on to say that the line between cybercrime and government sanctioned intelligence operations is vague in the former Soviet Union. Rumors abound that Russian cybercriminals have a free hand to demand ransom and steal data and cash in return for cooperation with Russian intelligence services. The truth of this narrative is hard to evaluate, but it’s the backdrop for the current cyber war in the Ukraine.
Scope
I went on alert for a major Russian cyber attack on February 24, 2022 when the war in Ukraine started. When I wake up in the morning on the Pacific Coast, it’s mid-afternoon in Moscow and Kyiv. The workday has barely started in New York. By the time I finish my first cup of coffee, I’ve checked for cyber attacks, assuring myself that the European and North American power grid is intact, European and U.S. oil refineries are not burning, and the international financial system is still functional.
The Ukraine war has brought many surprises. I, among many others, thought a precision blitzkrieg invasion would engulf and obliterate key targets bringing down the Ukraine in days. Ten weeks later, the Ukrainians have halted the assault on Kyiv, taken back territory, sunk a Russian naval flagship, killed several high-ranking Russian generals, and hit targets inside Russia. The damage to Ukraine is huge, but the Russian attack has faltered. We now know that the Russian army is not as war-ready as we thought.
The Russian cyber war is harder to measure. Microsoft has provided an extensive report on cyber attacks against Microsoft software in Ukraine. There have been attacks, but not the smoking mess I anticipated. The cyber war is not over and could still intensify, but it is not the dismal defeat of Ukraine that I expected.
What Happened?
I had not thought much about hacks against Russia until I read a piece in the Washington Post about the Ukraine IT Army recently. Russian computing culture is notoriously vicious. Prudent folks have shied away from hacking a such a formidable foe, but the Washington Post Article reports that since the Ukrainian invasion, more hacked Russian credentials have released on the open web than from any other country.
Usually, the U.S. is the helpless victim bleeding hacked data and Russia is presumed to be the biggest and ugliest culprit. The tables have turned. Russian businesses and institutions have been hacked and doxed— their credentials, private messages, and data have been accessed and published. Even pro-Putin Russian criminal hacking organizations are victims. If you’d like to peruse some stolen Russian data and creds from Russian residential electrical contractors, banks, the Ministry of Culture, the State Nuclear Energy Corporation, and tons more, look here. Russian cybersecurity is weak, not the impenetrable citadel we thought it was.
Some analysts downplay the significance of these attacks. I don’t, if only because they deflate the reputation of Russian cybersecurity.
Hacking Russia from Home
U.S. and European state actors, government agencies like the National Security Agency and the European Union Agency for Cybersecurity, are undoubtedly at work, but we probably won’t know their role until long after the war is over.
The great hack of Russia is a “working from home” operation.
Cyber war is not kinetic war. Launching kinetic weapons— missiles, bombers, tanks, and troops— is costly and requires large and well-established organizations at the right time and place.
But kids with smartphones can launch cyber attacks from anywhere, if they know how, and many of them do.
Professional cyber attacks use more sophisticated equipment and methods, but large organizations are not necessary and the equipment is not hard to get. Computer professionals with all the knowledge they need have adequate equipment and connections in their home offices. Nothing like the cash, trained experts, and on the ground presence required to launch a $200K Javelin missile or even a cheap $6K Switchblade drone.
For example, here is an interview with a group called AgainstTheWest. The group is secret and the assertions in the interview are unverified, but I find them plausible. They say their goal is to collect intelligence on threat actors (security jargon for instigators of risks with the capability to do harm) from Russia, Belarus, and North Korea. The group says they are five people who are certified information security professionals who work together. They have an impressive list of data on their targets that they have acquired. They say they work with various official agencies, but they are independent.
To support groups like these, the Ukrainian government has set up a Telegram list with information on potential hacking targets and the progress of the cyber war. The list has close to 280,000 members.
Impacts
The Ukrainian volunteer cyberwar is unprecedented and startling. I’ve feared a cyberwar for several years, but I anticipated a war between state actors like the U.S. Cyber Command leading the action, nothing like Ukraine’s leaderless foreign volunteer army, which is akin to guerilla warfare, but the partisans are far from the kinetic battle. Is the IT Army a spontaneous gush of altruistic support for democratic institutions? Or a destructive, undisciplined, and chaotic mob without a chain of command? Or some ungovernable mixture that will challenge order for decades to come?
We will see.
Update for May 9th
May 9th is a major holiday in Russia, commemorating the triumph of Russian troops over Nazi Germany in 1945. Both Russia and Ukraine celebrate that victory. The U.S. used to celebrate May 8 as VE Day (Victory in Europe Day) although it is no longer a national holiday. In Moscow, military parades and exhibitions of weaponry are May 9 staples.
Many experts were expecting trouble, perhaps a doubled down bombardment in eastern Ukraine or the long awaited Russian cyber attack on the West. I was up early, doom-scrolling for trouble. Nothing much happened. Reports say that the Moscow parades were, perhaps, a bit subdued but typical.
Putin attempted to connect attacking Ukraine with defeating Nazi Germany. The war in Ukraine was business-as-usual, but Russian social media platforms were hacked, according to the Washington Post. “The blood of thousands of Ukrainians and hundreds of murdered children is on your hands,” appeared on Russian television and computer screens. Internal propaganda convincing the Russian people that Putin is fighting a just war is critical if the Russian is ever to succeed. If today’s hack can be repeated and amplified, the hacktivists, whom I assume were behind the hack, will strike a powerful blow for the Ukraine.