May 9 ‘Djen Pobedy’ (День Победы) is a day of huge celebration in Russia. Events take place in towns throughout the country to mark the victory of the Soviet Union over Nazi Germany in World War 2. Before the invasion of Ukraine on 24 February, Vladimir Putin doubtless had visions of new displays of adulation from the Russian people as he boasted about the success of his ‘special military operation’ in eliminating Ukraine as an independent nation state and taking it back into its rightful place in the Motherland.
Since the invasion, however, it has quickly become apparent that the only success Putin has enjoyed in Ukraine consists of attacks carried out à-la Grozny: bombing cities to rubble, with marauding troops participating in horrific war crimes leaving nothing but devastation in their wake.
Putin is said to be angry at how the war has played out. Far from the swift victory he envisaged, his forces are embroiled in a conflict that, in the long term, they simply cannot win.
It seems Russia’s poor military performance has come as a surprise both to Putin and to the wider world. Much of the failure can certainly be attributed to the resilience and determination of the Ukrainian people to fight for their country; much of it is also down to the unprecedented unity shown by the majority of nation states across the world, particularly in the West. There can surely be no debate over this: Putin believed that his forces would overcome Ukraine within days, and that, as in his invasion in 2014 and the subsequent re-annexation of Crimea and activities in the Donbas region, western powers would wring their hands but basically step aside.
He has been proved wrong. With their numerical superiority in terms of both forces and arms – and not forgetting their possession of nuclear weapons (which Ukraine gave up in 1994 as part of the Budapest Memorandum on Security Assurances – we can still expect Russia to eventually prevail militarily; what is less certain, however, is how any such ‘victory’ could be sustained. How exactly does Putin intend to maintain control over devastated cities such as Mariupol or Kherson or Bucha, given the utterly inhuman attacks and killings that have taken place there?
The military shortcomings have been accompanied by economic failure and the devastation of the Russian economy. The country’s central bank assets have been frozen; the rouble has tanked dramatically; major banks are now unable to use the international Swift money transfer system; oligarchs have had property and funds confiscated. To top all that off, European countries are hurriedly moving away from their reliance on Russian energy, something that will take time but will prove devastating for the economy, given its over-reliance on oil and gas and lack of diversification in the years since the break-up of the Soviet Union.
But there is a third failure: that of Russia’s much-vaunted cyber expertise. Both their offensive and defensive capabilities in this field have been found wanting.
Even before the invasion, analysts were discussing the possibilities of cyber warfare and the role the Russian state-sponsored hacker groups would likely play in the war with Ukraine. The aim of these would be to target and take down critical infrastructure such as communications and energy systems, forcing Ukraine into capitulation.
Well-publicised attacks which could be viewed as practice runs were seen in Ukraine in 2015 when the compromise of the country’s power grid with the BlackEnergy malware was attributed to Sandworm, a Russian state-sponsored group: disruptions to the systems lasted for several hours. This was followed in 2016 by another attack, this time focusing on power networks in Kyiv and utilising Industroyer/CrashOverride malware.
Russian groups have also been held responsible for other very serious attacks targeting Ukraine – at least initially. The devastating NotPetya malware attack, however, which took place in 2017, spread rapidly across organisations in the country and then out into the wider world, leading to billions of dollars in damages globally.
This is not to suggest that Russia has not launched any damaging attacks on Ukrainian organisations as part of this war.
A huge cyberattack targeted Ukrainian government websites in January, hitting the foreign ministry, the cabinet of ministers and the security and defence council, among others.
In February, ESET researchers announced they had found new data-wiping malware, HermeticWiper, on machines throughout Ukraine, impacting financial institutions and government contractors.
Microsoft has recently published a report noting that at least six Russian state-sponsored groups have been involved in attacks on Ukrainian organisations. The company counted more than 237 cyberattack operations against Ukrainian systems and critical infrastructure.
It is also entirely possible that Russia has launched many more potentially serious attacks that have proved unsuccessful. Kevin McMahon, CEO of Cyjax, argues that Ukraine has shored up its cyber defences over the last few years with the support of western allies and technology, allowing its own intelligence agencies to learn from the previous attacks, and giving them far greater ability to deal with intrusions.
In March this year Ukraine was also admitted into the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), which is based in Tallinn, Estonia; this will ensure the country’s security authorities benefit further from the support and knowledge of western allies in the cyber field.
More broadly, Russia is continuing attempts to disrupt internet communications in Ukraine.
In late March, for example, NetBlocks reported that Ukraine’s national internet provider Ukrtelecom had confirmed a cyber-attack on its core infrastructure. “Real-time network data show an ongoing and intensifying nation-scale disruption to service, which is the most severe registered since the invasion by Russia.”
Most recently, Russian forces have been making moves to address their lack of control over the Ukrainian telecommunication sector by destroying and taking over the country’s internet infrastructure, re-routing traffic to operators controlled by Russia, something which was also done in the Donbas region in 2014 after the annexation of Crimea. Yurii Shchyhol, the head of the State Service of Special Communication and Information Protection of Ukraine, said: “In Russia, internet traffic is regulated by Russian forces — they collect data and they find those who support Ukraine and try to quash the resistance movement. The enemy understands that their mission is to eliminate Ukrainians’ access to their own internet and they have experience from 2014 of how to do this.” (source)
However, it is not only the activities of state-sponsored groups that are of interest when assessing the implications of cyber activity during this war.
The actions of independent hacktivists have proved to be quite remarkable. The speed with which people have gathered together online has been notable: the IT Army of Ukraine was quickly established, garnering thousands of followers to its Telegram channel (and its currently banned Twitter account). The administrators publish target lists every day asking for DDoS attacks on a huge range of Russian organisations, from government and military sites through to food delivery companies. These attacks can take websites down for some hours.
Other hacktivists, many aligned with Anonymous, have set their sights higher and are concentrating on compromising company and government websites and stealing data from them. Anonymous is not a group: it is simply a loose collective of people with similar ideals, in this case a desire to work on the behalf of the Ukrainian nation and inflict as much damage as possible on Russian organisations. Highly publicised Anonymous operations have been seen in the past, such as in campaigns relating to the Catalan referendum, economic reforms in Nicaragua or attacks on US police forces as part of the Black Lives Matter movement, but none have attracted the imagination of hacktivists as much as the war in Ukraine. This is not surprising of course: seeing footage of cities being destroyed by bombs or of millions of women and children crossing borders into neighbouring countries will obviously garner attention like few other issues; nevertheless, the response of these hacktivist groups has been extraordinary.
Questions have been asked about the point of such activities. In the case of DDoS attacks, organisations will usually manage to get their websites back online fairly speedily. The theft of data is another matter. Much of the company, government and personal information stolen in these attacks is posted on DDoSecrets, a US-based organisation run by Emma Best; researchers verify the data to assess its legitimacy before releasing it. The true value of it may not be known for years.
While state-sponsored cyber warfare may not have featured as heavily as was predicted during this war, it is by no means certain that Russia has elected to forego its use: it is evident that the Kremlin’s highly skilled hacker groups are capable of instigating hugely damaging attacks. Nevertheless, this does beg the question as to why these abilities are not – so far – being put to better use. Instead, the Russian forces are using conventional weapons and bombing Ukrainian cities to smithereens, taking the lives of thousands of civilians with them. Perhaps Putin prefers to be able to show concrete evidence of his ‘successes’ on state-run TV every night. After all, smouldering ruins provide a much better illustration of the President’s stated goal of returning Ukraine to the Russian Empire, while at the same time disposing of so many of those unwanted Ukrainian people.