Ukraine Crisis Fits Cyber War Narrative

Looks like there is a  a direct connection between the geopolitical climate and the increase in cybercriminal activity.

When Kenneth Geers (pictured), an expert ambassador of the NATO Cyber Centre, first suggested two years ago that there might be a connection between spikes in cybercriminal activity and spikes in geopolitical conflict, there was skepticism. Since then, NATO has declared cyberspace a domain for war and regions of geopolitical strife have also seen their fair share of cyberespionage and cybercrime. What's been learned and has the skepticism waned or grown?  

Geers, who has been living in Ukraine for the past two years, will discuss this in an forthcomingcoming session at Black Hat USA, "Cyber War in Perspective: Analysis from the Crisis in Ukraine." The talk will cover some of the work published by 20 prestigious researchers on behalf of the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE), investigating the cyber activity in the region between 2013 and 2015.

Two years ago, Vladimir Putin signed a bill incorporating the Crimean peninsula into the Russian Federation, and Russian military forces massed along the Ukrainian border. Geers was a global threat analyst for FireEye at the time, and noticed a spike in malware traffic traced back to Ukraine and Russia at the height of the conflict between the two nations.

Geers tentatively suggested at the time that there could be a connection between the geopolitical climate and the increase in cybercriminal activity, and that this connection could be used for threat intelligence. He received some pushback, at the time, even among colleagues within FireEye.

Since then, however, Ukrainian targets have been hit with more cyberattacks that directly or indirectly impact the country's autonomy.   

Ukrainian presidential elections in 2014 were “completely, utterly, thoroughly hacked,” says Geers. Three days before the election was to be held, a pro-Moscow hacking group attacked the election commission. As a Wall Street Journal feature described:

Its stated goal: To cripple the online system for distributing results and voter turnout throughout election day. Software was destroyed. Hard drives were fried. Router settings were undone. Even the main backup was ruined.

A valiant effort by the election commission's IT staff rebuilt the voting system in time for the election, starting from an offline backup. However, attackers were able to post false election results that appeared to be hosted by the Commission's website -- media outlets reported these false results briefly before they were debunked.

Cyber war skeptics would argue that these attacks didn’t actually change the results of the election, so the impact was minimal, says Geers, who maintains “it degrades the integrity of the government” and the systems on which it relies.

In addition to these moves against elections, there have been cyberattacks on Ukraine's banks, railroads, mining industry, and of course the highly publicized one in December that took down a significant portion of the Ukrainian power grid. 

Skeptics of the very existence or possibility of "cyber war" could point to attacks like these and dismiss them by saying they did not cause death or widespread destruction. They therefore challenge terms like "Cyber Pearl Harbor."  

"People don’t like it," says Geers, "but we talk about ['Cyber Pearl Harbor'] a lot at Cyber Command.”

The term, says Geers, is in reference to the tactical advantage the Japanese forces gained in World War II by the attacks on Pearl Harbor. "It wasn’t meant to win the war. It was meant to create some breathing space.”

Similarly, he says, cyberattacks can be used “to give you a bit of time. An edge.”

Disrupting satellite communications, causing mass blackouts, derailing trains, or stirring up some public unrest, might not be the ultimate goal, but it could be a strategic maneuver in a war. It's something to divert leaders' attention and resources away from something of greater importance. 

Perhaps more sinister, is the possibility of cyberattacks being used to change data. “So the ship goes left, not right. So the agent meets at 2, not 12. Those things could get people killed," and that, says Geers, is not hyperbole. A cyberattack, he says “is not an artillery barrage, but you could lead troops into an artillery barrage” with a cyberattack.

The changes could be smaller, he says, to less critical systems, and maybe socks get sent to the base that needs more bullets and bullets get sent to the base that needs more socks. Regardless, it's a matter of diminished integrity, says Geers -- diminished integrity of data, of systems, and of people.

Once citizens' trust in their own nation is compromised, they could be open to other kinds of manipulation, like "psyops," (psychological operations), the process of changing people's minds -- something Geers says Russian intelligence is particularly good at. 

Regardless of what skeptics believe, NATO officially declared cyberspace a domain for war in June, which would mean that an act of war in cyberspace would initiate a collective response by NATO allies. (Neither Russia nor Ukraine are NATO member countries.)

Geers says that governments will spend “ungodly” amounts to prepare the battle space for the military, and that he's sure they are investing heavily in ways to compromise military vehicles.

"They're floating, driving, and flying computers at this point," he says. What has become clear to Geers and his co-authors of the NATO CCDOE book is that as geopolitical tension rises, not only does the amount of malware traffic rise -- as Geers reported in 2014 -- but so does the number of sophisticated cyberattacks. Which one is driving the other?

To this point, says Geers, geopolitics has been driving the cyber activity -- with both intelligence agents and opportunistic financially driven attackers upping their game when the action gets hot. However, he says, “the ubiquity of computers will mean they’ll begin to play a lead role.”

Kenneth Geers is the author of “Strategic Cyber Security”, Editor of “The Virtual Battlefield: Perspectives on Cyber Warfare”, Technical Expert for the “Tallinn Manual on the International Law Applicable to Cyber Warfare”, and author of more than twenty articles and chapters on cyber conflict. Follow him on Twitter @KennethGeers.

DarkReading

 

« Healthcare CISOs Find Security Vendors Overpromising
Retail Banks Will be Dead Within A Decade »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

Cyber Security Raad (CSR) - Netherlands

Cyber Security Raad (CSR) - Netherlands

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government undertaking efforts at strategic level to bolster cyber security in the Netherlands.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

International Cybersecurity Forum (FIC)

International Cybersecurity Forum (FIC)

The International Cybersecurity Forum (FIC) has established itself as the benchmark event in Europe in terms of digital security and trust.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

BrainStorm

BrainStorm

BrainStorm Threat Defense takes a new human-focused approach to security awareness that traditional training lacks. It’s a cutting-edge platform to make your users more security savvy.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.