Security Experts:

Russia, Ukraine Conflict Enters Cyberspace

Ukraine Cyber Attacks

Cyber attacks have long served as the accompaniment music to the sounds of political upheaval, and the invasion of Ukraine by Russia appears to be no exception.

So far, there appears to be no public evidence of state-sponsored attacks. However, hacktivists seem to be hard at work. Hackers recently defaced the website of Russia Today (RT) and placed the word 'Nazi' in every headline. In addition, hacktivists in the Anonymous collective say they have acted out in protest to Russia's actions by leaking roughly 500 MB of data from a Russian government employment site.

"We’re pleased to present something close to half a gigabyte of internal SQL data from `crownservice.ru,’ a website with very obvious and distinct ties to the Russian government," a post announcing the leak on Pastebin read. "There would have been more — a lot more — but time and other factors dictated we just up and leak that [...] right now."

"The Anonymous dump of crownservice.ru is the first cyber-attack in retaliation for Ukraine’s invasion that we know of, but chances are that we are going to see some others happening in the near future," said Bogdan Botezatu, senior e-threat analyst at Bitdefender.

According to reports, Ukrainian authorities believe the Russian army has been disrupting their mobile communications. There have also been small attacks against news sites and social media. The accusations of state-sponsored attacks harken back to Russia's invasion of Georgia in 2008, when Russian authorities were accused of launching distributed denial-of-service attacks in the days leading up to the invasion.

On Tuesday, Ukrainian security chief Valentyn Nalivaichenko reportedly told journalists that the mobile phones of members of the Ukrainian parliament were disrupted for the second day in a row.

"At the entrance to [telecommunication firm] Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation," he is quoted as saying.

Still, Michael Sutton, vice president of security research for Zscaler, said the company has not seen any signs of disruption to Web traffic patterns among customers in the Ukraine.

"This is a very different situation when compared to Russia's invasion of Georgia in 2008 when cyber attacks preceded the physical incursion in order to disrupt communications and aid the overall attack," he said. "While there are reports of website defacements and DDoS attacks, there is no evidence to suggest that these are state sponsored. Why would the cyber situation in the Ukraine be so different than what occurred in Georgia? There are likely a few reasons, not the least of which is the fact that Russia is currently trying portray it's incursion into Crimea as a necessary but peaceful process."

"Once they go on the offense via ground forces or through cyber attacks it's difficult to maintain that argument," explained Sutton. "Should the confrontation escalate, we would expect cyber attacks to be involved. Additionally, it will be a greater challenge for Russia to completely cut the Ukraine off, given that the country is connected to the outside world via Internet cables to other countries via Western owned ISPs, not just through Russia."

Subscribe to the SecurityWeek Email Briefing
view counter