A free-for-all but no crippling cyberattacks in Ukraine war

Feb 28, 2022, 4:16 PM | Updated: Mar 3, 2022, 7:28 am

RICHMOND, Va. (AP) — Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasn’t had much of a noticeable impact.

Instead, it’s Ukraine that’s marshalled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war on its neighbor. It’s a kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.

So far, Ukraine’s internet mostly works, its president still able to rally global support via a smartphone, and its power plants and other critical infrastructure still able to function. The kind of devastating cyberattacks thought likely to accompany a large-scale Russian military invasion haven’t happened.

“It has not played as large a component as some people thought it might and it definitely has not been seen outside of Ukraine to the extent that people feared,” said Michael Daniel, a former White House cybersecurity coordinator. “Of course, that could still change.”

It’s not clear why Russia hasn’t landed a more powerful cyber punch. Russia might have determined that the impact wouldn’t be serious enough — Ukraine’s industrial base is far less digitized than in Western nations, for one. Or Russia might have determined that it couldn’t do serious harm to Ukraine without risking collateral impact outside its borders.

Many cybersecurity experts believe the Kremlin, at least for now, prefers to keep Ukraine’s communications open for the intelligence value.

Whatever the reasons, the conflict’s early days have been marked by lower-level cyberattacks that appear to be done both by freelancers and state actors.

Prior to the invasion, hackers knocked offline or defaced Ukrainian government websites and wiped some servers with destructive malware. Now, an ad hoc army of hackers — some marshaled online by Ukraine’s SBU security service — are claiming credit for takedowns and defacements of Russian government and media sites.

A volunteer group calling itself the IT Army of Ukraine has more than 230,000 followers on a Telegram channel and is constantly listing targets for hackers to hit, like Russian banks and cryptocurrency exchanges.

On Monday, Ukraine’s SBU made its recruitment of allied volunteer hackers official.

“CYBER FRONT IS NOW OPEN! Help Ukrainian cyber experts hack occupant’s platforms!” it said on its Telegram channel, asking for tips on vulnerabilities in Russian cyber defenses, including software bugs and login credentials.

“It is the first time that states have openly called for citizens and volunteers to cyberattack another state,” said Gabriella Coleman, a Harvard anthropology professor who has charted the rise of hacktivism.

The move mirrors Ukraine’s reliance on its citizens for other areas of defense.

“It shouldn’t be surprising that Ukraine is dipping into all possible resources to fight off the Russians, a much stronger foe. Just like civilians are coming out to fight in the street, it doesn’t surprise me that they are trying to call forward civilians to support this through the digital space,” said Gary Corn, a retired Army colonel who served as general counsel to U.S. Cyber Command.

One hacker group that first appeared last year, the Belarus Cyber Partisans, claimed Monday to have disrupted some rail service in Belarus, the northern neighbor of Ukraine from which several prongs of Russia’s military attacked. The group has been trying to frustrate Russian troop and hardware movements through Belarus.

Sergey Voitekhovich, a former Belarusian railway worker who runs a rail-related Telegram group, told The Associated Press that the Cyber Partisans’ digital sabotage Sunday paralyzed train traffic in Belarus for 90 minutes. He said electronic ticket sales were still not functioning as of Monday evening.

The Cyber Partisans hack was intended to disrupt Russian troop movements in Belarus and was the second such action in a little over a month. Voitekhovich said the current attack delayed two Russian military trains bound for Belarus from the Russian city of Smolensk. His story could not be independently verified. Voitekhovich chatted with the AP from Poland. He said police pressure had forced him to leave Belarus.

Pro-Russian ransomware criminals from the Conti gang recently pledged on the group’s dark web site to “use all our possible resources to strike back at the critical infrastructures of an enemy” if Russia was attacked. Shortly afterward, sensitive chat logs that appear to belong to the gang were leaked online.

As partisans on both sides vow more serious cyberattacks, experts say there are real risks of the situation spiraling out of control.

“De-escalation and peace will be hard enough on their own without outsourced hacking to worry about,” said Jay Healey, a cyberconflict expert at Columbia University who has long been opposed to letting the private sector “hack back” against Russian or other state-backed cyber aggression.

Making things more complicated: potential “false flag” operations in which hackers pretend to be someone else when launching an attack, a specialty in cyber conflicts. Attribution in cyberattacks is almost always difficult and could be even more so in the fog of war.

There’s already been some spillover in some cyberattacks. Several hours before Russia’s invasion, destructive cyberattacks hit Ukraine’s digital infrastructure, damaging hundreds of computers with “wiper” malware — including a financial institution and organizations with offices in neighboring Latvia and Lithuania, cybersecurity researchers said.

Microsoft President Brad Smith said in a statement Monday that such attacks on civilian targets “raise serious concerns under the Geneva Convention.”

Smith noted that the cyberattacks — like a series of similar attacks in mid-January — “have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack,” referring to a “wiper” that caused more than $10 billion of damage globally by infecting companies that do business in Ukraine with malware seeded through a tax preparation software update.

The West blames Russia’s GRU military intelligence agency for that attack as well some of the other most damaging cyberattacks on record, including a pair in 2015 and 2016 that briefly knocked out parts of Ukraine’s power grid.

So far, there’s not been anything like that in this conflict. But officials say it could be coming.

“I’ve been pleasantly surprised so far … that Russia has not launched more major cyberattacks against Ukraine,” Senate Intelligence Committee Chairman Mark Warner said at an event Monday. “Do I expect Russia to up its game on cyber? Absolutely.”


Bajak reported from Boston. Associated Press writer Ben Fox contributed from Washington.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


FILE - More than 100 opponents of the Republican redistricting plans vow to fight the maps at a ral...
Associated Press

Abortion ruling puts spotlight on gerrymandered legislatures

In overturning a half-century of nationwide legal protection for abortion, the U.S. Supreme Court ruled that Roe v. Wade had been wrongly decided and that it was time to “return the issue of abortion to the people’s elected representatives” in the states. Whether those elected officials are truly representative of the people is a matter […]
17 hours ago
People salute the casket of Hershel "Woody" Williams set up in the first floor rotunda of the West ...
Associated Press

WWII Medal of Honor recipient to lie in honor at US Capitol

WASHINGTON (AP) — Hershel W. “Woody” Williams, the last remaining Medal of Honor recipient from World War II, will lie in honor at the U.S. Capitol, House Speaker Nancy Pelosi and Senate Majority Leader Chuck Schumer said Sunday. A date and other details will be announced later, Pelosi and Schumer said in a joint statement. […]
17 hours ago
Associated Press

West Africa leaders lift sanctions on 2 junta-led neighbors

ACCRA, Ghana (AP) — West African leaders attending a regional summit agreed Sunday to lift sanctions on two neighbors led by military governments that are now promising a return to democratic rule. The summit of the Economic Community of West African States resolved to lift all economic and financial sanctions imposed on Mali and Burkina […]
17 hours ago
People evacuated from the Field's shopping center gather outside,  in Orestad, Copenhagen, Denmark,...
Associated Press

Several dead in Copenhagen mall shooting; suspect arrested

COPENHAGEN, Denmark (AP) — A gunman opened fired inside a busy shopping mall in the Danish capital on Sunday, killing several people and wounding several others, police said. A 22-year-old Danish man was arrested after the shooting, Copenhagen police inspector Søren Thomassen told reporters, adding there was no indication that anyone else was involved, though […]
17 hours ago
German Foreign Minister Annalena Baerbock, briefs the media after a meeting with her counterpart fr...
Associated Press

Germany, Ireland slam UK move toward overriding Brexit deal

LONDON (AP) — Germany and Ireland have condemned the U.K government’s move towards unilaterally rewriting parts of the post-Brexit deal with the European Union. German Foreign Minister Annalena Baerbock and Irish counterpart Simon Coveney said there was “no legal or political justification” for overriding the agreed trade rules in Northern Ireland. Writing in British newspaper […]
17 hours ago
FILE - California Gov. Gavin Newsom discusses the recent mass shooting in Texas during a news confe...
Associated Press

‘Join us in California’: Newsom targets GOP in Florida ad

SACRAMENTO, Calif. (AP) — Gov. Gavin Newsom is running for reelection in California, but his latest television ad is airing in Florida. The 30-second spot scheduled to air on Fox News starting Monday takes shots at Florida Gov. Ron DeSantis and his policies, while drawing a contrast with California. “Freedom, it’s under attack in your […]
17 hours ago

Sponsored Articles

Christina O’Haver

BE FAST to spot a stroke

Every 40 seconds—that’s how often someone has a stroke in the United States. It’s the fifth leading cause of death among Americans, with someone dying of a stroke every 3.5 minutes.
Arizona Division of Problem Gambling

Arizona Division of Problem Gambling provides exclusion solution for young sports bettors

Sports betting in Arizona opened a new world to young adults, one where putting down money on games was as easy as sending a text message.
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

ADHS mobile program brings COVID-19 vaccines and boosters to Arizonans

The Arizona Department of Health Services and partner agencies are providing even more widespread availability by making COVID-19 vaccines available in neighborhoods through trusted community partners.
A free-for-all but no crippling cyberattacks in Ukraine war