(New York) Experts touted Russia’s power in cyber warfare. On the eve or at the beginning of the aggression of Ukraine by the army of Vladimir Putin, they evoked the specter of a multiplication of computer attacks against the country of Volodymyr Zelensky and those who support him.
Posted at 7:00 a.m.
In the hours before Russian troops entered the Donbass, the sites of several Ukrainian banks and ministries were targeted by a denial of service attack. Researchers have also detected malware installed on hundreds of computers in Ukraine. But since then, nothing, or almost. Why ?
In the United States, the question confuses experts.
“It overwhelms me that we continue to see these videos being filmed and broadcast from Ukraine,” Virginia Democratic Sen. Mark Warner said Monday, referring to Russia’s ability to “shut down entire systems, including the Internet”.
“Will we see cyberattacks in the next few days? Asked the man who chairs the Senate Intelligence Committee, during a virtual meeting organized by the Center for Strategic and International Studies (CSIS), a Washington-based think tank.
“I think that remains a possibility,” he added, answering his own question. Are they holding this in reserve for potential use against the West or the United States? Again, we’ll see. »
There are many possible reasons for the absence of large-scale Russian cyber operations in Ukraine or elsewhere, according to Chris Painter and Greg Rattray, two other participants in the CSIS meeting.
Errors in judgment
Chris Painter, former cybersecurity coordinator at the US State Department, first mentions the progress made by Ukraine since the hacking of its electricity network, perpetrated on December 23, 2015 and attributed to the Russian group Sandworm.
“They’ve spent some time trying to build their infrastructure, their cybersecurity,” he said, noting that the US State Department had paid Ukraine $40 million over the past few years for the help protect against cyberattacks.
Of course, we all know that with a determined opponent like Russia, you can be very good in defense, they will still come in. And that’s what we haven’t seen. I think we will see it. That this is held in reserve.
Chris Painter, cybersecurity expert
Greg Rattray, partner and co-founder of a cybersecurity company, believes that the error of judgment of Vladimir Putin and his close guard on the Russian invasion of Ukraine may explain the absence of Russian cyberattacks. until now.
“The Russians thought they would win easily, a massive error in judgment,” said the man who has been advising Ukraine since 2020 on cybersecurity. “So they had reasons not to attack critical infrastructure. They wanted these to work for the regime they intended to install in place of the current government. »
Greg Rattray puts forward another hypothesis: “I have the firm conviction that they are not as deeply encrusted [dans les systèmes informatiques] and capable than we, myself included, thought, at least in Ukraine. But everyone is right: we must continue to raise our shields as the crisis continues. »
A risk of escalation
Russia is obviously not the only country capable of engaging in cyber warfare. The United States likely has capabilities that would allow it to blackout Moscow or cripple Russia’s military command and control system.
Why don’t they use it to stop the atrocities committed by the Russian army in Ukraine?
“It could cause an escalation,” replied Chris Paintert. It could be akin to a physical attack if we cause the kind of damage we’re thinking of. It would also burn our abilities if we wanted to use them later in the event of a Russian escalation against us. »
Computer ransomers
Cyberwar can also be the concern of more or less independent actors. Since the beginning of the Russian invasion of Ukraine, the United States and its Western allies have been particularly concerned about computer ransomers who have already succeeded in several resounding attacks in the past, including that targeting the American company Colonial Pipeline in May 2021.
“Before the invasion, people wondered if Russia would allow ransomware groups to become more active again. We haven’t seen anything significant on this front. What I’m hearing in the US and around the world is that ransomware activity continues at a normal level, maybe even below normal,” said Greg Rattray.
Ukraine has called on an army of volunteer hackers to protect its critical infrastructure and help its military with cyber espionage and surveillance of invading forces. Are these cyberattackers, provided they have answered Ukraine’s call, effective?
In the fog of war, it is sometimes difficult to see clearly. This is even more true in cyberspace.