Information war on Ukraine is already going on

“At the command of the terrorist Lukashenka, Belarusian Railway allows the occupying troops to enter our land. We encrypted some of BR’s servers, databases and workstations to disrupt its operations.” It is Monday, January 24th, just after 3 pm, when Twitter account @cpartisans claims responsibility for a remarkable incident.

At the command of the terrorist Lukashenka, #Belarusian Railway allows the occupying troops to enter our land. We encrypted some of BR's servers, databases and workstations to disrupt its operations.❗️Automation and security systems were NOT affected to avoid emergency situations

— Belarusian Cyber-Partisans (@cpartisans) January 24, 2022

The self-proclaimed “Belarusian Cyber-Partisans” have struck the Russian army, which uses the Belarusian railway network to transport armoured vehicles and other equipment to the border with Ukraine. The “Cyber-Partisans” condemn. By shutting down part of the railway infrastructure, they halt the entire war machine. Unexpected, unseen and highly effective.

In the turmoil around Ukraine, all eyes are on the equipment deployed everywhere. Yet the clash of arms seems to distract from what is really at stake. For many years now, Russia has effectively called the shots in the Ukrainian cybersphere – sometimes softly, sometimes with a hard blow.

The action in Belarus now put the mastermind behind many cyber-attacks at a disadvantage. However, revenge can never be far away. The hacker group demanded the release of political prisoners –as opposed to the ransom money usually paid in similar accidents– also complicates the geopolitical situation. It could draw Belarus deeply into the conflict between Russia and Ukraine.

Russian support

Back to Ukraine. Two days before Christmas 2015, a cyberattack on Ukraine’s power utility cuts off power to nearly 250,000 citizens. Almost a year later, in December 2016, a new power failure left many Ukrainians in the dark. In 2017, another cyber-attack followed. Many Ukrainian banks, ministries and companies are affected.

The cyber-attacks differ in size and scope, but they all have in common that they disrupt Ukrainian society and cause damages worth billions of dollars to businesses. Following an attack, security researchers worldwide are investigating the attacks. By discovering the operating mechanism at an early stage, they can minimise the damage – and possibly prevent victims from falling in other corners of the world. Their various investigations always lead to the same conclusion: these attacks are the work of sophisticated hackers, who sometimes hide in vulnerable systems for years before unleashing an uncontrollable chain reaction with the flick of a finger.

These hackers are located within the Russian sphere of influence. However, it sometimes remains unclear whether they operate independently or receive their instructions directly from the Kremlin. What is certain is that the Russians benefit from disruption in their neighbouring country – and protect hackers who try this on their soil.

Digital battlefield

In the past decade, the many –and often far-reaching– cyberattacks have shown that the Ukrainian infrastructure knows no secrets to Russian hackers. Moreover, the security of the systems, which were often also outdated, proved frankly inadequate. Much has changed since then, although it remains a matter of time until the next attack brings society (partly) to a standstill.

Especially in times of military tension, this entails great risks. Hackers can not only disable Ukrainian weapon systems –thus robbing the country of its defence mechanisms– but amid the clash of arms, even a tiny cyberattack could ignite a fire.

The mere fact that Russian cybercriminals are also targeting neighbouring countries is not reassuring either. In recent years, Estonia –and Lithuania– also fell victim to cyberattacks. Initially launched in Ukraine, attacks spread quickly to other countries via the internet networks. In 2017, for example, a ransomware attack called Petya spread to countries including France, Germany, Poland and the US. The ransomware was powerful enough to bring down entire energy companies, petrol stations and banks. One more such action on Ukrainian soil and the “digital guerrilla war” could turn into an explosion of violence in the cybersphere.

This article was published previously in the Dutch Reformatorisch Dagblad on January 29th 2021