The escalation of tension in Crimea is having repercussion also in cyberspace. Russia cyber strategy appears similar to the one adopted before the invasion of Georgia (2008)

The year 2014 started with a diplomatic crisis in Crimes and Ukraine. The tension rose just after the 2014 Ukrainian revolution, in which the government of President Viktor Yanukovych was ousted after a popular revolt in Kiev. In the region there are groups contrary to the protest that desire the integration of Crimea with Russia, and these groups are opposed to others consisting of Crimean Tatars and ethnic Ukrainians which supported the revolution. The deposed president Yanukovych during the days of revolution covertly requested the intervention of the Russian military to stabilize the internal situation of Ukraine.

The Ukrainian government accused Russia of interference in Ukraine’s internal affairs and invasion of the country, but Moscow denied these accusations. The Russian militia involved in the Peninsula of Crimea was also reinforced with other resources, including a couple of vessels of the Russian Black Sea Fleet, which violated Ukrainian waters.

After the events precipitated on March 1, the Russian parliament approved President Vladimir Putin’s order to use military force in Ukraine.

The Russian Cyber Strategy

The tension between Russia and Crimea has a corresponding conflict in cyber space. Numerous attacks were registering on both sides during the revolution in Kiev, and the cyber offensives have had an escalating after the approval of the Russian parliament for military use in the Crimea. The decision of the Russian government has triggered a series of events in cyber space as state-sponsored cyber units, groups of hacktivists, and cyber criminals started their campaigns against the enemies.

Ukraine’s mobile phone infrastructure is under attack, according to the declaration of Valentyn Nalivaichenk, the head of Ukraine’s SBU security service during a press conference. The official stated that the country is suffering a serious attack in the last few days. The attack against Ukraine’s mobile phone infrastructure originated in Crimea and is interfering with the phones of members of the parliament.

“I confirm that an IP-telephonic attack is under way on the mobile phones of members of Ukrainian parliament for the second day in a row,” declared Valentyn Nalivaichenko, according the Reuters agency.

Ukraine’s telecommunications system has come under attack. The attackers used equipment installed within Ukrtelecom networks in the Crimea region under the control of Russian forces. This circumstance has raised tension between the two countries, and although the majority of the Crimean population is pro-Russian, the sabotage is interpreted by the government of Kiev as an intolerable act of war. The equipment is blocking the phones of Nalivaichenko and his deputies.

“At the entrance to (telecoms firm) Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation … The security services are now seeking to restore at least the security of communications,” according to the security chief. “All state information security systems were unprepared for such a brazen violation of the law,” Nalivaichenko said.

The attack is not isolated. Internet connections within the peninsula of Crimea have been severely hampered. Not yet identified militias have seized the offices of telecommunications service provider Ukrtelecom, cutting phone and Internet cables. Militias also set up roadblocks to isolate Crimea from the rest of the Ukraine. Both military operations appear as part of a strategy to isolate the region in case of attack.

Security experts believe that the mission for the Russian military is to isolate the region, and probably for this reason Russian naval vessels were placed in the port at Sevastopol: the units are carrying jamming equipment to block radio communications. Ukrainian naval communications stations around the area of Sevastopol and power lines have been already sabotaged. The Crimean peninsula is suffering numerous denial of service attacks , and Ukrainian telecom provider Ukrtelecom JSC reported that “unknown individuals seized several Crimean communications facilities” last week and that communications between the peninsula and the rest of Ukraine have been degraded as a result of “unknown actions [that] physically damaged fiber optic trunk cable[s].” Other disconcerting news reports that all communication services in Crime have been shut off, including Internet and mobile.

The attacks have taken place also on the Web, as numerous website were already attacked. Two government websites in Crimea were shut down, but it is not clear if they were brought down by foreign hackers or by the same officials of local government.

Other media sources report that the Crimean Peninsula’s landline, Internet, and mobile services have been almost entirely shut off. Military experts have no doubt that this is the prelude to a kinetic operation. In particular, Russia adopted the same strategy in 2008 when it isolated Georgia by taking control of government websites and interfering with Internet activities in the country that was without its own Internet exchange point (IXP) and was reliant on foreign governments, including Russia, for nearly 70% of its Internet exchange capacity.

The Ukraine seems to have just one Internet exchange point located in Crimea, so it’s quite easy for Russian cyber units to isolate the region.

“Ukraine has a strong and diverse Internet frontier … The roads and railways of Ukraine are densely threaded with tens of thousands of miles of fiberoptic cable, connecting their neighbors to the south and east (including Russia) with European Internet markets. The country has a well-developed set of at least eight regional Internet exchanges, as well as direct connections over diverse physical paths to the major Western European exchanges. At this level of maturity, our model predicts that the chances of a successful single-event Internet shutdown are extremely low,” revealed a recent analysis by intelligence company Renesys, which monitors Internet service around the world.

Two Crimean government web portals also went offline, but the cause is still unclear. The attacks also hit Russian entities. The most famous victim is the Russian news agency, Russia Today. Its website was defaced by unknown hackers.

In an information warfare context, the principal targets are critical infrastructure of a country. We must consider that the Russian government dedicates huge investments to improve cyber capabilities and it is possible that in case of an imminent kinetic attack, the government of Moscow will use also cyber weapons to destabilize defensive structures in the area.

If you are interested to see how Russian entities are operating in the cyber space and which is the role of groups of hacktivists in the cyber dispute between Russia and Ukraine read the complete post on the Infosec Institute

Pierluigi Paganini

(Security Affairs – Crime , cyber warfare)

Share this...

Linkedin Reddit Pinterest

Share On