Russia and Ukraine in cyber 'stand-off' By Dave Lee

Technology reporter, BBC News Published duration 5 March 2014 Related Topics Ukraine conflict

image copyright Getty Images image caption Ukrainian security services have accused Russia of disrupting mobile networks

As diplomatic efforts are stepped up to ease tensions in Ukraine, security experts have warned that Kiev and Moscow are locked in a cyber stand-off.

Security forces in Ukraine have accused the Russian army of disrupting mobile communications.

Smaller-scale attacks have seen news websites and social media defaced with propaganda messages.

Cyber-attacks were utilised heavily during Russia's 2008 conflict with Georgia.

In that case, distributed denial of service attacks - known as DDoS - were used to overwhelm websites and servers in Georgia in the weeks leading up to the military action.

The Georgian government said Russia was behind the DDoS attacks, but the Kremlin denied this - stating that it was possible for anyone, inside or outside Russia, to launch such an attack.

Tampering

On Tuesday, Ukrainian authorities confirmed that communication networks had been targeted, the first significant disruption of technology.

"I confirm that an... attack is under way on mobile phones of members of the Ukrainian parliament for the second day in a row," Ukrainian security chief Valentyn Nalivaichenko told journalists.

"At the entrance to [telecoms firm] Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation."

In addition, Ukrtelecom said its premises were raided last week by armed men, and fibre optic cabling was tampered with, causing loss of service for some users.

image copyright Getty Images image caption Cyber-attacks were mounted on Georgian targets ahead of the 2008 conflict

Russian security services have not commented on whether they were behind either incident.

Security experts have speculated that Russia may be exercising restraint with its cyber-capabilities.

Marty Martin, a former senior operations officer with the US Central Intelligence Agency, said more extreme cyber-attacks may only take place if violence escalated.

"A lot of times you don't want to shut things down," he told Reuters.

"If you do that, then you don't get your flow of intelligence. You are probably better off monitoring it."

What we are unlikely to see, experts say, is cyber-attacks of the same scale as in 2007, when Estonia suffered a 10-day attack on its internet services, causing major disruptions to its financial system.

The attacks coincided with a disagreement between Estonia and Russia over the relocation of a Soviet war memorial.

Patriotic

While military action is visible and open to scrutiny from the international community, cyber-activity is considerably harder to track and attribute to a source.

Much of Ukraine and Russia's cyber-attack capability lies with criminal gangs, as well as so-called patriotic hackers willing to work for each country's respective cause.

"If the Russians are able to get their patriotic hackers to effectively participate in a war for them, it could be very effective," said Paul Rosenzweig, founder of Red Branch Consulting, and formerly of US homeland security.

"That's not even beginning to think about the Russian military's capabilities directly, which are also no doubt quite sophisticated, but we've never really seen deployed. The Russian military's capabilities are unclear."

Likewise, Ukraine can also draw on considerable expertise - provided it can be mobilised.

"They are very active and very effective as well," Mr Rosenzweig told the BBC.

"We sometimes mistake Ukrainian groups for Russian groups as they come from roughly similar IP addresses and things like that. The Ukrainians, being slightly more westernised in their nature have expertise based in other countries.

"It's a really effective outside group, a diaspora if you will, but we just don't know whether they will be motivated to fight or not."

Vandalised

Activity from these groups would probably focus on small-scale defacements and disruption, experts believe.

One Ukrainian hacktivist group - Cyber-Berkut - posted a list of 40 websites that it had vandalised since the dispute began.

It included the homepage of state-funded broadcaster Russia Today, which for a short time was altered so that the word "Russians" was replaced with "Nazis".

But Mr Rosenzweig was keen to stress that any perceived damage from these types of cyber-attacks is of little significance if on-the-ground military action is taken.

"We should not overemphasise the importance of cyber," he said.

"Tanks beat cyber-bullets."

Follow Dave Lee on Twitter @DaveLeeBBC