Tuesday, March 4, 2014

Russia's first targets in Ukraine: its cell phones and Internet lines


Hack Attack

Russia's first targets in Ukraine: its cell phones and Internet lines.


    BY Shane Harris

    MARCH 3, 2014




The Russian forces occupying Crimea are jamming cell phones and severing

Internet connections between the peninsula and the rest of Ukraine. Moscow

hasn't succeeded in imposing an information blackout, but the attacks could

be sign that Russia is looking to escalate its military operations against

the new government in Kiev without firing a shot.


Russia has a history of launching cyber attacks on its neighbors with the

aim of disrupting the countries' ability to communicate to their citizens

and with the outside world. One attack in 2008, during Russia's war with

Georgia, accompanied a ground-based military assault and was intended to

disrupt government and media communications.


Although the efforts in Crimea so far have failed to choke the region's

communications lines, experts are concerned that the strikes could be a

precursor to damaging Russian cyber attacks on communications infrastructure

elsewhere in Ukraine, particularly if tensions escalate or Russian military

forces push beyond Crimea. Disrupting Internet service or knocking out

Ukrainian government websites would allow Russia to flex its muscle without

necessarily drawing a military response from Kiev or its Western allies.


The new strikes appear to have been conducted mostly by hand rather than by

hackers, but they have the same goal. On Monday, Reuters reported that

Russian military forces were blocking mobile telephone services in some

parts of Crimea. Russian naval vessels were seen moving into and around the

port at Sevastopol. Russian navy ships are known to carry jamming equipment

that can block phone and radio signals. Two Crimean government web portals

were also offline; it was unclear whether they'd been taken down by

government officials or had been hit with a malicious cyber attack.


The attacks have been escalating for days. On Friday, Ukrtelecom, the

state-owned telecommunications service provider, reported that several of

its offices in Crimea had been seized by unidentified individuals who cut

phone and Internet cables. As a result, customers across nearly the entire

region lost phone and Internet service, and the company said it was no

longer able to provide a link between the peninsula and the rest of Ukraine.


Two days later, armed commandos reportedly cut off power lines at the

Ukrainian navy headquarters in the port city of Sevastopol. Hours later,

Ukraine's UNIAN news agency said other teams of commandos broke into several

Ukrainian navy communications stations and sabotaged communications lines in

an attack similar to the one on Ukrtelecom.


Asked whether the administration was tracking any cyber attacks by Russian

forces against Ukraine or in the Crimea, White House spokesperson Caitlin

Hayden said, "The United States is concerned with all aggressive actions in

Ukraine and expects all parties to abide by recognized international norms

that apply online as well as offline. We are closely monitoring the

situation in Ukraine, including reports that the Internet and

telecommunications have been disrputed in the Crimea."


A spokesperson for the National Security Agency and U.S. Cyber Command

declined to comment about what steps the United States might take to defend

Ukraine's computer networks.


Still, there are clear parallels between the Crimea attacks and those in

Georgia and Estonia in 2007, which were widely attributed to hackers working

at the unofficial behest of the Russian government. Those attacks knocked

government and media websites offline, blocked Internet access, and in

Estonia disabled ATMs. "Russia wants to degrade the ability of Ukraine to

communicate inside and outside the country," said Adam Segal, a senior

fellow at the Council on Foreign Relations who tracks countries offensive

cyber capabilities. "If there is military conflict, cyber attacks will be

used to degrade the ability of conventional forces to operate," Segal said.


If history is a guide, any cyber attacks from Russia might not come directly

from military or intelligence services, but through mercenaries or so-called

"patriotic hackers" Moscow quietly encouraged to strike Estonia and Georgia.

This would give the Russian government the ability to deny that it was

behind any offensive.


"The U.S. president, NATO secretary general and European leaders could call

[Russian President Vladimir] Putin to warn that they are not fooled by his

use of nationalist proxies and will hold him to account," Jason Healey, the

director of the Cyber Statecraft Initiative at the Atlantic Council, wrote

in a blog post Monday. "Since warnings won't sway Putin, they should be

backed with harder options. The U.S. Department of Defense could order its

muscular Cyber Command to prepare to disrupt the attacks if asked to do so

by Ukraine's government."


Healey said "the technical means and proxies used this time are likely to be

similar" as in past conflicts. He added that Western governments should make

clear to Russia that significant cyber attacks on Ukraine would cross a line

and be regarded just like a physical strike. "There is no excuse for

surprise: the Kremlin's habit of routinely resorting to them in the past --

and in situations with far less existential danger for Putin's plans -- are

well known," Healey wrote.


Were Russia to launch a cyber attack on Ukraine, the country would not be

without defenses or the ability to strike back. As early as 2002, Ukraine's

government began to build up its cyber defenses to combat fraud and online

crime, according to a report by the Center for Strategic and International

Studies. Under existing military doctrine, Ukraine's government considers

cyber attacks on vital infrastructure -- including nuclear facilities,

chemical and defense industries, military facilities, and "economic and

information entities" -- as grounds for armed retaliation, according to the

report. A national government agency guards against attempts to penetrate or

disable official computer networks and government communications systems.


"Ukraine has a strong and diverse Internet frontier," according to a recent

analysis by Renesys, a computer intelligence company that monitors Internet

service around the world. "The roads and railways of Ukraine are densely

threaded with tens of thousands of miles of fiberoptic cable, connecting

their neighbors to the south and east (including Russia) with European

Internet markets. The country has a well-developed set of at least eight

regional Internet exchanges, as well as direct connections over diverse

physical paths to the major Western European exchanges. At this level of

maturity, our model predicts that the chances of a successful single-event

Internet shutdown are extremely low."


For the moment, the defenses seem to be holding, with the attacks on

communications lines and mobile phone networks in Crimea causing only

limited damage. Ukrtelecom reported that it was able to restore service five

hours after the intruders cut its lines. Renesys reported that as of last

Friday, traffic routes in Crimea appeared to be functioning normally. The

company doesn't track whether individual websites have come under attack,

nor does it monitor whether telephone systems are working.


Most Internet service providers in Crimea route traffic through Russia,

rather than countries in Europe, said Doug Madroy, a senior analyst at

Renesys. That could give Russian forces easier access to computer networks.

But Crimea is not entirely dependent on one provider for its connections to

the Internet. Some traffic is also routed through carriers in Europe. The

dispersed nature of the networks would make it more difficult for Russia to

knock large swaths of the country offline for long. "In that environment,

it's very hard to have a national outage," Madroy said.





No comments:

Post a Comment