Russia's first targets in Ukraine: its cell phones and Internet lines.
BY Shane Harris
MARCH 3, 2014
The Russian forces occupying Crimea are jamming cell phones and severing
Internet connections between the peninsula and the rest of Ukraine. Moscow
hasn't succeeded in imposing an information blackout, but the attacks could
be sign that Russia is looking to escalate its military operations against
the new government in Kiev without firing a shot.
Russia has a history of launching cyber attacks on its neighbors with the
aim of disrupting the countries' ability to communicate to their citizens
and with the outside world. One attack in 2008, during Russia's war with
Georgia, accompanied a ground-based military assault and was intended to
disrupt government and media communications.
Although the efforts in Crimea so far have failed to choke the region's
communications lines, experts are concerned that the strikes could be a
precursor to damaging Russian cyber attacks on communications infrastructure
elsewhere in Ukraine, particularly if tensions escalate or Russian military
forces push beyond Crimea. Disrupting Internet service or knocking out
Ukrainian government websites would allow Russia to flex its muscle without
necessarily drawing a military response from Kiev or its Western allies.
The new strikes appear to have been conducted mostly by hand rather than by
hackers, but they have the same goal. On Monday, Reuters reported that
Russian military forces were blocking mobile telephone services in some
parts of Crimea. Russian naval vessels were seen moving into and around the
port at Sevastopol. Russian navy ships are known to carry jamming equipment
that can block phone and radio signals. Two Crimean government web portals
were also offline; it was unclear whether they'd been taken down by
government officials or had been hit with a malicious cyber attack.
The attacks have been escalating for days. On Friday, Ukrtelecom, the
state-owned telecommunications service provider, reported that several of
its offices in Crimea had been seized by unidentified individuals who cut
phone and Internet cables. As a result, customers across nearly the entire
region lost phone and Internet service, and the company said it was no
longer able to provide a link between the peninsula and the rest of Ukraine.
Two days later, armed commandos reportedly cut off power lines at the
Ukrainian navy headquarters in the port city of Sevastopol. Hours later,
Ukraine's UNIAN news agency said other teams of commandos broke into several
Ukrainian navy communications stations and sabotaged communications lines in
an attack similar to the one on Ukrtelecom.
Asked whether the administration was tracking any cyber attacks by Russian
forces against Ukraine or in the Crimea, White House spokesperson Caitlin
Hayden said, "The United States is concerned with all aggressive actions in
Ukraine and expects all parties to abide by recognized international norms
that apply online as well as offline. We are closely monitoring the
situation in Ukraine, including reports that the Internet and
telecommunications have been disrputed in the Crimea."
A spokesperson for the National Security Agency and U.S. Cyber Command
declined to comment about what steps the United States might take to defend
Ukraine's computer networks.
Still, there are clear parallels between the Crimea attacks and those in
Georgia and Estonia in 2007, which were widely attributed to hackers working
at the unofficial behest of the Russian government. Those attacks knocked
government and media websites offline, blocked Internet access, and in
Estonia disabled ATMs. "Russia wants to degrade the ability of Ukraine to
communicate inside and outside the country," said Adam Segal, a senior
fellow at the Council on Foreign Relations who tracks countries offensive
cyber capabilities. "If there is military conflict, cyber attacks will be
used to degrade the ability of conventional forces to operate," Segal said.
If history is a guide, any cyber attacks from Russia might not come directly
from military or intelligence services, but through mercenaries or so-called
"patriotic hackers" Moscow quietly encouraged to strike Estonia and Georgia.
This would give the Russian government the ability to deny that it was
behind any offensive.
"The U.S. president, NATO secretary general and European leaders could call
[Russian President Vladimir] Putin to warn that they are not fooled by his
use of nationalist proxies and will hold him to account," Jason Healey, the
director of the Cyber Statecraft Initiative at the Atlantic Council, wrote
in a blog post Monday. "Since warnings won't sway Putin, they should be
backed with harder options. The U.S. Department of Defense could order its
muscular Cyber Command to prepare to disrupt the attacks if asked to do so
by Ukraine's government."
Healey said "the technical means and proxies used this time are likely to be
similar" as in past conflicts. He added that Western governments should make
clear to Russia that significant cyber attacks on Ukraine would cross a line
and be regarded just like a physical strike. "There is no excuse for
surprise: the Kremlin's habit of routinely resorting to them in the past --
and in situations with far less existential danger for Putin's plans -- are
well known," Healey wrote.
Were Russia to launch a cyber attack on Ukraine, the country would not be
without defenses or the ability to strike back. As early as 2002, Ukraine's
government began to build up its cyber defenses to combat fraud and online
crime, according to a report by the Center for Strategic and International
Studies. Under existing military doctrine, Ukraine's government considers
cyber attacks on vital infrastructure -- including nuclear facilities,
chemical and defense industries, military facilities, and "economic and
information entities" -- as grounds for armed retaliation, according to the
report. A national government agency guards against attempts to penetrate or
disable official computer networks and government communications systems.
"Ukraine has a strong and diverse Internet frontier," according to a recent
analysis by Renesys, a computer intelligence company that monitors Internet
service around the world. "The roads and railways of Ukraine are densely
threaded with tens of thousands of miles of fiberoptic cable, connecting
their neighbors to the south and east (including Russia) with European
Internet markets. The country has a well-developed set of at least eight
regional Internet exchanges, as well as direct connections over diverse
physical paths to the major Western European exchanges. At this level of
maturity, our model predicts that the chances of a successful single-event
Internet shutdown are extremely low."
For the moment, the defenses seem to be holding, with the attacks on
communications lines and mobile phone networks in Crimea causing only
limited damage. Ukrtelecom reported that it was able to restore service five
hours after the intruders cut its lines. Renesys reported that as of last
Friday, traffic routes in Crimea appeared to be functioning normally. The
company doesn't track whether individual websites have come under attack,
nor does it monitor whether telephone systems are working.
Most Internet service providers in Crimea route traffic through Russia,
rather than countries in Europe, said Doug Madroy, a senior analyst at
Renesys. That could give Russian forces easier access to computer networks.
But Crimea is not entirely dependent on one provider for its connections to
the Internet. Some traffic is also routed through carriers in Europe. The
dispersed nature of the networks would make it more difficult for Russia to
knock large swaths of the country offline for long. "In that environment,
it's very hard to have a national outage," Madroy said.