1. Comment
March 15, 2022updated 19 Mar 2022 1:54pm

Cyber tactics used in Ukraine are not new – just more visible

As the conflict in Ukraine rages on, news of various cyberattacks and operations continues to come through. DDoS attacks on government websites, data wiper attacks at the borders, and attacks against services provided by the likes of Microsoft and Amazon have all made the news.

To many, it appears that the landscape of war has changed—cyber operations are now front and center. However, the situation in Ukraine is not new. Military cyber operations have been active and evolving for the past 30 years but have nearly always been actioned by secretive state agencies. The prevalence of social media and communication technologies means that these operations are now being made visible.

Cyberattacks in Ukraine

Distributed denial-of-service, or DDoS, attacks have been occurring throughout the invasion of Ukraine. A DDoS attack is a coordinated attack in which multiple connected machines flood a network, server, or website with so much data as to make it unusable. Government websites have been hit with such attacks since the start of Russia’s invasion on 24 February. Due to their disruptive nature, DDoS attacks can be used to distract from more destructive attacks, such as data wiper attacks.

In a data wiper attack, data on an infected device is destroyed. Such attacks have also been prevalent in the conflict, largely taking place against financial, aviation, and IT services companies.

However, a significant example that was captured in the news was a data wiper attack against a Ukraine border control station. This forced border agents to process refugees on pen and paper, reducing the speed of the process massively. It is also likely that there have been other types of attacks that remain unreported. This is either because their targets are politically sensitive, or Ukraine believes it gains a strategic advantage by not reporting.

A brief history of cyberwarfare

Such attacks, although shocking, are not new. In fact, the last 30 years have seen several examples of military cyber operations that were equally, if not more, destructive. In 2007, for example, an attack on an alleged Syrian nuclear reactor was undertaken in what became known as Operation Orchard. In this attack, the Syrian air defense network was knocked offline, supposedly by a secret built-in kill switch. This allowed Israeli fighter jets to cross Syria, bomb their target, and return without harm.

The invasion of Ukraine is also not the first time Russia has coordinated a conventional military operation alongside cyberattacks. In the Russo-Georgian War in 2008, Russia began cyberattacks three weeks before shooting actually began, in what is regarded as the first case in history in which cyberattacks were coordinated with major conventional military action.

Ukraine’s IT army

What is interesting in the Ukraine conflict, however, is Ukraine’s call for an IT army—a volunteer cyber unit that is run through cloud-based instant messaging service Telegram. Its creation was announced by the country’s vice prime minister on Twitter.

The tactic of an IT army is not new either. State-sponsored cyberattacks take place often, with the perpetrators being either government agencies such as the NSA or criminal organizations acting on behalf of the government. What is new, however, is the very public nature of the organization’s actions. Operational tasks are shared through a Telegram channel that is publicly accessible, meaning anyone with sufficient digital skills can participate in defending Ukraine and attacking Russian targets.

As the world continues to become more digitally connected and technologically advanced, the tactics of war will change. Furthermore, the atrocities of war will be more publicly viewable. Hopefully, the public nature will make states think more before committing to conflict.