Cyber warfare related to the Ukraine-Russia conflict is surging as digital volunteers from around the world enter the fight.
The number of cyberattacks being waged by — and on behalf of — both countries since the outbreak of the war is “staggering,” according to the research arm of Check Point Software Technologies.
“For the first time in history anyone can join a war,” said Lotem Finkelstein, head of threat intelligence at Check Point Software. “We’re seeing the entire cyber community involved, where many groups and individuals have taken a side, either Russia or Ukraine.”
“It’s a lot of cyber chaos,” he said.
Grassroots, global uprising
In the first three days following the invasion, online attacks against Ukrainian military and governmental sectors increased by 196%, according to Check Point Research (CPR). They also modestly increased against Russian (4%) and Ukrainian (0.2%) organizations, according to the data, while simultaneously falling in most other parts of the world.
Since then, Ukrainian authorities estimate some 400,000 multinational hackers have volunteered to help Ukraine, said Yuval Wollman, president of cyber security company CyberProof and the former director-general of the Israeli Intelligence Ministry.
“Grassroots volunteers created widespread disruption — graffitiing anti-war messages on Russian media outlets and leaking data from rival hacking operations,” he said. “Never have we seen this level of involvement by outside actors unrelated to the conflict.”
Three weeks in, Ukraine continues to sustain a barrage of online attacks, with most aimed at its government and military, according to CPR’s data.
Moscow has consistently denied that it engages in cyberwarfare or assists cyberattacks. On Feb. 19, the Russian embassy in Washington said on Twitter that it “has never conducted and does not conduct any ‘malicious’ operations in cyberspace.”
CPR data shows attacks on Russia decreased over the same timeframe, said Finkelstein. There may be several reasons for that, he said, including Russian efforts to reduce the visibility of attacks or increased security to defend against them.
‘IT Army of Ukraine’
As a long-time target of suspected Russian cyberattacks, Ukraine is seemingly welcoming the digital help.
One member of the group is Gennady Galanter, co-founder of information technology company Provectus. He said the group is focused on disrupting Russian websites, preventing disinformation and getting accurate information to Russian citizens.
“It’s working,” he said, clarifying that he’s acting in his own capacity, and not for his company.
Still, Galanter said he has mixed feelings about participating. One tactic employed by the group is distributed denial of service attacks, which try to make targeted websites inaccessible by overwhelming them with online traffic.
“It’s hooliganism,” he said, yet at the same time Galanter, who fled the Soviet Union in 1991 and whose wife is Russian, said he feels compelled to help do his part to “deliver truth and deny lies.”
He’s donated money, he said, but now, he added, “I’m doing this because I don’t know what else to do.”
Galanter said he’s concerned current efforts may be insufficient against Russia’s cyber capabilities. He also said he’s worried the group’s efforts may be dismissed as Ukrainian or Western propaganda or labeled a disinformation machine of the very type he says he’s fighting against.
“The reality is that a lot of my friends in Russia, my relatives … they’re completely misinformed,” he said. “They have a deeply inaccurate view of what’s going on — they just put to doubt what we say.”
Galanter said his company shut down its operations in Russia and helped to relocate employees who wanted to leave. He said the company told employees: “The world has become pretty white and black. Those of you who share our perception of reality, you’re welcome to join us.”
“Just like these people are now, I was a refugee,” he said. “What [Putin] wants to create is exactly what I escaped.”
It’s widely expected that Moscow and its supporters will retaliate against countries that side with Ukraine, and potentially the growing list of banks and businesses that are withdrawing from the country.
Elon Musk tweeted on March 4 that the decision to redirect Starlink satellites and deliver internet terminals to Ukraine meant that the “probability of being targeted is high.”
Experts warn reciprocal retaliation could lead to a “global cyberwar” between Russia and the West.
Russia is widely believed to be behind several digital attacks against Ukraine in the weeks prior to the invasion, but since then Russia has shown restraint, “at least for now,” according to Wollman.
Still, reports of growing anger inside the Kremlin over new sanctions, compounded by Russia’s military failures in Ukraine, may make cyber warfare one of few remaining “tools” in Putin’s playbook, he said.
“What tools does the Kremlin have against sanctions? They don’t have economic tools,” said Wollman. “According to some, a cyber response would be the likeliest Russian countermeasure.”
Spillover to other conflicts?
The Ukraine-Russia war could inflame other long-standing territorial conflicts as well. Two Taiwanese tech startups, AutoPolitic and QSearch, announced last week they are providing free technology assistance to Ukraine and to “Ukrainian online activists around the globe” to counter Russian propaganda on social media.
“Being a Taiwanese who lived under constant propaganda and threats of invasion from our cousin-neighbor, I feel a special bond with Ukrainians and acidic anger at their invaders,” said AutoPolitic founder Roger Do, via a press release.