CYBERWARFARE: RUSSIA’S ATTACKS ON UKRAINE AND USE OF NSA’S CYBER WEAPONS
This is my third post on computer hacking and cyberwarfare, part of my overview of New York Times cybersecurity reporter Nicole Perlroth’s outstanding book, This Is How They Tell Me the World Ends. [1] My first post summarized the book’s information on:
· The scale of computer hacking, cybercrime, and cyberwarfare,
· The 2017 worldwide ransomware attack by North Korea using a Microsoft Windows vulnerability stolen from the U.S. National Security Agency (NSA), and
· The 2009 cyberwarfare attack by the NSA on Iran’s uranium enrichment plant.
My second post provided an overview of the book’s reporting on:
· Electronic surveillance in the U.S. and the use of encryption to protect privacy, and
· Leaks from the NSA, including of its cyberwarfare weapons.
This post provides an overview of Russia’s cyberattacks on Ukraine. Russia is and has been a formidable and active player in espionage and international warfare since the 1950s Cold War, which Perlroth touches on as background for her reporting on cyberwarfare.
Not surprisingly then, Russia has been an early, active, and formidable participant in cyberwarfare. It has attacked Ukraine both to demonstrate its capabilities to the world and to display its ongoing displeasure with independence in Ukraine, which threw out the Russian puppet government in 2014. Russia’s cyberwarfare has interfered with Ukraine’s elections and its everyday life. In 2014, Russia planted disinformation during Ukraine’s election and engaged in serious cyber hacking of its election infrastructure. Ukrainian election officials discovered the hacking just before manipulated results would have been announced to the media. It was the most brazen cyberattack on a national election ever at the time.
For its next attack, on Christmas Eve in 2015, Russia’s cyber warriors flipped off circuit breakers in the Ukrainian power grid, turning off electricity for hundreds of thousands of people. They also shut off backup power in many locations and shut down emergency phone lines. Things were turned back on roughly six hours later, but the message and the capabilities were clear. This represented an escalation of cyberwarfare; no country had ever shutdown another country’s civilian power grid before. A year later, Russia did it again, this time shutting down the power and heat in the Ukrainian capital of Kyiv.
On June 27, 2017, Russia launched another, much more devastating cyberattack on the Ukraine, this time using weapons from the U.S. National Security Administration (NSA) that had been stolen and leaked in 2016 and 2017. (See my previous post for more details on this leak.) Russia specifically timed its attack to occur on Ukraine’s independence day to underscore its political message. The attack shutdown government offices, trains, ATMs, the postal service, and almost all financial systems so people couldn’t get paid and electronic cash registers didn’t work so people couldn’t buy anything, even food and gas. Even the radiation monitors at the Chernobyl nuclear disaster site were shutdown. The attack destroyed the data on 80% of the computers in Ukraine. The damage was so severe that it took over two years for Ukraine to recover from this Russian cyberattack.
Not unexpectedly, the cyberweapons (i.e., malicious computer programming) that Russia used in the attack on Ukraine self-propagated through the Internet and other computer networks so that any company doing business in Ukraine was vulnerable. The cyberweapons shutdown factories in Tasmania, destroyed vaccines at pharmaceutical companies Pfizer and Merck, infected FedEx’s computer systems, and brought the world’s biggest shipping company, Maersk, to a halt. The cyberweapons even spread back to Russia, destroying data at the giant, Russian government-owned oil company, Rosneft, and at the Russian steelmaker, Evraz.
When author Perlroth visited Ukraine in the winter of 2019, a year and a half after the attack, the damage estimate there was $10 billion and climbing, and significant disruption of daily life was still evident. Railroad and shipping systems were still not back to normal, pension checks still hadn’t been received, and people were still trying to find packages that had gone missing when shipment tracking data was lost, for example. It was also estimated that the attack cost just Merck, Fed Ex, and all the other companies that were affected billions of dollars. Some insurers refused to pay for damages from this cyberattack, claiming it was an act of war and therefore fell under a war exemption clause in their policies.
This Russian cyberattack made it clear that cyberweapons are weapons of mass destruction. Russia could have done much worse. It could have crashed trains and planes instead of just disabling scheduling, ticketing, and payment systems. It could have created explosions or toxic incidents at manufacturing plants or nuclear power plants.
Some experts believe Russia used the NSA’s tools in this attack to discredit and expose the NSA and the U.S. government. Others believe Russia was just using this attack, and the earlier ones in the Ukraine, to test its capabilities and prepare or signal its capability to execute even more devastating attacks in the future. By the way, Russia has continued to harass Ukraine. For example, in 2019, it inundated Ukrainian Facebook accounts with anti-vaccination propaganda as the worst measles outbreak of recent times spread there.
In subsequent posts, I will outline the Perlroth book’s reporting on:
· The Chinese attack on Google and Google’s response,
· The cyberattacks on U.S. elections and the Trump administration’s response, and
What can be done to counter cybercrime and warfare at the individual and go
[1] Perlroth, N. This Is How They Tell Me the World Ends. Bloomsbury Publishing, NY, NY. 2021.