ROME. Escalation underway in cyberwar in Ukraine amidst invisible weapons, stolen data, Ddos attacks and malware, while the EU is alert. IT Army halts Russian advance. Meanwhile, the war in Ukraine pushes the governments of the European Union to accelerate on a common “cyber shield”, a series of measures to protect European computer networks. The European Commissioner for the Internal Market, Thierry Breton attended the informal meeting in France of the European telecommunications ministers. And he explains: “We have all expressed the need to build a European cyber shield very quickly and together, with real IT border guards in order to make it work in a coordinated and united way”. on a European network of security operations centers and automated lookouts that will constantly analyze computer networks to detect possible attacks.A principle of solidarity between States in the event of an attack and the updating of the European regulatory framework will also be envisaged.
Perimeter of war
In the ongoing war in cyber space, actors and weapons used are multiplying with the risk that they can spread outside the perimeter of the conflict, generating the so-called “spillover”, as experts call it, making a parallel with the pandemic. Or that they are used for more purely criminal purposes. At the moment there are about fifty deployments in the field in the cyber war, about fifteen groups have declared themselves on the side of Russia, among those pro Ukraine stand out Anonymous and the IT Army of Ukraine. To keep track of the deployments in cyber space is the CyberKnow cybersecurity research group, at the moment it has identified over 50, but they are constantly updated because there are many small attacks, not of great effect, or entities that are difficult to verify. About fifteen support Russia, they have carried out hacking actions or Ddos attacks, that is, they have taken sites offline, they have used a series of new malware targeting Ukrainian military institutions, government agencies and companies. Among these groups is the Belarusian Ghostwriter, also intercepted by the Google security team, which has conducted phishing campaigns aimed at the Polish and Ukrainian government, military organizations and users. On the other hand, the pro-Russia Conti Group is wavering, with an openly criminal past that after the announcement of loyalty to Moscow suffered civil disobedience from an internal member who disclosed the data. About thirty pro Kiev groups emerge from the updated CyberKnow list.
The commandos
They come from the most disparate countries: Georgia (BlackHawks and Gng), Turkey (Monarch Turkish Hactivist), Indonesia (GreenXparta_9haan). The best known are the IT Army set up by the Ukrainian government to organize the cyber counter-offensive against Russia (coordinated through Telegram and currently has 280,000 members) and Anonymous. The activist group has declared war on Moscow in a tweet and is conducting a series of demonstration actions to bring down Russian censorship of the war, with the latest entering 400 Russian webcams. “At the moment the great danger is linked to the spillover effect, that is, if a malware that is conceived for actions on local infrastructures then spreads and affects other countries – explains Pierluigi Paganini, expert in cybersecurity and intelligence -. And the highest alert is not so much for the more structured groups as for the medium-sized enterprises, the backbone of the nation, most exposed to attacks. The alert of the Italian CSIR of a few days ago should be read in this sense ». As a side effect of cyber warfare, it could also happen that the enormous availability of data stolen by the armies of both sides could end up in the hands of traditional cybercrime. “Today’s criminals actively collaborate with each other, they have now consolidated cartels of identifiable criminal services, such as” Ransomware as a Service “, real organized crime, which has understood how much cyber crimes can be profitable”, comments Sofia Scozzari. member of the board of Clusit, the Italian Association for Information Security.
Affected sites
Over 2,000 sites have been affected so far, even if the calculation is necessarily approximate: Anonymous does not have an official structure by choice, and anyone can claim on behalf of the collective of cyber attacks. There are tens of thousands of them on the net. In any case, on the real effects of these attacks, on their real usefulness beyond their scenic effect, at the moment there are more question marks than certainties. Of course, Anonymous has struck sensational blows in their own way during its “OpRussia” operation: the first, on February 26, it put down the Kremlin and Moscow Defense websites, part of the database of which was released; on March 2, the attack on the site of the Russian space agency, Roscosmos; also on the two, the collective published documents showing that the Russian attack had been decided on January 18 and a rather detailed map of the invasion; in the past seven days it has made several Russian news outlets and news agencies unreachable, put back on their feet and taken down again, as well as several sites of Russian energy giants, including Gazprom and Lukoil. But these have always been short-lived attacks. The sites were back on their feet in a few hours. And anyone who trusted the masked hero to stop the invasion of kerosene tanks at the moment can be at least partially disappointed.
Limits
“War is too serious a thing to be fought in cyberspace. And therefore today we are seeing all the limits of a cyberwar within a real armed conflict, the warring one, the ‘kinetic’ one, made up of bombs, planes and tanks “, underlines Stefano Mele, lawyer and member of the Italian Atlantic Committee in an interview hosted on the YouTube channel of the IT security expert, Matteo Flora. «Having a very low real effect, cyberspace has a more tactical connotation in a state of war. It is not useful to carry out cybernetic operations perhaps aimed at hitting essential services, because you are so close to the military. The cyber sphere was actually important for everything that was before the conflict, through propaganda, or attacks on news sites. At the moment it has much less effect », highlights Mele.
Mobilization
There has been a massive mobilization in the world. Hundreds of hackers, cyberactivists have begun to carry out attacks, to claim the offline government site or a small office in the Ural district. On the net, a great expectation has been created towards Anonymous and the following collective: still on Twitter under each of their tweets there are dozens of comments asking for attacks on some site in particular, someone asks to take control of the tanks , aviation, perhaps a little too much even for a masked hero. And if now the effect of a cyber attack seems much more muted than before, it is still true that before the battlefield, the first operations were carried out in the digital sector. Slovak experts from Eset Research identified on the evening of February 23, so just before the first Russian troops entered Ukrainian territory, about 200 attacks on the official sites of Ukrainian banks and institutions with hundreds of virus-infected machines capable of “taking the data available from the databases ”, tweeted the official account of the group. At the same time, the civilian satellite internet network managed by the American company Viasat, which covers northern Europe, was the victim of “a cyber attack with tens of thousands of terminals rendered inoperable”, reports Michel Friedling, commander of the French space agency. start of this week.
IT Army
In response, Ukrainian Deputy Prime Minister Mykhailo Fedorov announced on February 26 on Twitter, a channel on which he has been very active since the beginning of the conflict, that he was creating a cyber army of volunteer hackers (“IT Army”). “There will be missions for everyone!” He wrote, providing the address of a group on the Telegram messaging service, which was quickly joined by more than 292,697 people at the moment, including the famous collective Anonymous. On this group, new targets are regularly shared in Russia and Belarus: official websites, telecommunication power grids, banks or cryptocurrency platforms, even the Glonass satellite positioning system, the Russian equivalent of GPS. A little less than 24 hours had passed since the entry of Russian tanks into Ukraine when on the Italian night between 24 and 25 February Anonymous declared “total cyber war” on Putin. In a video posted on Twitter, the collective speaks to the world through a hooded man with his face covered by the famous Guy Fowks mask. The effect was immediate. Since then coordinated attacks, lone wolves and Twitter claims have multiplied. An unprecedented mobilization of hackers and cyberactivists from all over the world, ready to defend Ukraine from their keyboards, to try to cause damage of any kind to Russia. A hunt for holes in the Kremlin’s security systems has begun, attacks have multiplied on news sites, state and non-state news agencies, sites of energy giants and small local libraries. The messages of broken sites are multiplying, but it still seems something very different from the dreaded cyberwar. Or at least, there is currently no reason to fear it more than the real effects of a warring conflict. Sure, there’s a lot of emphasis on attacks.
Infrastructure in focus
According to reports from AFP, who translated some of the channel’s messages, for example Olivier Laurelli, a blogger, writes that he attacked Gazprom’s web infrastructure and managed to broadcast the “heavy metal version of the Ukrainian anthem” on a station. radio of the Russian oil giant, followed by a speech by President Zelensky. The company had to disconnect the server, “because they no longer had control over it,” he later told the agency. “People there don’t know what’s going on in Ukraine,” he said, admitting, however, that his attack on him was mainly aimed at creating some humor. But, “when millions of people in city centers are under fire, what are data leaks and paralyzed websites worth?” Asked journalist Patrick Howell O’Neill for example in MIT Technology Review a few days ago. Little, probably worth little. It is certainly worth less than a fight carried out a few tens of meters from a nuclear reactor, it is worth less than a tank bombing civilian homes, it is worth less than a war that has returned to Europe with all its load of horror. And there is no mask, however reassuring, that can sweeten its brutality. And Howell O’Neill’s question remains central ten days after Anonymous’s declaration of war.
Unlimited access to all site content
€ 1 / month for 3 months, then € 3.99 / month for 3 months
Unlock unlimited access to all content on the site
#invisible #weapons #war #Ukraine #Malware #DDOS #Attacks #Army #Stops #Invasion