The ongoing conflict in Ukraine marks only the second truly conventional war of the 21st century (the first being the war between Armenia and Azerbaijan) in which one side’s army did not immediately collapse.
And also the largest wartime military deployment of any country since the Iraq war. Along with a host of other ramifications, this means this is the first war in which both sides can field high-end computing capabilities. Intelligence agencies around the world are watching the conflict closely to see how to plan operations should their nations enter a conventional conflict.
Military wisdom says that “The first casualty in war is the truth” and the volume of disinformation already emerging practically underlines this. Keep in mind, therefore, that the observations on which I base my reflections could be completely wrong precisely for this reason. That said, I try to base my speculation on reasonable dynamics, evaluating and linking existing dynamics to see how they might interact in a more or less truthful picture.
Ukraine: the Cyberguerra where anyone can be a soldier, everyone is a target
Unsurprisingly, Ukraine is urging its technical elites to hit Russian targets from their keyboards. Considering the advantageous asymmetry of launching such attacks, why shouldn’t they? A lone individual with only one computer and the right trade can compromise and disrupt entire networks, including those that support critical infrastructure. The ransomware attack on the Colonial Pipeline illustrates this vividly.
Another element that makes hacking attacks so devastating is that can be launched from anywhere, against any target. In this or any other conflict, what is stopping hackers around the world from taking sides?
The hacker collective Anonymous claims to be involved, but why stop there? You can bet that the nation-state hacking forces are looking for ways to flip the ladder to their favorite faction in the Russia-Ukraine hostilities. I wouldn’t be surprised if the NSA, Cybercom, and Chinese state hackers thought they were involved, if only to conduct a reconnaissance.
But again, literally any hacker, even acting alone, can take up arms (keyboards) and, as the conflict has broken out along very different geopolitical and legal lines, there is little risk of one side suffering consequences from the other. .
Russia and the United States do not have an extradition treaty. So, if a worried American decides to deal a heavy blow to Ukraine, for example through Russian DDoS e-commerce or social media platforms with a botnet, it has little to fear that the United States will send them to Russia for trial.
Along with a broader scope of participation, there is also a broader scope of objectives. Any user who can hit a net can also be hit. When there is an all-out network war, any network in a warlike nation will be seen as a target.
Civilian and military infrastructure are closely linked, so an attack to inflict military damage will also harm civilians. Compromising a Russian social media site will prevent soldiers from coordinating, but it will also prevent civilians protesting hostilities from coordinating.
Internet-based tools for receiving information in real time provide ordinary remote observers an unprecedented view of the conflict. Amateur content creators around the world are quickly proving this as they use exactly such open source intelligence tools (OSINTs) to produce analysis on conditions in Ukraine.
Probably the richest source of real-time updates are crowdsourcing apps. The integration with Waze of Google Maps means that we can infer refugee flows from where the traffic is most intense. There are also apps like Citizen that allow residents to warn each other of dangers by shooting videos and pinning them to a time and place on a map. I would be amazed if this or similar app wasn’t used by Ukrainians to track and avoid the most intense fights.
Online civil infrastructure tools have also shed light on the state of the fighting. Flight trackers show possible spy planes circling the airspace where other aircraft are desperately trying to avoid it. One way Ukraine determined the extent of fighting in the Chernobyl Exclusion Zone was a massive increase in radiation detected by IoT sensors on site.
Among all these tools (and others), with some of them running on any monitor, you can get a real-time view of the conflict. Then there are the social networks. In an environment where anyone can pose as anyone to say anything, the result is a mix of fact and fiction that evolves too quickly for professionals to verify.
On Reddit, an alleged American tank mechanic has dispensed advice to Ukrainian civilians on how to disable Russian armored vehicles. Deployed Russian soldiers trying to connect via dating apps make themselves vulnerable to patriotic Ukrainian women extracting information from them only to damage them when their guard is off.
On numerous platforms, Ukrainian militias are sending out their Russian assembly points and positions to rally the fighters for a push against the enemy. Ukrainian President Volodymyr Zelenskyy himself took to social media to post provocative videos of his commitment to defending Kiev.
While all of the above efforts are plausible, whether (or to what extent) they are going to be successful is entirely unknowable, as everyone has an irresponsible alias on the internet, which leads to questions like:
- Is that field observer in Ukraine a civilian or a Russian infiltrator?
- When they broadcast movements of Russian troops, is it to drive Ukrainian units there and civilians away, or is it to misdirect the enemy to allow rapid Russian advances?
- Does that Ukrainian government website or social media account provide useful information on where civilians can avoid concentrated fighting, or have Russian state hackers compromised it to drive civilians into harm?
These are legitimate questions put forward for a more than valid reason at this point. Then, of course, there are the “cyber” capabilities of the nation-state of the belligerents themselves. Russia has long been a major player among offensive nation-state hackers. Russian state hacking operations are so sophisticatedIndeed, it could take even months or years for world-class intelligence agencies to detect the extent of Russian activity and, for us civilians, confidential information will come out even more slowly.
A couple of weeks ago, a deepfake video of Ukrainian President Volodymyr Zelenskyy appeared online.
A deepfake of Ukrainian President Volodymyr Zelensky calling on his soldiers to lay down their weapons was reportedly uploaded to a hacked Ukrainian news website today, per @ Shayan86 pic.twitter.com/tXLrYECGY4
– Mikael Thalen (@MikaelThalen) March 16, 2022
While it’s still unclear who created this deepfake, given the amount of videos Zelenskyy posted online to boost morale, how difficult it would be for Russian state hackers to run a deepfake machine learning algorithm on a supercomputer and start posting fake videos. by Zelenskyy?
Then, of course, there is the use of the kinetic power of the conventional state to influence the power of the network. Imagine what Russia could achieve if her soldiers took control of the main Ukrainian Internet service providers? As with the conflict itself, our understanding of the Internet’s role in warfare is making its way down increasingly dangerous paths.
#Ukraine #technological #war #21st #century