Ukraine at D+22: Kinetic brutality, cyber hacktivism.
N2K logoMar 18, 2022

Russia continues to seek to redress combat failure through direct terrorism. Ukrainian cyber operations appear to score against Russian sites. Well-intentioned hacktivism can have ill effects.

Ukraine at D+22: Kinetic brutality, cyber hacktivism.

Last night's situation report by the UK's Ministry of Defence told a now familiar story of Russian combat failure: "Logistical problems continue to beset Russia’s faltering invasion of Ukraine," the MoD tweeted. "Reluctance to manoeuvre cross-country, lack of control of the air and limited bridging capabilities are preventing Russia from effectively resupplying their forward troops with even basic essentials such as food and fuel." In addition to these self-inflicted wounds, which have stalled ground combat units throughout the theater, the Russian army is having trouble dealing with its enemy. "Incessant Ukrainian counterattacks are forcing Russia to divert large number of troops to defend their own supply lines. This is severely limiting Russia’s offensive potential." Early this morning nothing had changed, beyond the entirely foreseeable increase in human suffering: "Russian forces have made minimal progress this week. Ukrainian forces around Kyiv and Mykolaiv continue to frustrate Russian attempts to encircle the cities. The cities of Kharkiv, Chernihiv, Sumy and Mariupol remain encircled and subject to heavy Russian shelling. The UN now states that the number of refugees fleeing the conflict in Ukraine has already surpassed 3.2 million. This number will continue to rise as a result of ongoing Russian aggression."

The brutal and indiscriminate reduction of Ukrainian cities, especially Kharkiv and Mariupol, continues, as does the high rate of casualties among Russian forces. The western city of Lviv has also begun to experience heavy air strikes. President Putin told a rally this morning that all was proceeding according to plan, that the special military operation showed the unity of all Russians, and that Russia would achieve victory in what Russia maintains is not actually a war, or at least not a war that Russia is actually waging against anyone. "We know what we need to do, how to do it and at what cost. And we will absolutely accomplish all of our plans." Nikkei Asia notes that "coverage of his speech on state television was unexpectedly interrupted by what the Kremlin said was a technical problem with a server."  

Hacktivism and other cyberattacks continue against Russian targets...

Anonymous has resumed (or continued) its campaign of defacement against Russian networked closed-circuit cameras, rigging them to display such messages as "Putin is killing children,” and “352 Ukraine civilians dead. Russians lied to Slava Ukraini! Hacked by Anonymous,” Vice reports.

Russian government websites have also come under attack. In an unusual announcement, Russia's Ministry of Digital Development and Communications said the attacks were "unprecedented." They appear, from the account offered by the Washington Post, to be a mixture of distributed denial-of-service (DDoS) attacks and website defacements. A statement from the Ministry, apparently addressing the DDoS attacks, said, “We are recording unprecedented attacks on the websites of government authorities. If their capacity at peak times reached 500 GB earlier, it is now up to 1 TB. That is, two to three times more powerful than the most serious incidents of this type previously recorded.” Among the website defacements was one affecting the Russian Emergency Situations Ministry website whose content was changed. The Ministry's hotline number was replaced by a heading "Come back from Ukraine alive," followed by a number Russian soldiers could call for assistance should they be interested in desertion.

It's not always clear which actions are those of hacktivists and which are conducted by Ukrainian digital services. WIRED gives high marks to Kyiv's Ministry of Digital Transformation in what amounts to a mash note to a government agency run by "tech-savvy 'freaks'" who've proven themselves to be "a formidable war machine." The closeness of Ukraine's cyber operators to NATO hasn't escaped Russian notice, either. Moscow's ambassador to Estonia, where NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) is located, sees, BleepingComputer reports, more evidence of Western plotting and blackmail. "Our suspicions on this score have turned out to be correct," Ambassador Lipayev explained to TASS in an interview today. "This first step will certainly entail others, pursuing the aim of converting Ukraine into a stronghold for political, economic, ideological and military blackmail of Russia."

...but some hacktivism that affects software supply chains may go too far.

Cloud security firm Snyk has found malicious code in the npm open-source ecosystem that seems motivated by a hacktivist determination to strike Russia and its increasingly shy junior partner Belarus. Snyk explained:

"On March 15, 2022, users of the popular Vue.js frontend JavaScript framework started experiencing what can only be described as a supply chain attack impacting the npm ecosystem. This was the result of the nested dependencies node-ipc and peacenotwar being sabotaged as an act of protest by the maintainer of the node-ipc package.

"This security incident involves destructive acts of corrupting files on disk by one maintainer and their attempts to hide and restate that deliberate sabotage in different forms. While this is an attack with protest-driven motivations, it highlights a larger issue facing the software supply chain: the transitive dependencies in your code can have a huge impact on your security."

Hacker News explains that "Node-ipc is a prominent node module used for local and remote inter-process communication (IPC) with support for Linux, macOS, and Windows. It has over 1.1 million weekly downloads."

An npm manager wrote and published an npm module that he described as follows: "This code serves as a non-destructive example of why controlling your node modules is important. It also serves as a non-violent  protest against Russia's aggression that threatens the world right now. This module will add a message of peace on your users' desktops, and it will only do it if it does not already exist just to be polite." At the very least, Snyk says, this particular form of protest calls into question the trustworthiness of the maintainer (nom-de-hack "RIAEvangelist") and his other contributions. Snyk concludes:

"Snyk stands with Ukraine and we’ve proactively acted to support the Ukrainian people during the on-going crisis with donations and free service to developers world-wide, as well as taking action to cease business in Russia and Belarus. That said, intentional abuse such as this undermines the global open source community and requires us to flag impacted versions of node-ipc as security vulnerabilities."

On the Russian side, hacking support comes mostly from criminal gangs.

Russia's own cyber operations have been augmented by the privateering of some familiar criminal gangs. Further analysis of leaked Conti chatter suggests that the gang's coordination with the official organs is close but largely ad hoc. Arctic Wolf has an interesting discussion of what's emerged about Conti. While the gang was quick to profess its patriotic support for what President Putin has called Russia's "Special Military Operation" and what the UN calls a war of aggression, Conti is showing some surprising internal fissures in its political commitents.

Information operations: repression and counter-repression.

All the Russian unity Mr. Putin praised during an appearance at his big Special Military Operation rally doesn't of course extend to the "traitors and scum" whom the Russian people will spit out like the "gnats" or "midges" they might inadvertently swallow. The AP reviews President Putin's Wednesday speech on the topic, notes the "crudity" of his language, and predicts a sharp crackdown on dissent, in part born of frustration at the poor performance of his forces on the ground. "His rant appeared to reflect his frustration about the slow pace of the Russian offensive, which bogged down on the outskirts of Kyiv and around other cities in northeastern Ukraine. Russian forces made comparatively bigger gains in the south, but they haven’t been able to capture the strategic port of Mariupol on the Sea of Azov, and their advance along the Black Sea coast also has stalled."

An early subject of Russia's new laws against criticizing the Special Military Operation is a food entrepreneur, blogger, and influencer who's expressed opposition to the operation. The Guardian quotes Veronika Belotserkovskaya, who faces up to fifteen years in prison upon conviction, as saying, "To find out I was the first one to be charged was both amusing and shocking. I joked that I was officially declared a decent person."

Opponents of Russia's war have worked to find ways of penetrating Moscow's censorship. The Record describes the work of a group of Polish programmers who have been working to circumvent information blackouts by contacting individual Russians directly, and by doing so at scale.

Internally, Russian dissent is said to have found an outlet in Clubhouse, a social medium without a large Internet presence, and which the Russian organs appear to have overlooked, at least for now, Input reports.

An example of diplomatic disinformation and debunking.

Governments and platforms operated by the private sector have generally taken two approaches to countering disinformation: blocking (which includes jamming and deplatforming), and debunking (rumor control, fact-checking, pre-bunking, etc.). Debunking can sometimes take the form of satire and ridicule, and there's an example of this out of Canada at week's end.

To set the story up it's necessary to take a glance through the looking glass at the Twitter feed maintained by the Russian mission to the United Nations. They lead with a pinned tweet, offered apparently more in sorrow than in anger: "We regret to say that [Ukraine] both used to be and remains a pawn in our Western colleagues’ geopolitical struggle against [Russia]. All those years West didn't care for the people of Donbas including women & children who suffered and died under [Ukrainian] shelling." ("Colleagues" is a nice irenic touch; the word is even warmer and friendlier in Russian than it is in English.)

The Russian mission to the UN has requested that the Security Council take up the issue of US biolabs in Ukraine, about which it says Russia has discovered new evidence during its "SMO," that is, its "special military operation," that is, its invasion. "We've requested an emergency session of the Council tomorrow morning to discuss again the issue of US #biolabs in #Ukraine taking into account new documents that we have discovered during the SMO. We will send a letter to the #UAE Presidency on this matter immediately."

The Canadian mission to the United Nations had a polite response to an earlier Russian move at the UN, a letter dated Wednesday that amounted to Russia's pious and thoroughly mendacious call for an international effort to ameliorate suffering in Ukraine, as if that suffering were either a natural disaster or someone else's fault entirely, probably those Western colleagues mentioned supra. Anyway, Russian permanent representative Vassily Nebenzia was seeking the support of other nations for Russia's resolution that "all parties" respect international humanitarian law, and sought inter alia to hip everyone to the medical supplies and other humanitarian aid Russia was delivering to suffering Ukraine. The Russian mission is presenting the proposal to the Security Council tomorrow, presumably along with the biowar stuff, and anyway the Russians say their idea is a lot better than that biased and unreasonable stuff the French and Mexicans are offering the General Assembly, because, of course, Russia's highest priority is the amelioration of human suffering. Ambassador Nebenzia closes by saying he extends his offer to co-sponsor Russia's proposal with "assurances of my highest consideration." It's a strikingly mendacious letter, even by the low standards of wartime diplomacy.

The Canadian diplomats posted an image of the letter to which they'd taken a high-school English teacher's red pen. "Thank you @RussiaUN for your letter dated March 16. Please see our suggested edits below." The suggested changes all point out Russia's sole responsibility for the war and its many atrocities; accompanying editorial questions ask how Russia might justify its positions. See the original in the Canadian mission's Twitter feed and read the whole thing. Extra credit, Canada, for pointing out the text's uncertainty concerning the use of articles.

British ministers pranked by someone pretending to be Ukraine's prime minister.

The UK's Defence and Home Secretaries, Ben Wallace and Priti Patel, respectively, separately entered Microsoft Teams meetings (which Mr. Wallace said had been properly set up) during which they believed, initially, that they were talking to Ukrainian Prime Minister Denys Shmyhal. The Telegraph reports that, while his interlocutor looked like Mr. Shmyhal and was sitting in front of a Ukrainian flag, the Defence Secretary grew suspicious when the person-who-looked-like-Shmyal began asking about British naval deployments and Ukrainian intentions. (Presumably the real Prime Minister Shmyhal wouldn't need the UK to tell him what his government's intentions were.) Mr. Wallace ended the call after eight minutes and has ordered an investigation. Ms Patel's experience was similar. The Guardian's account of the incidents as "hoaxes," leaving open the question of whether Russian services were behind them, but it's equally severe about the security measures that made it possible for an impostor to get through to members of the Cabinet. If the calls were the work of Russian intelligence services, it represents something new. Who expected Moscow to call and in effect identify themselves as I.P. Freely? One would expect more. A call like that might convince Moe Szyslak for a minute, but a Cabinet minister? A question: are phone pranks more or less credible when they arrive through business collaboration tools?