Ukraine at D+225: Abandoned tanks and discontented hawks.
N2K logoOct 7, 2022

Russian supporters of the war are increasingly disaffected, and the finger of blame increasingly points toward the Defense Minister. The US Ambassador-at-Large for Cyberspace and Digital Policy reflects on the course of the hybrid war and sees deterrence working.

Ukraine at D+225: Abandoned tanks and discontented hawks.

Ukrainian forces continue to push their counteroffensive into Russian-held territory. Some of that advance has been enabled by captured Russian equipment, abandoned in working order on the battlefield by demoralized Russian troops, according to the Wall Street Journal. Surrendering or retreating Russian forces have failed to destroy or disable their equipment, large quantities of which have fallen into Ukrainian hands, the UK's Ministry of Defense reported this morning. "Re-purposed captured Russian equipment now makes up a large proportion of Ukraine’s military hardware. Ukraine has likely captured at least 440 Russian Main Battle Tanks, and around 650 other armoured vehicles since the invasion. Over half of Ukraine’s currently fielded tank fleet potentially consists of captured vehicles. The failure of Russian crews to destroy intact equipment before withdrawing or surrendering highlights their poor state of training and low levels of battle discipline. With Russian formations under severe strain in several sectors and increasingly demoralised troops, Russia will likely continue to lose heavy weaponry."

Poor performance becomes an issue within Russia.

Poor Russian combat performance and growing losses are beginning to arouse criticism in Russia itself. The lightning rod for much of it has been Defense Minister Shoigu, who seems likely to assume the role of fall guy for the special military operation's difficulties. Kirill Stremousov, the quisling whom Russian forces installed as deputy head of the Moscow proxy administration in Kherson, said in his Tetegram channel that things were so bad any self-respecting Defense Minister would commit suicide. “Indeed many people say that if they were the Minister of Defense, who brought things to this state of affairs, they would shoot themselves, if they were real officers,” the Washington Post quotes Mr. Stremousov as saying. “But the word officer is incomprehensible to many,” he added. Defense Minister Shoigu, who holds a general's rank and has been Defense Minister for a decade, has no actual experience as an officer, and is widely regarded in Russia as a costumed civilian, a Siberian crony of the President's.

Russian troops may lack motivation, but some draft evaders are showing a great deal of it. In what must count as some sort of record, Military Times reports that two Russian men fleeing conscription boated across the Bering Strait to Alaska, where they requested and received asylum. The two, now being processed in Anchorage, came ashore at a small town's beach on St. Lawrence Island. Where they came from isn't clear, but it seems likely to have been Siberia's Chukotka Peninsula, which means a trip of some thirty-six miles across some nasty water.

Killnet and US state government sites.

CyberScoop has an update on how US states, particularly Colorado, Kentucky, and Mississippi, are recovering from the DDoS attacks that took some sites offline briefly this Wednesday. The incidents seem for the most part to have been quickly contained, but that hasn't inhibited Killnet, in an Ozymandian mood, from calling its action “USA Offline.” Some of the group's website defacements have displayed the Statue of Liberty in front of a mushroom cloud, the scene emblazoned with the motto "F*ck NATO." It's low-grade vandalism. Low-grade, dadaesque heckling can in principle have some effect (contrast, for example, the doge memes of the North Atlantic Fella Organization) but Killnet's stuff in all candor doesn't seem to be in the Fellas' league.

Erich Kron, security awareness advocate at KnowBe4, offered some reflections on the damage low-grade vandalism can do. “The Internet has provided opportunities for people to cause havoc across the globe much more easily than in the past," he said. "Hacktivists, such as those that appear to be behind this, can now reach further and make bigger statements which are more publicly visible, than ever before. In the case of these state government websites, the disruption of service, while inconvenient, is far less of a problem than a data breach involving the theft of personally identifiable information. Whether it's the defacement of websites, or taking them offline with attacks such as Distributed Denial of Service (DDoS) attacks, it does erode public trust in the organizations that these websites represent.”

Killnet is generally held to be a criminal group closely aligned with Russian government interests. The Five Eyes' joint advisory of April 20th, 2020, assessed them as such: "according to open-source reporting, Killnet released a video pledging support to Russia... Killnet claimed credit for carrying out a DDoS attack against a U.S. airport in March 2022 in response to U.S. materiel support for Ukraine." As a purely criminal group Killnet would have to be assessed as a fizzle--they're unlikely to be making a living from DDoS and website defacements--but their operations make sense if they're functioning as an auxiliary of Russian intelligence services.

Evading sanctions with cryptocurrency.

Cryptocurrencies are well-adapted to serve as vehicles for remittances, and, while there's nothing inherently criminal or nefarious about them, they have been used by criminals for both money laundering and carrying out illicit transactions. Russians interested in evading sanctions have also turned to alt-coin, Wired reports this morning, with Russian paramilitary support groups (like Save Donbas and REAR) turning to crypto exchanges to take in funds. Most of the exchanges being used are "high-risk" Russian operations, but some exchanges in China and India are also serving as transfer mechanisms. The intake is not, by defense budget standards, large, amounting only to some $4 million, and so the sanctions violations amount to a nuisance as opposed to a serious threat. By comparison Ukraine, which is not laboring under sanctions, has raised about $77 million in alt-coin contributions.

US cyber ambassador on deterrence and the state of Russia's hybrid war.

Ambassador-at-Large for Cyberspace and Digital Policy Nate Fick, the first official to hold the new US State Department post, was sworn in on October 4th. Yesterday he addressed journalists on, among other matters, the current state of Russian cyber operations in the war against Ukraine. He advocated extending deterrence across the cyber domain, and is encouraged by what the NATO unity he sees in this respect. Deterrence seems, he thinks, to have inhibited Russian cyberattacks outside Ukraine. "We haven’t seen yet a ton of lateral escalation using cyber means outside Ukraine by the Russians," he said, adding, "I think that there is a robust deterrence framework that’s part of the NATO Alliance, and I would attribute that, at least in part, for why there haven’t been widespread Russian cyber attacks outside Ukraine."

Within Ukraine itself, Kyiv seems to have achieved deterrence through denial. Ambassador Fick thinks the private sector has made a notable contribution in this respect. "Inside Ukraine is – one of the interesting success stories of early days is the – kind of the effectiveness of public-private partnerships on the ground with software vendors that have, in some cases, hundreds of millions of systems deployed in Ukraine and the feedback loop between them and the U.S. Government on things like threat intelligence sharing and then pushing patches out to systems." He subsequently added, "Inside Ukraine, I think that there actually has been some meaningful degree of malicious Russian cyber activity, at least that they’ve attempted. And I think that one of the reasons that it hasn’t had the impact that the Russians hoped it would have is because of this tight feedback cycle that’s happening between the software vendors and hardware vendors who have stuff deployed in Ukraine and their partnership with the U.S. Government and the Ukrainian Government and NATO to convey that – to accelerate that feedback cycle."

He declined to comment on the potential for US or NATO offensive cyber operations in the present war.

(For a useful overview of ongoing state-directed cyber activity, see the Council on Foreign Relations and its useful Cyber Operations Tracker.)