Ukraine at D+104: Cybercrime as a force multiplier.
N2K logoJun 8, 2022

Russia and Ukraine treat the Donbas as a decisive theater. Cyber gangs serve as a Russian "force multiplier." And US officials warn that the cyber threat from Russia remains as high as ever (and Russia says tu quoque).

Ukraine at D+104: Cybercrime as a force multiplier.

The UK's Ministry of Defence (MoD) reviews the back-and-forth in the central Donbas, and the Ukrainian offensive aimed at retaking Kherson. "While Russia is concentrating its offensive on the central Donbas sector, it has remained on the defensive on its flanks. Ukrainian forces have recently achieved some success by counter-attacking in the south-western Kherson region, including regaining a foothold on the eastern bank of the Ingulets River. With the frontage of the occupied zone stretching for over 500km, both Russia and Ukraine face similar challenges in maintaining a defensive line while freeing up capable combat units for offensive operations." In Kherson itself, the occupiers are aggressively enforcing a program of Russification. "In the occupied Kherson region, Russia is forcibly aligning its administration with that of the Russian Federation by introducing the Russian rouble as legal tender and employing Russian teachers to introduce the Russian curriculum and language to schools. Russia will highly likely claim its occupation of Kherson as evidence of delivering improved governance and living standards to the Ukrainian people."

Ukrainian forces may, the AP reports, be considering pulling back from some of the ground they're contesting around Sievierodonetsk. The Wall Street Journal sums up the contest in the Donbas as embodying an attempt by both sides to make specific strategic points. Russia wants to demonstrate that it can take and hold ground after its humiliating failure to take Kyiv early in the war. Ukraine wants to show that it's capable of winning against the larger forces that its enemy can deploy. The Donbas represents an easier objective for Russia. First, it had a head-start on the region's conquest, having had forces in Luhansk and Donetsk for several years. Second, the Donbas is a relatively narrow strip of territory that's within range of artillery positioned near or over the Russian border. This enables the Russian army to deliver indiscriminate fire--something it can do--without the need to maneuver or supply mobile forces--something it showed itself incapable of during its failed attempt to take Kyiv. The nature of the combat suggests why Ukraine wants more Western multiple rocket launchers (MLRS and HIMARS) and why it's welcomed the receipt of both counterbattery radars and gun howitzers (towed M777s and self-propelled M109s).

US officials continue to rate the threat of Russian cyberattack as high.

US cybersecurity officials, speaking at the RSA Conference in San Francisco, urge businesses not to grow complacent about the continuing threat of cyberattack. The Wall Street Journal quotes CISA's Jen Easterly “I don’t think we are out of the woods in terms of a threat at this point in time. We’re only 100 days into this war,” she said. “We know that it’s part of the Russian playbook to use malicious cyber activity, whether it’s through a state-sponsored entity, whether it’s through criminally aligned groups," she said. “Given the kinetic nature of the fighting, the brutality and the atrocities, there has been a lot of focus on that aspect of it, but there has also been a huge amount of cyber activity from the Russians against Ukraine." NSA's cybersecurity director Rob Joyce concurred: “What I can say is, from intelligence, the threat was and is real. The Russians have a capability that we need to be cautious about, and they are at a decision point of if or when they choose to apply that." An op-ed by Easterly and National Cybersecurity Director Chris Inglis published this week in CyberScoop also emphasized the continuing threat of Russian cyber operations.

Russia, for its part, sees aggression in cyberspace as largely an American phenomenon. A Washington Post analysis summarizes recent statements from Moscow warning that the US must face the consequences if it continues what the Kremlin characterizes as a cyber campaign against Russia. “We do not recommend that the United States provoke Russia into retaliatory measures," Foreign Ministry cyber lead Andrei Krutskikh said. "A rebuff will certainly follow. It will be firm and resolute. However, the outcome of this ‘mess’ could be catastrophic, because there will be no winners in a direct cyber clash of states.”

For its part the US continues to detail Russia's use of cybercriminals as deniable privateers. The gangs amount to a "force multiplier." Decipher quotes Matt Olsen, US Assistant Attorney General for National Security, who spoke about the issue at RSAC: “We know they’re very focused on being able to establish persistent access to United States critical infrastructure and they have a very sophisticated set of actors in their foreign intelligence service,..They also have a force multiplier in the way they’re able to co opt the criminal groups... We’re still seeing that trend of Russia cooperating with the criminal groups." The Wall Street Journal notes that US sanctions have presented the gangs with difficulties in monetizing their attacks, particularly their ransomware attacks, by interfering with their ability to receive and launder payments, but that's interference only with their ability to cash out, not their ability to go on the attack. Their role as a combat multiplier is likely to continue.

Civilians in cyber war.

Western tech companies, notably Palantir, Google, Microsoft, and SpaceX, to list just a few, have played a significant part in delivering support to Ukraine in the cyber phases of the current war. (And see this article in Axios Denver for an expression of local pride in what the Centennial State is doing for Kyiv.) Their role is an overt, legitimate, and so far as can be seen defensive, counterpart to the role being played by privateering gangs working on behalf of Russia.

But these and other activities also raise questions about how easy it will be to develop norms for cyber conflict along the lines of those that exist for armed conflict, that is, kinetic war. One of the principal tenets of the just war tradition is discrimination, that is, the obligation belligerents have to distinguish the military from civilians, and to avoid harm to the latter. Military targets are legitimate targets under the usages of war, but for the most part civilian targets should be off limits to attack. Wired notices, however, that the proliferation of tech, the ubiquity of smartphones, may be eroding the military-civilian distinction. Civilians are using their devices, sometimes with apps dedicated to that purpose, to help Ukrainian forces keep track of Russian activities. Espionage, for example, is not protected by the laws of armed conflict. Is someone in a village who phones in a report acting as a spy, and thus as a combatant? The question isn't entirely new, but the sheer quantity, the ready availability, and the connectivity that consumer electronics now give people has given that question more importance, and has rendered the answers murkier.

Broadcast interference and propaganda.

Over the weekend, as Ukraine played Wales in a World Cup qualifying round, Russian operators replaced the game feed in the online television platform OLL.TV with what Ukraine's State Service of Special Communication and Information Protection (SSSCIP) called "propaganda news by Russian mass media." The Russian news feeds, of course, featured tendentious coverage of the special military operation. OLL.TV halted the feed until it could eject the Russian content and resume normal broadcasting. The SSSCIP continues to express concern over disinformation, which it sees as a core Russian threat. Gov Info Security points to OLL.TV's Facebook page, which put the incident down to envious Russian soccer fans' resentment of Ukrainian success. "Envious [Russia] is trying to spoil the viewing of the match of the National Team for the 2022 World Cup. We are making every effort to neutralize the cyberattack as soon as possible." 

Strange are the ways of love.

Among other signs of disaffection among Russian troops are indications that some of them are looking into the possibility that a hasty, bogus wedding might get them redeployed home. The Telegraph reports that intercepted calls released by Ukrainian intelligence services include exchanges like this: “'I’ve already told a female friend: ‘Can you go to the registry office and file for a marriage?’' the man said in a phone chat peppered with expletives. 'Anyway, I was told: ‘No way. This is not an option’.'” So, no honeymoon in Chelyabinsk for you, Ivan Illych, but desperate times call for desperate measures, and you can't blame a chelovek for trying.