Ukraine at D+106: Cyber ops and escalation.

The heavy fighting for what Ukrainian President Zelenskyy called the "dead cities" of the Donbas (killed, it should be noted, by indiscriminate Russian artillery fire) continues. The Guardian says the combat there has become "an artillery war," which renders delivery of Western systems and, especially, ammunition, all the more important.

This morning's situation report from the UK's Ministry of Defence touches on some of the difficulties of occupation. "Fighting continues around Sieverodonetsk. Russia is again in control of most of the city, but its forces have made little progress in attempts to encircle the wider area from the north and south. Russia is struggling to provide basic public services to the population in Russian-occupied territories. Access to safe drinking water has been inconsistent, while major disruption to telephone and internet services continues. There is likely a critical shortage of medicines in Kherson, while Mariupol is at risk of a major cholera outbreak. Isolated cases of cholera have been reported since May. Ukraine suffered a major cholera epidemic in 1995, and has experienced minor outbreaks since, especially around the Azov Sea coast - which includes Mariupol. Medical services in Mariupol are likely already near collapse: a major cholera outbreak in Mariupol will exacerbate this further." This is awful but not surprising. Civil administration and restoration of public services are essentially logistical problems, and the Russian army has shown no aptitude for logistics.

Russia warns, again, that it will meet cyberattacks with appropriate retaliation. (China says "us too.")

A statement from Russia's Foreign Ministry yesterday warned that Moscow will respond to cyberattacks, Reuters reports. “Rest assured, Russia will not leave aggressive actions unanswered,” Director of the Department of International Information Security of the Ministry of Foreign Affairs of Russia A.V. Krutskikh said. “All our steps will be measured, targeted, in accordance with our legislation and international law.” NBC News quoted the Foreign Ministry as accusing Washington of “deliberately lowering the threshold for the combat use” of cyber weapons. And the consequences of a lower threshold means that escalation will be the fault of the West. “The militarization of the information space by the West, and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” A "direct military clash" would be kinetic combat.

The proximate occasion of the Foreign Ministry's warning appears to be this past weekend's website defacement of a second-tier Russian ministry's webpage to display the motto, "Glory to Ukraine." The civilized world wouldn't regard nuisance-level hacktivism as a casus belli, but things look different from the Kremlin. "I will emphasize what has already been said more than once: state institutions, critical and social infrastructure facilities, storage of personal data of our citizens and foreigners living in Russia are being hit," Mr Krutskikh explained. "Officials in the United States and Ukraine are taking responsibility for the sabotage. It is there that they categorically refuse to develop international legal foundations. They do not seem to fully realize how dangerous aggressiveness and encouragement of gangsterism ["banditisma," that is, "banditry"] in the field of information security." (We leave it to the reader to contemplate the irony of the government that leads the world in the toleration and direction of cybercriminals warning the civilized world about the risks of encouraging "banditry." Tell it to Conti, Andrey; tell it to REvil, now that they're out of your slammer.)

Mr. Krutskikh also denounced distributed denial-of-service attacks. "This is mainly about DDoS attacks," he said. "According to experts, in order to carry out massive DDoS attacks involving 'cyber volunteers', attackers use malicious software based on the servers of Hetzner (Germany) and DigitalOcean (USA) supplier companies. Foreign specialized platforms (War.Apexi.Tech, Ban-Dera.com) are actively used, the online capacities of IPstress.in and Google servers are regularly used. As of May 2022, over 65,000 'sofa hackers' from the USA, Turkey, Georgia, and EU countries regularly took part in coordinated DDoS attacks on our country’s critical information infrastructure, including Rutube video hosting. In total, 22 hacker groups are involved in illegal operations against Russia." DDoS has, in the current hybrid war, been more characteristic of Russian than Ukrainian cyber operations. The latter have more often than not involved website defacement.

An expansive and touchy self-image may have something to do with such sensitivity. Yesterday Russian President Putin, marking the 350th birthday of Tsar Peter I (Peter the Great), noted that his predecessor's (for that is how Mr. Putin thinks of Tsar Peter I) great achievement was the conquest of the land (from Sweden) on which the Tsar would build St. Petersburg. The conquest was, in Mr. Putin's view, a rectification of borders, returning to Russia what should have been its territory all along. “He [Tsar Peter] was returning it and strengthening it,” the New York Times quotes Mr. Putin as saying, and then adding, in an obvious allusion to his special military operation, “Well, apparently, it has also fallen to us to return and to strengthen.” That is, by taking Ukraine.

China has also commented, with disapproval, on US Cyber Command's General Nakasone's allusion to having engaged in a full spectrum of cyber operations. The Register reports that Foreign Ministry spokesman Zhao Lijian said "The US needs to explain to the international community how these 'hacking operations' are consistent with its professed position of not engaging directly in the Russia-Ukraine conflict." He went on to object to American cybersecurity assistance to third-parties generally, or, as he put it, US deployment of "cyber military forces in some small and medium-sized countries." Mr. Zhao warned small and medium-sized countries that accepting this kind of American security help is dangerous. "These countries need to keep their eyes wide open and beware whether such deployment could embroil them in a conflict they are not looking for," he said, observing that cyber conflict could easily escalate into kinetic, even nuclear, war.

The Register dryly notes that "The two nations' very similar statements, made on successive days, may not be coincidental."

Reports that Ukrainian bandits are reselling arms to terrorists appear to be Russian disinformation.

BleepingComputer reports that the cyber intelligence firm KELA is investigating offers in various dark web souks that appear to be posted by Ukrainian bandits listing Western-supplied weapons (like Javelin anti-tank missiles) for sale to terrorists. While the descriptions and the pricing seem realistic, KELA and Bleeping Computer conclude that the posts are Russian spoofs. News of the offers circulated early and often in Russian Telegram channels, and they appear to be deliberate disinformation. Is it possible that weapons delivered in military aid could be pilfered by criminals? Sure. But this doesn't appear to be a widespread phenomenon in the case of Russia's war against Ukraine, and the offerings in the dark web are in all probability Russian disinformation.

Canada on "high alert" for Russian cyberattacks.

Canada's Public Safety Minister Marco Mendicino told the House of Commons public safety committee yesterday to expect Russian cyberattacks at the Federal, provincial, and local levels. “I cannot emphasize enough how important it is that, in the current geopolitical environment in which we find ourselves, that we are very much on high alert for potential attacks from hostile state actors like Russia,” Global News quotes him as saying. The Public Safety Minister also noted that the private sector was equally at risk.

Montréal-based defense contractor CMC electronics, Global News reported in another article, came under attack by a Russophone ransomware group in May. The attackers were probably affiliated with the ALPHV/BlackCat ransomware-as-a-service operation. Canada has been a consistent strong supporter of Ukraine against Russia's war. Canada is the world center of the Ukrainian diaspora: more people of Ukrainian origin live in Canada than in any other country except Ukraine itself, and Russia.