Ukraine at D+21: War crimes on the ground, information operations in cyberspace.
N2K logoMar 17, 2022

Russia's ground assault remains stalled as it doubles down on the bombardment of cities. Hacktivist seek to penetrate Russian Internet censorship.

Ukraine at D+21: War crimes on the ground, information operations in cyberspace.

Diplomacy continues, even as Russia intensifies the brutality of its attacks against civilians. The Telegraph reports that negotiators are considering a fifteen-point plan that would, among other things, require Ukraine's neutralization, but would permit it to maintain a smaller army. It's unclear that the plan would be acceptable to either side.

Russian casualties rise, and Russian tactics shift further from ground combat to direct attacks on cities.

The UK's Ministry of Defence's operations map shows relatively small changes to the areas controlled by Russian forces in Ukraine. The MoD's situation report last night drew attention to the effects of Russian failure to achieve air supremacy, and the surprising humanitarian consequences of that failure: "Given the delays in achieving their objectives and failure to control Ukrainian airspace, Russia has probably expended far more stand-off air launched weapons than originally planned. As a result, it is likely Russia is resorting to the use of older, less precise weapons, which are less militarily effective and more likely to result in civilian casualties. Latest UN reporting indicates that 1,900 civilian casualties, including 726 deaths, have already occurred in the conflict to date. The true casualty figure is likely to be significantly greater and will continue to rise as long as the conflict continues."

In this morning's situation report, the MoD sees, two weeks into the Russian invasion, continued combat failure. "The Russian invasion of Ukraine has largely stalled on all fronts. Russian forces have made minimal progress on land, sea or air in recent days and they continue to suffer heavy losses. Ukrainian resistance remains staunch and well-coordinated. The vast majority of Ukrainian territory, including all major cities, remains in Ukrainian hands."

US estimates of Russia's battlefield fortunes seem to align with those of the UK. Casualties are always difficult to count accurately, even with the best will to honesty. Department of Defense officials told the New York Times that the Pentagon's "conservative" estimate is that Russian forces have lost 7000 killed in three weeks of fighting. Russian officials put the tally of their own dead at a very low (and suspiciously precise) 498. Ukrainian estimates of Russian losses are probably high at 13,500; Kyiv says its own battlefield deaths (soldiers only, not civilian casualties) total about 1300. To gain some sense of how severe the Russian losses have been, if the US estimates are roughly accurate, Russian deaths have exceeded US battlefield deaths in twenty years of combat in both Iraq and Afghanistan. They also exceed the number of Marines who died in thirty-six days of fighting on Iwo Jima in World War II. Deaths are accompanied by an additional and usually much larger number of wounded, so total Russian casualties are almost surely much higher than 7000. The US also says it's seen signs of significant demoralization among the Russian troops, with surprising evidence of desertion and combat refusal.

US targeting doctrine considers a force to have been "neutralized," that is, rendered temporarily incapable of effective action until it receives sufficient replacements, when casualties (killed and wounded combined) reach ten percent. At thirty percent losses, a force is considered to have been "destroyed." Russian losses appear to have locally approached or surpassed the threshold of neutralization, which would explain the shift to airstrikes and indirect fires. Russian commanders continue to seek to redress their battlefield failure through indiscriminate brutality against civilians, The most recent large-scale atrocity is an airstrike against a theater in Mariupol whose basement was sheltering about a thousand civilians. The AP reports that attempts had been made to mark the theater as a shelter by painting the word "children" in large letters on the pavement in front of and behind the building. The number of casualties remains unknown, but at least some survivors have emerged from the rubble of the collapsed theater, according to the Telegraph. Mariupol is presently the site of the most brutal, firepower-intensive Russian operations, so much so that the city is, according to the New York Times, having difficulty counting its dead. The city of Kharkiv, near the Russian border and largely ethnically and linguistically Russian, is being leveled, the New York Times also reports.

US to ship additional "lethal aid" to Ukraine following President Zelenskyy's address to Congress.

There won't be a no-fly zone, at least not in the near future, but the US is sending significant lethal military aid to Ukraine. TheHill reports that the assistance will include anti-tank weapons, unmanned drones, small arms and ammunition. The White House also said it would help Kyiv “acquire additional, longer-range systems on which Ukraine’s forces are already trained, as well as additional munitions for those systems,” which is being taken as referring to the S-300 surface-to-air missile system, a Soviet-era air defense weapon. The probable source of the hardware would be NATO ally Slovakia. With the Russian ground campaign stalled, and with Russia turning to air strikes against cities as its principal strategy, Ukraine particularly needs air defense systems.

Vladimir Putin: war criminal.

As he discussed the US decision to send more materiel to Ukraine, US President Biden, speaking in his customarily unstudied and off-hand way, yesterday called Russian President Putin a "war criminal." TASS quoted Kremlin spokesman Dmitry Peskov as calling Mr. Biden's remarks "unforgivable." Off-the-cuff he may have spoken, but President Biden probably has a point. The Guardian has a useful summary of what it means, legally, to be considered a war criminal (in general, deliberate targeting of civilians and the use of indiscriminate and excessive force would quality), and a short history of leaders who've been convicted of war crimes. Some nations have opened investigations into Mr. Putin's conduct of his war. For what it's worth, the UN's International Court of Justice yesterday ordered Russia to stop its "special military operation." Failure to comply would result in referral of the matter to the UN Security Council where, of course, Russia holds a veto,


A faked video appeared yesterday that seemed to show President Zelenskyy asking Ukrainian soldiers to lay down their arms. According to NPR, the video was crudely prepared, badly lip synced, voice and accent wrong, head not quite matching body, etc., which would make it seem more shallow- than deepfake. It was swiftly debunked, but was nonetheless widely amplified on Vkontakte and other Russian platforms. President Zelenskyy said in response that the only people he'd invited to lay down their arms were Russian soldiers.

Meta detected and removed the phony video from its platforms. Meta's Nathaniel Gleicher took to Twitter to explain: "Earlier today, our teams identified and removed a deepfake video claiming to show President Zelensky issuing a statement he never did. It appeared on a reportedly compromised website and then started showing across the internet. We've quickly reviewed and removed this video for violating our policy against misleading manipulated media, and notified our peers at other platforms." He directed readers to Facebook's policy against manipulated media.

Hacktivism and information warfare.

Digital Shadows has been following what it characterizes as a significant rise in hacktivism during Russia's war against Ukraine. "Volume of activity has spiked," the company writes, "but we’re also observing novel approaches to organizing and attempting to circumvent obstacles. This will likely continue in the coming weeks and months as the war develops."

Some of that novel organization may be found in the hands-on, hands-off approach the Ukrainian government has taken to mobilizing hacktivists. It may also be seen in the work of the hacktivists themselves, who've adopted such techniques as texting Russians with news to counter Kremlin propaganda. Hacktivists have also, the Washington Post reports, turned to such hoary Cold War throwbacks as short-wave radio to get messaging through Moscow's increasingly walled-off Internet.

He's not really a hacktivist, but one celebrity who's seeking to reach the Russian people is Arnold Schwarzenegger, who's posted a direct appeal, with Russian subtitles, to both Twitter and Telegram.

President Putin's response to any inside Russia who might listen to such appeals, and especially to those who might spread them, has been direct and couched in brutal, contemptuous terms. Russia will spit out the "traitors and scum" who spread Western lies, and Russia will be the stronger for it. Bloomberg reports Mr. Putin's remarks as follows: “Any people, and particularly the Russian people, will always be able to tell the patriots from the scum and traitors and spit them out like a midge that accidentally flew into their mouths. I am convinced that this natural and necessary self-cleansing of society will only strengthen our country, our solidarity, cohesion and readiness to meet any challenge.”

In general, observers see Ukraine as the clear winner in the war of influence. The Washington Post has an overview of Ukraine's techniques.

Information operations update: "splinernets."

One of the consequences of Russia's disconnection from the Internet (and that disconnection is both self-imposed and a consequence of external sanctions) is the creation of a "splinternet," a process that MIT Technology Review worries might be difficult to reverse:

"An actual splintering of the internet—rather than different countries using different platforms on the same underlying architecture—could take one of two forms, according to Milton Mueller of the School of Public Policy at the Georgia Institute of Technology. 'A major, serious splintering of the internet would involve a technically incompatible protocol used by a critical mass of the world's population,' he says. 

"This first type of splintering would not be catastrophic. 'Technologists would probably find a way to bridge the two protocols in short order,' says Mueller. The plan is going to be tricky to pull off, both technically and politically, but the Kremlin has set its sights on self-sufficiency.

"The second form of splintering would be to continue using technically compatible protocols, but to have different governing bodies managing those services. This might prove trickier to reverse. If Russia, China, or some other countries formed rivals to the bodies that manage IP addresses and DNS and got them established, that could be even harder to put back together than if they built rival technological protocols. Vested interests would form, wanting to stay with one or the other body, making the politics of reconnection almost impossible. The problem of reconnecting these disparate networks into one global internet would thus be a political one, not a technical one—but it’s often the political problems that are the most difficult to solve."

Russia's creation of its own TLS certificate authority, as it moves to evade the consequences of sanctions, also poses broader security risks. CSO Magazine points out that traffic interception and man-in-the-middle attacks are likely side-effects of the new authority. The risk is principally to Russian Internet users:

"The threats posed by the advent of Russia’s state-provided certificates are significant for Russian users. 'With the major certificate authorities revoking or simply not renewing the certificates for Russian businesses, they are left in a difficult position,' Mike Parkin, researcher and senior technical engineer at Vulcan Cyber, tells CSO. 'While it’s unlikely that the major browsers will ever accept the new Russian CA, it may be a problem for those users in Russia. They will have to rely on their CA, which is sanctioned by a government that is not well known for respecting user privacy or taking a strong stand against cybercriminals.'”

Germany's retreat from Kaspersky's security products.

Germany's information security agency, the Bundesamt für Sicherheit in der Informationstechnik (BSI), explains its warning against using Kaspersky antivirus products. The problem is that security products require extensive permissions in the systems they protect, and that they also maintain an enduring persistence in those systems. Russia, the BSI thinks, is fully capable of deciding to force Kaspersky to hand over data on its customers, perhaps even give Russian intelligence services access to customers' systems. This risk has grown during Russia's war against Ukraine, and the BSI recommends replacing Kaspersky products with other vendors' equivalent systems.

Kaspersky responded, "We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds. We will continue to assure our partners and customers in the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns." That's probably right, but unfortunately for Kaspersky, irrelevant. the BSI's concerns are that Russia could pressure Kaspersky in ways the company couldn't control or, probably, resist, and that the risk of such pressure during wartime is simply too great to overlook. Eugene Kaspersky's own response may be found here. CSO has an account of the German decision and its implications.

Ukrainian ISPs suffer periodic disruption.

Triolan, a major Ukrainian Internet service provider, has faced periodic disruption since the Russian invasion began. CPO Magazine reports that attackers, presumably Russian, had set Triolan internal devices back to factory defaults, which effectively knocked them offline. Other ISPs, including Ukrtelecom have experienced similar service disruptions as recently as last week.

The prospect of default on Russian sovereign debt.

Russia is on the verge of its first bond default since 1918, Business Insider reports. Payments were due yesterday, and Russia, according to CNN, says they've made them. The problem, however, is that the payments are expected in dollars, not rubles, and Russia's dollar accounts are frozen. The Wall Street Journal said that Citigroup, the paying agent, has had no comment on whether funds were released, but investors say they haven't been paid. Russia has a grace period that runs through April 15th to make good on its obligations.

China denies that it will supply Russia in its war against Ukraine.

Complaining that the US is inflaming matters with its stories of Chinese plans to provide materiel to Russia, Beijing has denied that it will deliver any such support to Mr. Putin's fighters. (Presumably that extends to the combat rations Moscow is rumored to have asked for. If that's so, and no field rations are on the way, then go pin a medal on that General Tso.) Chinese officials say they've been subtly distancing themselves from Russia in their statements, but the Yankees are just too inattentive and insensitive to nuance to Get It. Maybe that's true, nuance not being the strong suit of most of the Yankees we know. In any case, Beijing seems interested in sidling back up to the civilized world.