Ukraine at D+216: Sabotage, and disinformation as discipline.
N2K logoSep 28, 2022

Ukraine's counteroffensive continues, and some large-scale sabotage of a pipeline in the Baltic Sea is seen as a shot across the West's critical infrastructure bow. The staged vote in the Russian-occupied districts of Ukraine is developing as everyone expected, but then it doesn't have to be credible to have its desired effect.

Ukraine at D+216: Sabotage, and disinformation as discipline.

"Ukraine has pressed its offensive operations in the north-east of the country over the last few days," the UK's Ministry of Defence says in this morning's situation report. "Units are making slow advances on at least two axes east from the line of the Oskil and Siverskyy Donets rivers, where forces had consolidated following their previous advance earlier in the month. Russia is mounting a more substantive defence than previously, likely because the Ukrainian advance now threatens parts of Luhansk Oblast as voting in the referendum on accession to the Russian Federation closes. Heavy fighting also continues in the Kherson region where the Russian force on the right bank of the Dnipro remains vulnerable. Russia continues its grinding attempts to advance near Bakhmut in the Donbas even while it faces severe pressure on its northern and southern flanks. This is likely due to political pressure as Russia is using forces that could otherwise reinforce the other flanks."

Partial mobilization continues to provoke discontent, and to suffer from botched and spotty execution, the BBC reports. Bloomberg explains the ways in which the call-up will place an already stressed and declining economy under further pressure. And an essay in Foreign Affairs argues that the mobilization represents the end of the social contract that has characterized President Putin's rule: the population exchanges apolitical docility for a modicum of security, albeit constrained and relatively impoverished security. According to the AP, about 194,000 Russians have fled the country to avoid conscription.

Nord Stream pipeline appears to have been sabotaged.

The Nord Stream pipeline seems to have been sabotaged, and European authorities suspect that Russia is responsible. Swedish monitoring stations detected two explosions in the Baltic Sea near the pipeline, Bloomberg reports. Natural gas bubbles have been breaking to the surface in the vicinity of breaks in the pipeline.

The Washington Post writes that the explosions, which occurred in international waters near the Danish island of Bornholm, broke two Nord Stream 1 lines and one Nord Stream 2 line. The Swedish National Seismic Network and Germany's Research Center for Geosciences both say that their observations indicate an artificial, human-induced explosion, not a natural seismic event. “These are deliberate actions, not an accident,” Danish Prime Minister Mette Frederiksen said yesterday. “The situation is as serious as it gets.”

Kremlin spokesman Dmitry Peskov denied any Russian involvement, and said that Moscow was "extremely concerned" about the incident. Mr. Peskov elaborated, when asked about suspicions of Russian responsibility for the sabotage, ""That's quite predictable and also predictably stupid. This is a big problem for us because, firstly, both lines of Nord Stream 2 are filled with gas - the entire system is ready to pump gas and the gas is very expensive... Now the gas is flying off into the air. Are we interested in that? No, we are not, we have lost a route for gas supplies to Europe." Russia's embassy to Denmark said, ""The unsubstantiated accusations and assumptions that are now being made everywhere are intended to create information noise and prevent an objective and impartial investigation."

The Nord Stream pipelines deliver natural gas from Russia to Germany, and thence to other European users. Nord Stream 1 hasn't functioned since the imposition of sanctions early in Russia's war, and Nord Stream 2 hasn't yet received authority to operate, so severing them has no immediate effect on European natural gas supplies. The immediate concern is environmental, and large-scale leaks of residual methane in the lines are worrisome.

The Telegraph offers a range of possible motivations for the sabotage. The long-term effects appear designed to punish Western Europe for its pro-Ukrainian stance, and to induce enough discomfort and fear in European voters that they exact a toll from their leaders at the polls. An attack also makes the point that Russia is willing to carry out major, destructive, attacks on civilian infrastructure, and to do so in ways that aren't shy about inflicting environmental and other collateral damage. Russian naval units have also demonstrated their ability to sabotage pipelines and other undersea infrastructure, an emphatic point, since there was little doubt they had that capability. The incident remains under investigation, but consensus is rapidly forming that the explosions were a Russian attack. The sabotage is, an essay in Defense One argues, a paradigmatic gray zone exercise: deniable, damaging, and cynical in its indifference to collateral damage.

The attack, for that is what it almost certainly seems to have been, was kinetic, but cyber disruption of critical infrastructure remains a threat. Tom Kellermann, CISM, senior vice president of cyber strategy at Contrast Security shared his conclusion that pipeline sabotage has heightened the risk of cyberattacks against target sets of this kind. “Geopolitical tension has reached a tipping point. Just hours after the Ukrainian warning about attacks against critical infrastructure, Russia sabotaged the gas pipeline to Europe last night. Much like we saw a wave of destructive cyberattacks in January, a dramatic escalation is occurring as Russia’s gloves are off. We should expect a wave of destructive cyberattacks against western critical infrastructure. Cybersecurity teams must test their backups, expand threat hunting for groups like Sandworm, APT 28, Gameredon and APT 29, apply micro segmentation and apply runtime protection across their applications.”

DDoS remains the characteristic mode of cyber ops in Russia's hybrid war against Ukraine.

Concerns about attacks against critical infrastructure may be rising, but other, more commonplace cyberattacks remain typical of the hybrid war. Netscout's DDoS Threat Intelligence Report for the first half of 2022 indicates that distributed denial-of-service attacks have remained the typical tactic Russian cyber operators have used against targets in Ukraine and, especially, against targets in countries sympathetic to Ukraine. It's also been one of the characteristic techniques employed against Russian sites. Netscout's report reads in part:

"As Russian ground troops entered Ukraine in late February, there was a significant uptick in DDoS attacks targeting governmental departments, online media organizations, financial firms, hosting providers, and cryptocurrency-related firms, as previously documented. However, the ripple effect resulting from the war had a dramatic impact on DDoS attacks in other countries including:

  • "Ireland experienced a surge in attacks after providing service to Ukrainian organizations.
  • "India experienced a measurable increase in DDoS attacks following its abstention from the UN Security Council and General Assembly votes condemning Russia's actions in Ukraine.
  • "On the same day, Taiwan endured its single-highest number of DDoS attacks after making public statements supporting Ukraine, as with Belize.
  • "Finland experienced a 258% increase in DDoS attacks year-over-year, coinciding with its announcement to apply for NATO membership.
  • "Poland, Romania, Lithuania, and Norway were targeted by DDoS attacks linked to Killnet; a group of online attackers aligned with Russia.
  • "While the frequency and severity of DDoS attacks in North America remained relatively consistent, satellite telecommunications providers experienced an increase in high-impact DDoS attacks, especially after providing support for Ukraine's communications infrastructure.
  • "Russia experienced a nearly 3X increase in daily DDoS attacks since the conflict with Ukraine began and continued through the end of the reporting period."

There are also signs of increased ransomware attacks against Ukrainian targets. Vladyslav Radetsky reports that the Bl00dy gang has used the Lockbit 3.0 builder, leaked last week, to deploy malicious code in that country.

Meta takes down Russian disinformation networks.

Meta, corporate parent of Facebook, Instagram, and WhatsApp, announced yesterday that it had taken down two networks, one Russian, the other Chinese, for engaging in coordinated inauthenticity. The networks are unrelated. The Russian disinformation operation, Meta said, was unusually large, well-constructed, and focused on disseminating Russian propaganda concerning the war against Ukraine. "The Russian network — the largest of its kind we’ve disrupted since the war in Ukraine began — targeted primarily Germany, France, Italy, Ukraine and the UK with narratives focused on the war and its impact through a sprawling network of over 60 websites impersonating legitimate news organizations."

The legitimate news organizations impersonated included Spiegel and Bild in Germany, the Guardian in the UK. The impersonations were carefully and convincingly executed, and were done so at apparently considerable expense. The stories carried in them to a considerable extent concentrated on disinformation charging Ukraine with responsibility for Russian atrocities committed in Bucha and elsewhere. They were often amplified by Russian social media channels, including accounts belonging to Russian diplomatic missions, and they also engaged in pushing petitions designed as astroturf support for Russian interests. Given the amount of care, talent, and expense devoted to establishing and maintaining the inauthentic networks, it's noteworthy that the stories they pushed lacked legs: they did not achieve widespread acceptance, and they were generally dismissed soon after publication as disinformation. That experience may suggest the limitations of coordinated inauthenticity: it tends to be less successful when it seeks to persuade than when it aims simply to confuse.

Why is Russia bothering with the patently bogus referenda in the Ukrainian territory it occupies?

Russian occupation authorities have devoted considerable effort to ensuring that Ukrainians who remain in Russian-occupied territory vote in plebiscites designed to approve annexation of the conquered provinces. There are widespread reports of armed troops coercing civilians into going to the polling places, and of pressuring them into voting for accession to Russia, the Washington Post and others write. The point of this is in part no doubt designed to provide a justification, mostly for a Russian domestic audience, of further escalation as Ukraine continues to retake ground. But a more important goal is informational. Forced, transparently illegitimate elections were one of the characteristic features of Stalinist rule in the old Soviet Union, and the coercion was a feature, not a bug.

Kristo Nurmis, a research fellow at Estonia's Tallinn University, explains the historical precedent in a long Twitter thread. The voting in occupied Ukraine resembles similar elections the Soviets staged in conquered nations at the beginning of the Second World War, when the Nazi-Soviet Pact enabled the Soviet Union to take the Baltic States and much of Eastern Poland:

"The 1939/40 elections were neither about faking democracy nor appealing to legality. Reading the newspapers of the time, one immediately notices that the Soviets hardly concealed the undemocratic and illegal nature of the elections – stuff that diplomats could easily pick up. Soviet intimidation was public and blatant. 'Let’s not be the enemies of the people,' Latvian paper Rīts wrote. 'Anyone who abstains from voting today and tomorrow is unquestionably an enemy of the people… backsliders and cowards will not be able to halt history.' In other words, what mattered to the Soviets was not catering to western public opinion but making the people participate, to establish Soviet 'legitimacy' on the ground. Evidently, this legitimacy had nothing to do with the liberal notion of the consent of the governed."

The Russian government, while not in any meaningful, ideological sense Soviet, retains many of the habits of mind and the policy dispositions formed under decades of Stalinist rule. What's going on is not an attempt to convince people that a stolen election is in fact a fairly conducted one, as if Mr. Putin were merely an old Chicago machine alderman working on a grander, more ruthless scale. Instead it's a characteristically totalitarian exercise in expunging false consciousness.

"Putin does share some of the Soviet notions of the plasticity of the human mind and the struggle over people's “correct consciousness. Putin’s logic is the following: the people of Ukraine have been corrupted by decades of liberal and nationalist propaganda, western-imposed false consciousness that has blinded them of their true and historically predetermined interests – joining Mother Russia. The Soviets called their ideological indoctrination effort 'ideo-political upbringing' or ideino-politicheskoye vospitanie, 'vospitanie' implying a quasi-violent parental authority over the 'immature' society (mainly the peasant mass and the unenlightened workers)."

The point isn't deception. It's discipline. And from a disciplinary point-of-view, the more implausible the claim you can force people to mouth, the better.