Ukraine at D+169: Partisans, both kinetic and cyber.
N2K logoAug 12, 2022

Ukraine appears determined to convince Russia (and its Belarusian fellow-traveler) that the rear areas, including Crimea and Belarusian border regions themselves aren't safe places any longer. A website aims to train and empower anti-Russian cyber partisans.

Ukraine at D+169: Partisans, both kinetic and cyber.

Threats to the Russian communications zone.

"On 9 August 2022, explosions occurred at the Russian-operated Saky military airfield in western Crimea," the UK's Ministry of Defence (MoD) said in this morning's situation report. Exactly how Ukraine carried out the attack remains unknown. The open-source imagery shows damage that looks consistent with either missile strikes or sabotage, and Ukrainian officials are content to leave that ambiguity in place. "The original cause of the blasts is unclear, but the large mushroom clouds visible in eyewitness video were almost certainly from the detonation of up to four uncovered munition storage areas. At least five Su-24 FENCER fighter-bombers and three Su-30 FLANKER H multi-role jets were almost certainly destroyed or seriously damaged in the blasts," the MoD said. "Saky’s central dispersal area has suffered serious damage, but the airfield probably remains serviceable. The loss of eight combat jets represents a minor proportion of the overall fleet of aircraft Russia has available to support the war. However, Saky was primarily used as a base for the aircraft of the Russian Navy’s Black Sea Fleet. The fleet’s naval aviation capability is now significantly degraded. The incident will likely prompt the Russian military to revise its threat perception. Crimea has probably been seen as a secure rear-area." The MoD cautiously estimates the number of aircraft destroyed at eight, but other assessments range as high as twenty, which the Telegraph calls the "biggest loss of aircraft in a single day since [the] Second World War." (In fairness Russian hasn't fought a near-peer adversary since the Second World War.)

In addition to being regarded as a secure rear area, Crimea was also seen as a tourist destination. Russian civilians in occupied Crimea haven't been targeted, but the explosions in the Saki strike were easily visible from the peninsula's beaches. Ukraine's Defense Ministry has posted a video (to the music of Bananarama's "Cruel Summer") inviting Russian tourists to leave and vacation elsewhere. The Telegraph explains, "In the wake of Russia's illegal annexation of Crimea, the peninsula was promoted, by Kremlin propaganda, as the beach break destination of choice amongst aspirational Russians." There are reports of traffic jams on highways leading from Crimea to Russia as Russian citizens leave what they now perceive as an active theater of operations.

(A side note: Ukrainian promotion of tourism has long had an odd quality. One of our staffers spent some time in the country a few years ago and recalls seeing a television ad that went something like this: "Scythians...Mongols...Vikings...Russians...Turks...Germans...Everybody has always wanted to come to Ukraine!" The listed visitors are, of course, proverbially cruel invaders, with the possible exception of the Scythians. The text was displayed over pictures of attractive Ukrainian landscapes. The ad was either hopelessly clueless or some very clever irony indeed. It's impossible to imagine the chamber of commerce of, say, Ocean City (Maryland or New Jersey) coming up with the post-modern likes of it.)

Reuters reports that the Belarusian government has attributed the explosions heard yesterday at an airbase and Russian staging area near the Ukrainian border to a "technical incident." The Belarusian Defense Ministry explained, "the engine of a vehicle caught fire after replacement ... There were no casualties." Given that there were several explosions heard, and heard at a distance of several kilometers, one wonders what sort of engine they were working on. But the explanation is not much more plausible than the Russian attribution of the damage to the airfield at Saki to the careless disposition of a cigarette, as if a heedless troop happened to drop his lit Belomor Kanal into a fuel distribution point. Ukraine has neither confirmed nor denied its involvement in either incident, but this newly felt insecurity in the Russian communications zone did move Ukrainian presidential adviser Mykhailo Podolyak to tweet, "The epidemic of technical accidents at military airfields of Crimea and Belarus should be considered by Russia military as a warning: forget about Ukraine, take off the uniform and leave. Neither in occupied Crimea nor in occupied Belarus will you feel safe. Karma finds you anywhere."

Mr. Zelenskyy thinks some officials are talking too much.

Ukrainian officials have been generally willing to give good soundbites to reporters, but President Zelenskyy would like them to tone it down and do a bit more thinking before they speak. The Telegraph reports that the president said, in an evening television address, "War is definitely not the time for vanity and loud statements. The fewer details you divulge about our defence plans, the better it will be for the implementation of those defence plans. If you want to generate loud headlines, that's one thing – it's frankly irresponsible. If you want victory for Ukraine, that is another thing, and you should be aware of your responsibility for every word you say about our state's plans for defence or counter attacks."

The optempo of the war's cyber phase, and how Ukraine has responded.

Reuters reports remarks delivered at the Black Hat conference in Las Vegas this Wednesday by Victor Zhora, deputy head of Ukraine's State Special Communications Service. He said that detection of cyberattacks had more than tripled since the war began in February, and that they became particularly intense in late March and early April. Reuters summarizes Zhora as saying, "Ukraine faced a number of 'huge incidents' in cyberspace from the end of March to the beginning of April, Zhora said, including the discovery of the 'Industroyer2' malware which could manipulate equipment in electrical utilities to control the flow of power." Zhora also acknowledged the pro bono cloud services provided by Microsoft, Amazon and Google, which have helped the Ukrainian government back data up in physically safe servers abroad.

Organizing and equipping hacktivists.

The Record has an account of the work of Nikita Knysh, an alumnus of Ukraine’s Security Service (SBU) and founder of the cybersecurity consultancy HackControl. Knysh took it upon himself to support hacktivists, cyber partisans, who wished to hit Russian interests and assets in cyberspace. He sees cyber partisans as filling a Ukrainian capability gap. “'I realized that we should take control of the situation,' Knysh told The Record. Our government didn’t have a ‘cyber army’, so we built it ourselves.'” Part of enabling the partisans to take effective action is training them. A website Knysh established, HackYourMom Academy, offers a kind of vade mecum through cyber conflict, and it's available in Ukrainian, Russian and English. "Some lessons are simple," the Record writes, "how to install an antivirus program, connect to a VPN, or use a virtual machine. Others are more advanced, such as how to conduct distributed denial-of-service (DDoS) attacks or hack Russian cameras and WiFi routers."

Hacktivists and cyber partisans occupy a gray area similar to one their kinetic counterparts live in. Just conduct of a war generally requires that combatants use proper discrimination in their selection of targets, and that they operate under some form of responsible command. In the loosey-goosey hacktivists' world, it's not clear that these conditions are always or even generally met (witness Anonymous as exhibit A). Still, Knysh seems clearly right to maintain that enemy assets in cyberspace represent legitimate potential targets. “Not attacking your enemy in cyberspace is stupid,” Knysh said. “In the past, soldiers destroyed logistics and production facilities, but now they also attack technology and information.”