The Invisible Battlefields Of The Russia-Ukraine War

Early in the morning of February 24th, Dr. Jeffrey Lewis, a professor at California’s Middlebury Institute of International Studies watched Russia’s invasion of Ukraine unfold in realtime with troop movements overlaid atop high-resolution satellite imagery. This wasn’t privileged information — anybody with an internet connection could access it, if they knew where to look. He was watching a traffic jam on Google Maps slowly inch towards and across the Russia-Ukraine border.

As he watched the invasion begin along with the rest of the world, another, less-visible facet of the emerging war was beginning to unfold on an ill-defined online battlefield. Digital espionage, social media and online surveillance have become indispensable instruments in the tool chest of a modern army, and both sides of the conflict have been putting these tools to use. Combined with civilian access to information unlike the world has ever seen before, this promises to be a war like no other.

Modern Cyberwarfare

The first casualties in the online component of the war have been websites. Two weeks ago, before the invasion began en masse, Russian cyberwarfare agents launched distributed denial of service (DDoS) attacks against Ukrainian government and financial websites. Subsequent attacks have temporarily downed the websites of Ukraine’s Security Service, Ministry of Foreign Affairs, and government. A DDoS attack is a relatively straightforward way to quickly take a server offline. A network of internet-connected devices, either owned by the aggressor or infected with malware, floods a target with request, as if millions of users hit “refresh” on the same website at the same time, repeatedly. The goal is to overwhelm the server such that it isn’t able to keep up and stops replying to legitimate requests, like a user trying to access a website. Russia denied involvement with the attacks, but US and UK intelligence services have evidence they believe implicates Moscow.

Fedorov’s tweet introducing the IT Army

DDoS attacks seem to be the tool of choice for both sides, as several Russian sites, including the Kremlin’s and the Russian Military’s websites, were taken offline by a series of similar counter-attacks last week. It isn’t immediately clear whether or not these attacks came directly from the Ukrainian government or from a third party sympathetic to their cause. In order to recruit those who would help with such efforts, the government has put out calls for cybersecurity experts to help defend their country’s digital territory and launch offensive counterattacks against Russia. The first of these calls, rather strangely, came as a forum post by Yegor Aushev, the co-owner of a Kyiv-based cybersecurity firm who was said to be posting on behalf of the Defense Ministry. Later, the government launched what Vice Prime Minister and Minister of Digital Transformation Mykhailo Fedorov referred to in a tweet as the country’s “IT Army.” This group, which is being organized via a Telegram channel, has been given lists of Russian websites and services for members to target.

The independent cybersecurity collective known as Anonymous has also decided to stand with Ukraine against Russia. They have taken credit for a variety of attacks already, including replacing the propaganda on a Russian news station, taking down Russian government and media websites, and leaking a database from the Ministry of Economic Development of Russia.

Ukrainian government agencies and banks have also been targeted with malware — specifically a virus designed to erase data from hard drives. The malicious code was identified by security firms Symantec and ESET a day before the invasion began, and Microsoft caught wind of it several hours later. After another three hours, Microsoft’s Defender software had been patched to scan for and block the package. Although there is no concrete data linking the program to Russia, they are widely believed to be the source. The attack seemingly comes without money-oriented motivation of similar malicious programs such as ransomware. When a computer is infected with ransomware, the user is usually greeted with a message that says something along the lines of “Send us money or all your data will be deleted.” This virus skips the middle step and simply deletes data, which implies that it was created solely to disable the infected agencies and sow confusion. To further that goal, it appears that ransomware decoys were deployed as well, either in order to shift focus away from the data-wiping virus or cover its tracks so that it could remain undetected for longer.

When stood up against what’s happening on the ground in Ukraine, all of this seems relatively benign — who cares that a website is down while people are dying? In times of crisis, whether a war or a natural disaster, one of the most difficult and subsequently important tasks for a government is providing its citizens with potentially life-saving information. Crippling a government’s ability to disseminate such information can, at best, increase confusion and the spread of misinformation, and at worst can cause innocent people to die. In 2015, the Ukrainian power grid was famously compromised completely remotely by Russia’s Main Intelligence Directorate (GRU) in an attempt to sow unrest and fear, leaving about 230,000 people without power.

Surveillance and (Social) Media

While the cyber war raging behind the scenes has been largely invisible, the rest of the war is anything but. Gone are the days when those living across the world from an active conflict get their daily dose of news from the front lines each evening at 7 PM — social media means we’re constantly connected to a stream of information in near-realtime, although separating fact from fiction can prove difficult.

Take, for example, the “Ghost of Kyiv” — a mythical Ukrainian pilot said to have already shot down six Russian fighters singlehandedly. While there’s no proof that such a pilot exists (or doesn’t exist, for that matter), a popular video of the pilot taking down another plane was proven to be fake — it’s actually footage from the video game Dynamic Combat Simulator that was taken out of context and sensationalized on Twitter, Facebook, and Reddit.

Additionally, there have been plenty of cases of willful disinformation within Moscow. The Russian government has been extremely selective in determining what information its citizens are able to consume and how they can access it. Russian media outlets were instructed to only report on information disseminated by official government sources, and the government has limited access to Facebook. Russian news stations have taken great care to paint the war (which is a banned word in itself) as a minor military operation — although not all Russian media outlets have capitulated to the government’s demands. Tech giants have also been pressured to suppress disinformation and propaganda, most notable from Vice Prime Minister Fedorov. He’s called upon streaming services, including Netflix and YouTube, to block Russian propaganda, and other services such as PayPal and Google to disable access within Russia. Last week, YouTube disabled monetization of Russian channels.

Fedorov’s request to Musk for Starlink service

Fedorov also reached out to Elon Musk over Twitter, asking for Starlink internet terminals. Musk replied by enabling Starlink’s satellite internet service in Ukraine and shipping a truckload of terminals, which arrived days ago. It’s unclear how Fedorov plans to deploy the terminals, but it’s likely that they will be used to connect hard-to-reach areas, or restore connectivity to areas with compromised infrastructure.

As you may suspect, even the most well-intentioned social media use can prove problematic in war time. Twitter users have warned each other against showing support by posting photos of the Ukraine’s defenses online to avoid providing Russian intelligence with information about troop movements or other military actions.

The advancing Russian army viewed as a traffic jam (image from Dr. Lewis’s Twitter account)

Even just carrying a smartphone can cause issues — geolocation services make it possible for phones to be tracked, and not just by a cybersecurity expert who’s broken into Apple’s “Find My iPhone” service.

A prime example here is the traffic jam that Dr. Lewis watched on the 24th. It was likely caused by civilians stuck behind roadblocks as the army advanced. Similarly, large gatherings such as protests or meetings in public places could be recorded displayed on Google Maps (via the “live busyness information” feature) and other services. To address this and protect its users, Google has temporarily disabled live traffic data in Ukraine. Even so, it may be prudent to for users to think about what kinds of data their devices log and where that data gets sent.

Looking Ahead

Even though this invasion is only a few days old, it seems to have already set a new precedent for how hybrid wars are waged, a very disquieting prospect. For many of us, watching the events unfold on our phones while sitting safely across the world from the front lines, it’s easy to lose sight of the fact that this is a very real conflict in which innocent lives are being lost each day.

All of us here at Hackaday hope for a swift, peaceful, and just resolution to the war. Screenwriter Burt Prelutsky put it perfectly while working on the script for an episode of MASH: “War isn’t hell. War is war and hell is hell. And of the two, war is a lot worse… there are no innocent bystanders in hell.”

27 thoughts on “The Invisible Battlefields Of The Russia-Ukraine War

        1. I wonder which platform Mr Musk is more popular on now…

          For myself if you are going to say something with so much cynicism at least back up it with some facts – I’m not a big fan of Mr Musk, there is something of the snakeoil salesman about him, successful as his projects seem to always end up…

          However all the facts I can find however seem to point to there being very little if any chance of money coming back to Elon or his companies for any of this, while it can cost them quite a bit, and as advertising goes its a rather high risk game (at least based on Putins recent decision making) that they really didn’t have to play in anyway – in Space launch and satellite internet type stuff they are one of the only choices possible, and the reasons to choose them over the other possibilities are almost all going to be operational needs – so it doesn’t matter that they advertised either they are best company for the job already so would always have got the contract, or they aren’t so the rival that is will get that job/customer…

        2. “if you are going to say something with so much cynicism at least back up it with some facts”

          Facts are in the article and my post.
          You dispute he’s providing the equipment ?

          Or do you not understand business?
          He’s giving away kit (which can be written off as a charitable donation) and getting mainstream news at 11 global media exposure for it, whilst “saving the Ukrainian internet”
          The popularity meter is off the frikkin scale on this !!

          It’s free advertising being driven by the media. Nothing tastes better.
          More good guy exposure and how altruistic the guy is and going to save the world.
          And pushing his own space agenda by getting someone to invest/pay for more rocket experiments just making “get your ass to mars” even closer for him – his stated goal.

          Elon is a genius polymath. Make no doubt about it.

  1. It should be noted that there hasn’t been a significant investment by Russia in making cyberattacks. This is largely believed to be due to the fact that kinetic attacks can be just as effective with less effort.

    1. Of interest to Hackaday readers might be the electrical switchgear and power supply pylons/cables to this bunker in Russia.

      But I also identified what I think might be a log periodic short wave antenna array, however I’d like to run it past you guys to see what you think (see the yellow line near the river).
      I’ll get my antenna calculator out some time and do a better estimate of the bandwidth (if, indeed, that’s what it is).

  2. Think a cyber attack and cyber warfare have been confused here. The distinguishing feature is the deliberate death of people. Some examples.

    Taking out a power grid in a freezing country so people freeze to death.

    Take out traffic light control systems to cause distress chaos and car accidents, deaths.

    Take IT systems in hospitals in combination with an increased work load so that medical staff are overwhelmed leading to increased death.

    Take control of water treatment plants so that people don’t have access to clean water and suffer waterborne diseases.

    Take control of critical data so that employees cause death without immediately knowing what they have done. examples. Substituting other gases for medical grade gasses like oxygen. Putting the wrong fuel in reserves at airports so that aircraft engines overheat and fail during flight.

    Substituting other food products with high allergens to cause death through allergic reactions like anaphylactic reactions.

    Causing plant equipment to release toxic compounds into the air, water or food chain.

    These are just some things that can be done on a lager scale. There are many many things that can be done on a smaller scale that would have great impact if coordinated.

    We have recently seen the failures of our “Just in Time” supply chain. It isn’t the only thing that now has weaknesses due to over-optimization. We have the same thing in employment now. People today have a very narrow skill set and can’t move to different fields of employment quickly. We also employ “just enough” people to get the job done. A significant employment disruption will make this system collapse. We are sing signs of this already here in Australia.

    Australia has been completely ignorant of homelessness. Everyone has a different idea of what causes homelessness usually shifting the blame to the homeless people. The truth is that the cause of homelessness is that there is not enough homes. Now here in this country building homes stopped during the pandemic. There was too thin a margin to start with because we could just blame homeless people. Ironically now many places can’t get staff to support their company because there is nowhere for staff to live. Some town are loosing their single doctor.

    Over optimization has created a situation where we don’t have the flexibility to adapt to unexpected changes and this isn’t just about supply chains, housing and employment. Our whole modern structure has this inbuilt weakness waiting to be abused and at a time of heightened geopolitical instability.

    The majority of the things we take for granted could be threatened without any notice. We are not prepared for this because they’re things “we take for granted”.

    1. Collapse of civilization because of over optimization because of maximum profit with minimum work because of conformism due to over-dependance to technology/machines. This sentence and warning of it is also one of the not noticed, but main ideas in Dune.

  3. “It isn’t immediately clear whether or not these attacks came directly from the Ukrainian government or from a third party”

    I’m sure the Ukrainian government have better things to do than DDoS Putin’s homepage.

  4. great place for answered 2 questions.

    0. is any wifi-mesh network? (and russia too because russia blocking internet after 11 march 2022)
    b.a.t.m.a.n. or other
    1. is any lora network working? gotenna not working but meybe lora meshtastic?

    who know any about network

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.