Russia is still under the control of Ukraine

This was one of the main concerns of some experts at the time of the Russian invasion. “We were afraid of digital Pearl Harbor”explains Julian Nossetti, educator and researcher at the Military Academy at Saint-Cyr Coëtquidan in Brittany, who specializes in digital and cyber strategies for Russia, “But that didn’t happen.”.

Russia is a cyber power that no longer needs to prove its ability to attack. Since 2014 and the annexation of Crimea, Ukraine has been constantly bombed by Russian hackers. The most obvious example is the use of NotPetya ransomware, which paralyzed part of the Ukrainian economy in 2018. Then its effects spread beyond the country’s borders. Even in France, many companies such as Saint-Gobain were affected. Even more surprising, the malware also had unwanted effects in places as far away as Russia.

But since then, his attempts have ended in partial failure. On February 24, at the beginning of the invasion of Ukraine, “A US satellite, ViaSat, was the target of a cyber attack.”tells of Radio France’s investigative cell Stephane Duggan of the CyberPeace Institute, based in Geneva. And his terrestrial modems fell victim to a malicious update. This satellite is widely used by the Ukrainian army. But he also had other clients, including individuals in France who use him to access the Internet. calendar : Nearly 10,000 French people found themselves without contact, nearly 40,000 people in total in Europe. And in Germany we lost control of nearly 6000 wind turbines controlled by this satellite.”

The effects are clearly a far cry from those hackers are looking for, sums up Raina Stamboliska, an expert on digital diplomacy: “The aim of this maneuver was to prevent the Ukrainians from coordinating with each other at the beginning of the invasion. Mr. Putin and his team were planning a wrongful invasion. That is why it was appropriate to cut off communications between the Ukrainian armed forces. With the forces to sow chaos and prevent them from responding and resisting.” But this did not happen. In total, about 30 Russian cyber-attack campaigns have been documented by the Cyber ​​Peace Institute, but again with somewhat limited effects.

Unable to dissuade the Ukrainians through conventional cyberattacks, then Russian hackers fully entered another aspect of the digital war: the information war. But then again, the Ukrainians so far dominate the fight, according to Rina Stamboliska. She thinks so “The contrast is stark between the cold framed communication of the Russians and the spontaneous communication of the Ukrainians.”

“Ex-KGB propaganda expert twice skips actor-turned-president with his smartphone”.

Rina Stamboliska

in franceinfo

However, Russian hackers have gone to great lengths in their attempts to mislead. A few days ago, a video of President Volodymyr Zelensky appeared on social media. Julian Nosetti explains that a fake video made by artificial intelligence is called deepfake: “It was a matter of Mr. Zelensky lending words urging the population to surrender, to give up the fight and the resistance. Again, in vain. But we can well imagine in a few weeks depending on the escalation and fake videos of Emmanuel Macron or Joe Biden’s announcement of nuclear strikes against Russia This can have an impact on the masses, the population and decision makers.”

On the left is an image taken from the deepfake video, and on the right is an image from Zelensky's speech on Ukrainian television.  (Dr)

If Russia is restrained for the time being, internet experts remain cautious about the possible consequences of war. “The digital weapon can still be used in the rest of the conflictbelieves Nicholas Arpagian, a specialist in the cyber threat, because it is available. They can be used by states either directly or through cyber mercenaries: people who will carry out offensive attacks without formal state responsibility.” In this region, Russia is well armed. Direct links between groups of cybercriminals and the FSB (Russian secret services) could be documented recently thanks to the “Conti Leaks”, a massive data leak from one of the main hacker groups in Eastern Europe.

This group of hackers consists of Russians, Belarusians but also Ukrainians who worked together until the invasion of Ukraine. After Conte took a public stand for Vladimir Putin, the Ukrainians broke up with Conte and decided to break up the group. But while they were leaving, they made sure that thousands of internal documents were leaked onto the dark web. Thus, for the first time, the public was able to discover what was going on inside a large group of hackers. A blow to the criminal organization, we learned about its mode of operation, goals, income and connections to the Kremlin.

But this does not mean the end of Russian hacking, warns Francois Deruti, a cybersecurity expert and former deputy director of operations at the National Information Systems Security Agency (Anssi): “There is always a way to revive a group, or create a new one, which will use the same tools under another name.” A cybersecurity expert believes this data leak could be a godsend. “They’re now available to the entire attacker ecosystem, and we’ll probably find them in use in six months or a year for other types of attacks.”

While Russia is stalling, the Ukrainians on the contrary are preparing. They have developed the defensive capabilities of their systems for several years. And a few days before the war, they received precious help from the United States, says researcher Julian Nossetti: “There was extensive cooperation between Kyiv, NATO and the United States to strengthen the cyber defense and resilience of Ukraine’s pre-conflict infrastructure. We are seeing closer cooperation between US intelligence, the National Security Agency and the Ukrainians.” The Europeans also sent experts in the early hours of the conflict.

Added to this is the support of volunteers from all over the world. Two days after the start of the Russian invasion, Ukraine’s Minister of Digital Transformation announced the creation of a digital army, or “IT Army”. Thousands of people from all over the world then joined a discussion forum on Telegram messaging, in order to attack certain Russian targets, government websites or others. Today, these volunteer hackers go so far as to identify and contact the families of Russian soldiers fighting in Ukraine, to warn them about the actions of their loved ones. Very broad scope to try to disrupt the Russian offensive as best as possible.

These actions are not without risks, however, warns Rayna Stamboliyska: “The people carrying out these attacks have no official authorization other than to reply to a tweet and participate in a Telegram group. They are Ukrainian, but they are also American, French, Danish, and interlopers. So they violate.”

“It becomes even more problematic when Mr. Putin says he can consider all the countries where these pirates live as belligerents in the context of an armed conflict.”

Rina Stamboliska

in franceinfo

So some Western countries fear possible retaliatory digital measures or cyber attacks that could target Europe or the United States. US President Joe Biden clearly mentioned this risk a few days ago: “My administration has warned me that the Russians are planning cyberattacks against us. The Russian potential is too great, the threat is becoming more and more visible. The government is ready. National security is at stake.”

In the process, the US Cyber ​​Defense Agency published two memos accusing Russia of depositing implants in companies linked to the energy sector. These implants, like digital time bombs, can later be triggered by some hackers and have dire consequences. France itself discovered this type of transplantation: in 2018, Guillaume Popard, Director General of Annecy, announced to senators: “We discovered very disturbing cases, including an attempt to break into energy sector mapping systems, which had only one purpose: to prepare for future violence. Imagine the consequences for a country’s performance of an attack on energy distribution networks.”

Knowing the target of these attacks is always complicatedsays François Deruti, former deputy director of operations at Annecy. We’ve found malicious code, but as long as we don’t know if it’s just a matter of spying on or destroying communications, we don’t really realize the desired end effect. It is difficult to return to the sponsor.”

Onsi had posted a note about it at the time, but without mentioning Russia at all. “French doctrine is not to publicly name the perpetrators as other countries do.Francois Deruti continues. We can discuss it bilaterally, we can use the diplomatic channel. There are other ways to point fingers or let people know about things.” According to our information, it seems that Russia is behind this cultivated sediment. A criminal group called the Energetic Bear, close to Moscow and also spotted in the United States under other names, will be behind these attacks.

In the face of these fears, France is preparing. Onsi published a memorandum at the start of the war asking French companies to protect themselves. Vital operators (ministries, nuclear power plants, etc.) are especially monitored, especially in the run-up to major events such as the Rugby World Cup in 2023, or the Olympic Games in 2024. The military is preparing too. Conducted annual crash test: simulation of cyber attacks to facilitate the work of the chain of command. This year, the theme of the exercise was “A country excluded from the Olympic Games decides to invade a border area of ​​a country allied with France”. The implication is clear.

But if the fear is primarily related to computer hacking, then the risk of a physical attack on the network infrastructure is also present. An enemy country can attack the submarine cables that connect countries to each other, thus disrupting Internet communications. Bernard Barbier, former Technical Director of the Directorate-General for External Security (DGSE), explains: “These cables are visible, and they are laid on the sea floor. They look like big garden hoses, and they are easy to cut. You can very well with a submarine go to a depth of 5,000 meters and cut it. If you cut one, there will be no effect, but if you cut five or ten, there are The internet is very slow, and if these cables are no longer there, the digital figure will collapse.”

At the moment, this fear is a fantasy to some experts, but it is based on precedent: In 2015, a Russian oceanographic vessel, the Yantar, approached very close to cables near the US East Coast. Then the United States suspected him of spying. But if a cable can be heard, it is also possible to damage it.

Leave a Comment

Your email address will not be published.