So why isn’t Russia waging cyber war as expected?
One theory is that the decision to invade Ukraine was made at the highest level. By the time the plan reached people further down the chain of command, it was too late to use any significant cyberattacks, Herr explains. It could take months to organize.
In addition, while cyberweapons are cheaper than boots on the ground, they are still expensive, says Mariarosaria Taddeo, philosopher in the ethics of digital technologies at the Oxford Internet Institute, UK. Cyber attacks are a demonstration of power, cause damage without being involved in a conventional war, and can hardly be assigned with certainty to those responsible.
What does DDoS, Wiper & Co mean?
DDoS
So-called DDos (Distributed Denial of Service) attacks are more like off-the-shelf attacks: You can buy or commission them on the Internet. Among other things, criminals have hacked into computers that have no security updates or are using outdated versions of Windows that are no longer supported by Microsoft, based on security gaps that have usually been known for a long time. There are infinite numbers of these, and most of the time their owners are unaware that unknown intruders are using their computers for their purposes. To a certain extent, the attackers can remotely control these computers and use them to send malware or to automatically call up certain websites again and again until the infrastructure collapses and they are no longer accessible to anyone.
wipers
The day before the invasion, so-called wiper malware was spreading in numerous Ukrainian systems, especially those of companies that are contractual partners of the Ukrainian government – and according to experts, it is quite sophisticated. Wiper means a deletion attack: Corresponding software deletes computers and entire systems so that they can no longer be used.
ransomware
Ransomware groups are cyber criminals that break into computers and systems and encrypt the data on them. They demand a ransom (=ransom) for the decryption code. In the meantime, the attacks are often combined with the companies concerned being blackmailed with the threat of publishing their data. Such attacks have been increasing lately.
Another thing to consider: if Russia’s leaders were confident they could quickly take Ukraine, it made sense to preserve parts of Ukraine’s infrastructure rather than destroy and rebuild it, says Zhanna Malekos Smith, systems engineer at the Center for Strategic and International Studies, a Washington DC think tank Russia may also have used some networks, such as Ukraine’s telecommunications system, to get information, she adds.
Zabierek’s leading hypothesis is that Russia is holding back to avoid escalation or spillover effects beyond Ukraine that could trigger a Western response. Cyber attacks can spread easily. In 2017, Russia-linked hackers released NotPetya, malware targeting financial software used by businesses in Ukraine. However, because the malware took advantage of a widespread vulnerability, it was able to spread globally, destroying access to almost all records of companies like Danish shipping giant Maersk, and causing $10 billion in damage worldwide. And on February 24, 2022, an attack on European satellite operator Viasat cut internet access in Ukraine and crippled thousands of German wind turbines that communicate via Viasat.