Should we expect cyberattacks on a large scale within the framework of the war in Ukraine ? For the moment, only a few small-scale operations have been detected. Nicolas Arpagian, editor-in-chief of Strategic Foresight and director of cybersecurity strategy at Trend Micro, has just published Borders.com, published by the Observatory Editions. It takes stock of the cyber dimension of the war in Ukraine.
Follow our live devoted to the war in Ukraine this Wednesday, March 30, 2022
Ukraine announces that it has eliminated five Russian troll farms since the start of the war. Is this an act of (digital) war?
Remember that “troll farms” are teams responsible for occupying the ground on social networks to orient, favorably or unfavorably according to the instructions of the sponsors, the perception of public opinion in a targeted country by publishing messages (texts, videos, photos, etc.) under false identities. It is a means of shaping minds to mobilize support or, on the contrary, arouse the rejection of such a personality or community.
It is now a component of geopolitical confrontations in order to address the populations directly, without going through the editorial filter of the professional media. If these actions of influence precede and accompany military operations, and aim to support or facilitate them, they do not constitute an act of war strictly speaking. On the other hand, these manipulations tend to amplify or legitimize interventions in the field.
–
Nicolas Arpagian © DR
What are the ongoing digital/cyber threats in Ukraine? Are they all part of the same strategy?
It must now be admitted that digital weapons are now fully part of the arsenals of States, whether it is a question of acting on information/communication systems – to intercept them, make them malfunction, or even put them out of service. working order – or whether it involves conducting informational propaganda campaigns via, in particular, social platforms and messaging loops. States use them in the same way as conventional weapons in conventional confrontations.
In the case of the conflict in Ukraine, attacks consisting in modifying the home pages of institutional Internet sites with political messages, or in making temporarily unavailable access to sites of banks or the Ukrainian Ministry of Defense have been noted before the entry of Russian troops into Ukrainian territory. As if it were a question of preparing minds. We can expect other forms of cyberattacks to occur in the coming weeks.
The Ukrtelecom network was attacked on March 28. Isolated case or Russian cyber offensive targeting Ukraine?
It is likely that this computer attack which targeted the public telecommunications operator, Ukrtelecom, was intended to create additional disruption within the country. On the one hand to alter the ability of Ukrainians to communicate with each other on their soil, and to complicate communications with the outside world.
Especially when it comes to testifying on social networks to the situation on site. A few weeks ago, a smaller telecom operator, Triolan, had suffered cyberattacks depriving some of its customers of access time. It is with his mobile phone that President Zelensky pilots his speeches with his recorded messages in town or in his office. This ability to speak directly with limited means is an integral part of its response strategy against the powerful Russian state communication.
–
Ukrainian soldiers from a unit specializing in cyber warfare © REUTERS
Were the Western countries that support kyiv targeted by this type of attack?
In 2017, Western companies were significantly infected with data destruction software that was initially expected to infect only Ukrainian companies. However, the interconnection of systems has led to its spread well beyond the country’s borders.
So far we have not documented any large-scale attacks targeting Western audiences, apart from mailings and Internet pages usurping titles and images of associations helping the Ukrainian population. But we see this kind of scam in all dramatic circumstances (just after attacks, natural disasters or even the fire of Notre Dame de Paris). Cybercriminals use the news context without necessarily having ideological ulterior motives.
It is still too early to know whether these are simply villainous operations or whether they seek to identify the supporters of a free Ukraine. In any case, it is necessary to situate oneself in a long time and consider that the cyber weapon, with the destruction of data or equipment, can be used later in the next sequences of the conflict.
What can we expect from the Russians in the short and medium term in terms of cyber guerrilla warfare and information warfare?
It’s a modus operandi that they have at their disposal. Either with teams belonging to State services, civilian or military, or by calling on cybermercenaries who carry out operations from time to time at the request of government authorities. They thus have the opportunity not to involve official institutions if some of their actions were identified. This also makes it possible to have contributions from experts who come to reinforce the permanent staff.
Russia may have an interest in opening additional fronts, in particular by creating disruption among its adversaries. To arouse tensions within public opinion which would thus demand accountability from their rulers.
This is why it is necessary to maintain and strengthen the technical capacities for detecting cyberattacks. And put ourselves in a position to quickly circumscribe any intrusion or remote control of the information systems of our private and public organizations. It’s a long-term job that requires long-term investment. And to bring this digital vigilance to life on a daily basis.
–
