Where are the cyberattacks? Russia's curious forbearance in Ukraine.

Russia's recent conflicts with former Soviet states have included massive cyberattacks. But so far, none have been apparent in Ukraine, possibly because Ukraine can hit Russia back.

Ivan Sekretarev/AP
Pro-Russian soldiers block the Ukrainian naval base in the village of Novoozerne on Monday. Ukraine says Russian forces controlling the strategic region of Crimea are demanding that the crew of two Ukrainian warships in Sevastopol's harbor must surrender.

Despite its aggressive incursion into Crimea this week, Russia has apparently shown notable restraint in another area of its conflict with Ukraine: cyberattacks.

Cyberattacks had appeared to become a staple of conflicts involving Russia and its smaller neighbors in recent years.

In 2007, massive “distributed denial of service” or DDoS attacks practically shut down tiny Estonia after a Soviet-era war statue was moved from the center of the capital, Tallinn, to the outskirts of the city. Russian hacktivists, apparently backed or at least tolerated by the Russian government, were linked to the attacks.

A year later, Russia’s invasion of neighboring Georgia was preceded by cyberattacks that severely disrupted Georgia’s government and telecommunications.

Yet so far, the cyber front in Ukraine has appeared relatively quiet. One reason, experts suggest, may be that very capable pro-Ukrainian hackers could inflict serious damage right back on Russia.

“The Russians and Ukranians have some of the best computer people in the world, because of the Soviet legacy military industrial complex,” says Taras Kuzio, a Ukraine expert at the School of Advanced International Studies at Johns Hopkins University. “These [Ukranian] guys are fantastic. So if the Russians tried something like a cyberattack, they would get it right back. There would be some patriotic hackers in Ukraine saying, ‘Just who are the Russians to do this to us?’ ”

Experts acknowledge that Russia could be engaging in stealthy cyberattacks that have evaded detection. But it’s clear that, so far, Russia has refrained from the obvious brand of cyberattacks that it has used in the past.   

While Ukrainian news sites are currently being targeted with DDoS attacks that overpower websites with a flood of fraudulent requests, such attacks are typical in the region and may not be related to the current conflict, says Dan Holden, director of Arbor’s Security Engineering and Response Team (ASERT).

“The current network traffic in Ukraine does not suggest the type of large scale cyberattacks that occurred in previous conflicts like the Russia-Georgia war of 2008 and the cyberattacks on Estonia in 2007,” he says in an e-mail.

Ukraine's only landline provider, Ukrtelecom, said unknown saboteurs had seized telecommunications nodes and destroyed cables in Crimea, leaving the region with almost no phone or Internet service over the weekend.

But most Internet Service Providers (ISPs) that serve that part of Ukraine were unaffected, and many of them get service through Russian ISPs, says Doug Madory, a senior expert with Renesys, a cybersecurity company in Manchester, N.H., that specializes in monitoring Internet pathways.

“Whatever changes are happening are subtle ones,” he says.

Ukraine is not like Syria or Sudan with just a few Internet lines. It is served by many ISPs with many independent land connections to neighboring countries, Mr. Madory says. For that reason, it would be difficult to create a national blackout, he says.

The Internet has been a battleground in Ukraine, but that was mostly before President Viktor Yanukovych was ousted last month.

Following allegations of police brutality against peaceful protesters in December, the official government portal, as well as websites belonging to the former president and Ministry of the Interior were knocked offline by DDoS attacks.

In addition, a botnet dubbed “DirtJumper,” which secretly takes control of personal computers and uses them to help carry out crimes, was linked to DDoS attacks that supported Ukranian protesters in late November and early December. Operated by crime groups in Russia and the Ukraine, DirtJumper targets US banks for hacking, massive illegal withdrawals, and DDoS attacks, says Elizabeth Clarke, a spokeswoman for the Dell SecureWorks Counter Threat Unit.

“We can’t confirm whether the botnet is being used for attacks by the criminals themselves, or it is being leased by pro-Ukrainian enthusiasts,” Ms. Clarke says. “But right at the moment, we are not seeing DirtJumper being used for either Ukranian or Russian targets.”

Ukraine has been called a haven for hackers and is said to harbor some of the most talented criminal hackers in the world, cybersecurity experts say.

"Ukrainian hackers are well-known in the world,” Valentyn Petrov, an information security official at the Security Service of Ukraine, known by the acronym SB, told The Washington Post last year. “Our country is a potential source of cyber threats to other countries."

The result could be a cyber standoff with each side wary of making the first move.

“Quite a few cyberattacks have started in or out of Ukraine in the past, and we can assume that both sides have ability to launch attacks on each other,” says John Bumgarner, a cybersecurity expert and former intelligence officer. “The question is: Just how far would some pro-Russia or Pro-European group go? There are fine lines in cyberspace, they really haven’t crossed yet.”

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.