Where are the cyberattacks? Russia's curious forbearance in Ukraine.

Russia's recent conflicts with former Soviet states have included massive cyberattacks. But so far, none have been apparent in Ukraine, possibly because Ukraine can hit Russia back.

Ivan Sekretarev/AP
Pro-Russian soldiers block the Ukrainian naval base in the village of Novoozerne on Monday. Ukraine says Russian forces controlling the strategic region of Crimea are demanding that the crew of two Ukrainian warships in Sevastopol's harbor must surrender.

Despite its aggressive incursion into Crimea this week, Russia has apparently shown notable restraint in another area of its conflict with Ukraine: cyberattacks.

Cyberattacks had appeared to become a staple of conflicts involving Russia and its smaller neighbors in recent years.

In 2007, massive “distributed denial of service” or DDoS attacks practically shut down tiny Estonia after a Soviet-era war statue was moved from the center of the capital, Tallinn, to the outskirts of the city. Russian hacktivists, apparently backed or at least tolerated by the Russian government, were linked to the attacks.

A year later, Russia’s invasion of neighboring Georgia was preceded by cyberattacks that severely disrupted Georgia’s government and telecommunications.

Yet so far, the cyber front in Ukraine has appeared relatively quiet. One reason, experts suggest, may be that very capable pro-Ukrainian hackers could inflict serious damage right back on Russia.

“The Russians and Ukranians have some of the best computer people in the world, because of the Soviet legacy military industrial complex,” says Taras Kuzio, a Ukraine expert at the School of Advanced International Studies at Johns Hopkins University. “These [Ukranian] guys are fantastic. So if the Russians tried something like a cyberattack, they would get it right back. There would be some patriotic hackers in Ukraine saying, ‘Just who are the Russians to do this to us?’ ”

Experts acknowledge that Russia could be engaging in stealthy cyberattacks that have evaded detection. But it’s clear that, so far, Russia has refrained from the obvious brand of cyberattacks that it has used in the past.   

While Ukrainian news sites are currently being targeted with DDoS attacks that overpower websites with a flood of fraudulent requests, such attacks are typical in the region and may not be related to the current conflict, says Dan Holden, director of Arbor’s Security Engineering and Response Team (ASERT).

“The current network traffic in Ukraine does not suggest the type of large scale cyberattacks that occurred in previous conflicts like the Russia-Georgia war of 2008 and the cyberattacks on Estonia in 2007,” he says in an e-mail.

Ukraine's only landline provider, Ukrtelecom, said unknown saboteurs had seized telecommunications nodes and destroyed cables in Crimea, leaving the region with almost no phone or Internet service over the weekend.

But most Internet Service Providers (ISPs) that serve that part of Ukraine were unaffected, and many of them get service through Russian ISPs, says Doug Madory, a senior expert with Renesys, a cybersecurity company in Manchester, N.H., that specializes in monitoring Internet pathways.

“Whatever changes are happening are subtle ones,” he says.

Ukraine is not like Syria or Sudan with just a few Internet lines. It is served by many ISPs with many independent land connections to neighboring countries, Mr. Madory says. For that reason, it would be difficult to create a national blackout, he says.

The Internet has been a battleground in Ukraine, but that was mostly before President Viktor Yanukovych was ousted last month.

Following allegations of police brutality against peaceful protesters in December, the official government portal, as well as websites belonging to the former president and Ministry of the Interior were knocked offline by DDoS attacks.

In addition, a botnet dubbed “DirtJumper,” which secretly takes control of personal computers and uses them to help carry out crimes, was linked to DDoS attacks that supported Ukranian protesters in late November and early December. Operated by crime groups in Russia and the Ukraine, DirtJumper targets US banks for hacking, massive illegal withdrawals, and DDoS attacks, says Elizabeth Clarke, a spokeswoman for the Dell SecureWorks Counter Threat Unit.

“We can’t confirm whether the botnet is being used for attacks by the criminals themselves, or it is being leased by pro-Ukrainian enthusiasts,” Ms. Clarke says. “But right at the moment, we are not seeing DirtJumper being used for either Ukranian or Russian targets.”

Ukraine has been called a haven for hackers and is said to harbor some of the most talented criminal hackers in the world, cybersecurity experts say.

"Ukrainian hackers are well-known in the world,” Valentyn Petrov, an information security official at the Security Service of Ukraine, known by the acronym SB, told The Washington Post last year. “Our country is a potential source of cyber threats to other countries."

The result could be a cyber standoff with each side wary of making the first move.

“Quite a few cyberattacks have started in or out of Ukraine in the past, and we can assume that both sides have ability to launch attacks on each other,” says John Bumgarner, a cybersecurity expert and former intelligence officer. “The question is: Just how far would some pro-Russia or Pro-European group go? There are fine lines in cyberspace, they really haven’t crossed yet.”

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.