Major cyber-assaults on Ukraine, then Moscow, on eve of Crimea vote

A group calling itself Anonymous Russia, which knocked out a Kremlin website in 2012 to protest Putin's third term as president, may have signaled a role in the attack on the Moscow site. 

With a disputed vote in Crimea set for Sunday, a powerful eight-minute cyber-attack was launched against Ukraine Thursday in the form of a large denial-of-service attack, originating in Russia, that hammered a computer network, cyber-security experts said.

Thursday’s distributed denial-of-service attack (DDoS) against an unidentified computer network in Ukraine was notable for being 32 times larger than the largest known distributed denial of service (DDoS) attack during Russia’s invasion of Georgia in 2008, according to Arbor Networks, a Burlington, Mass.-based cyber-security company.

It was followed on Friday by a powerful DDoS attack that temporarily knocked out websites belonging to the Kremlin, the Russian central bank, and Foreign Ministry. But it’s unclear if that was a Ukrainian response, and Russian authorities said the attack had nothing to do with the Ukraine crisis.

"A powerful cyber-attack is under way on the [Kremlin] site," a spokeswoman for the Russian president's press service told Reuters during the disruption. The three sites were repaired and all working later on Friday.

A group calling itself Anonymous Russia cited the Kremlin website's attack on Twitter, perhaps signaling it was behind the attack. The same group claimed to have knocked out the website in 2012 to protest Putin’s third term as president.

Only a little is known about the powerful Thursday attack. Eight minutes is enough time to take down a site and cause an outage, according to Jason Jones, an Arbor Networks analyst. Depending on the robustness of the network gear in place it can take down the network support equipment and cause a more extended outage.

“There have been no other attacks in this size range originating in Russia and targeting Ukraine in the past week,” Mr. Jones wrote in an e-mail interview.

For two weeks it’s been mostly quiet on the cyber-conflict front between Ukraine and Russia – a handful of attacks defacing websites and some minor denial-of-service attacks notwithstanding.

A major cyber-espionage system called “Snake,” which appears likely to have infested Ukraine’s government computer systems, according to a recent report by BAE Systems, has been around for years. But such a system could be used by its originators – believed to be Russian – to conduct attacks.

The recent attacks, as well as any future attacks attempting to impair the Ukrainian government’s ability to coordinate a response to Russian activities in Crimea, may hinge on geopolitical movements outside Ukraine.

“If it does continue to heat up – if NATO goes ahead and puts in passive defensive surveillance systems and says to Ukraine, ‘here’s how we can help and signs a partnership agreement' – that’s a tripwire,” says Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council, a national security think tank.

"If that happened," he says. “I would expect to see the Russians using cyber means to throw sand in the gears of the new government and make life a lot more difficult.”