Russian cyber warfare waiting in the wings

President Putin’s notorious military intelligence agency will unleash a catastrophic, pre-emptive cyber attack on Ukraine if he takes the decision to invade, an American cyberwar expert has said. The GRU, behind the Salisbury poisonings, a series of political assassinations and several large-scale cyber strikes, have the tools to disrupt Ukraine’s entire infrastructure “in minutes”, said James Lewis, a former diplomat and now senior vice-president at the Centre for Strategic and International Studies in Washington. “The Russians are the best in the world in this type of warfare and they have the advantage that they built all the networks and utilities in Ukraine, they know the country inside out,” he said. “The really effective stuff is held in reserve by GRU. We haven’t yet seen a serious effort at cyber warfare against Ukraine. If they wanted they could turn off the country’s electrical power, disrupt every network and cause havoc.” For “real” cyber warfare attacks, the Russian military has a set doctrine. “It’s called pre-conflict shaping,” Lewis said. “The fact that they haven’t done it so far is, if you like, an optimistic sign, but they could do it in minutes. If they are going to invade then they will launch cyber attacks to disrupt Ukraine’s whole critical infrastructure because the doctrine calls for it,” he said. He described recent cyber strikes against Ukraine, including a ‘denial of service’ attack on the ministry of defence and two banks in Kyiv this week, as “harassment” aimed primarily at causing tension and anxiety. There were 288,000 such attacks in Ukraine in the first ten months of last year, according to official figures. Many are performed by criminal hackers supervised by the FSB, Russia’s domestic security service. “If GRU was involved right now they wouldn’t be pussy-footing around with these harassment attacks, so they are obviously being held in reserve,” Lewis said. He predicted that the only network GRU might leave alone would be the telecommunications system in Ukraine, “but only because they would want to spy on it”. “Some of the new networks put in since the fall of the Soviet Union would be a little more difficult for them to penetrate. But they have such deep knowledge of Ukraine’s critical infrastructure that they know where the country is most vulnerable,” Lewis said. “The Ukrainians could harden their networks against cyber attacks but that takes money and even if they do it, it won’t be enough. So if Russia launches a serious cyber strike it could be very disruptive,” he said. A US administration cyber expert is currently in Europe advising Nato on how to prepare for a possible widespread attack in Ukraine. All Russian military operations of the last two decades have been preceded by cyber attacks: against Georgia in 2008 when Russian forces occupied two provinces and against Ukraine before the annexing of Crimea in 2014 and in the current armed conflict in the eastern Donbas region. GRU has been involved in some of Russia’s most brazen and aggressive cyber operations. Several GRU cyber units have been identified with names that include Fancy Bear, Voodoo Bear, Sandworm and Tsar Team. The US justice department in October 2020 indicted members of a GRU team called Unit 74455 for a series of cyber attacks including against targets in Ukraine in June 2017. GRU was accused of inserting the NotPetya malware throughout Ukrainian networks which then spread globally. Other operations blamed on GRU include the interference in the 2016 US presidential election, a failed coup in Montenegro in the same year, the attempted murder of Russian intelligence defector Sergei Skripal in Salisbury in 2018 and the cyber attack on Estonia in 2017. “GRU has been doing this for decades. Their strength is their human capabilities, they have great mathematicians and computer experts and they don’t worry about international laws,” Lewis said. “So they’ve got good people, good technology which grew out of their signals intelligence expertise, and no scruples. Plus they have had a lot of practice. We in the West tend to observe international laws, whereas the Russians do it quicker and meaner.”