Russia so far held in check by Ukraine

This was one of the biggest fears of some experts at the time of the Russian invasion. “We feared a digital Pearl Harbor”explains Julien Nocetti, lecturer-researcher at the military academy of Saint-Cyr Coëtquidan in Brittany, specialist in digital and cyber strategies of Russia, “but it didn’t happen”

Russia is a cyber power whose attack capability no longer needs to be demonstrated. Since 2014 and the annexation of Crimea, Ukraine has been under constant attack from Russian hackers. The most notable example is the use of NotPetya ransomware which paralyzed part of the Ukrainian economy in 2018. By then, its effects had largely transcended national borders. Even in France, several companies such as Saint-Gobain were affected. Surprisingly, the malware also had unwanted effects as far as Russia.

But since then, his attempts have ended in partial failures. On February 24, at the very beginning of the invasion of Ukraine, “a US ViaSat satellite was the target of a cyberattacksays the research cell of Radio France Stéphane Duguin of the CyberPeace Institute, based in Geneva. The ground modems fell victim to a malicious update. This satellite is widely used by the Ukrainian military. But he also had other clients, including individuals in France who use it to access the Internet. Result : “Almost 10,000 French people were without connection, almost 40,000 people in total in Europe. And in Germany, we lost control of nearly 6,000 wind turbines controlled by this satellite.”

Effects that are clearly far removed from those that hackers are looking for, Rayna Stamboliyska, expert in digital diplomacy, summarizes: “The purpose of such a maneuver was to prevent the Ukrainians from coordinating with each other at the beginning of the invasion. Mr. Putin and his team planned to carry out a lightning strike. Therefore, it would have been relevant to limit communication between the Ukrainian armed forces to sow disorder, prevent them from reacting and resist.” But that didn’t happen. In total, about 30 Russian cyber-attack campaigns have been documented by the CyberPeace Institute, but again with rather limited effects.

Unable to bend the Ukrainians through conventional cyber-attacks, Russian hackers then went all-in on another aspect of digital warfare: informational warfare. But again, so far the Ukrainians are dominating the battle, according to Rayna Stamboliyska. she believes that “The contrast is striking between the boxed, cold communication of the Russians and the spontaneous communication of the Ukrainians.”

“A former KGB propaganda specialist is cheated by an actor who became president with his smartphone.”

Rayna Stamboliyska

at franceinfo

However, the Russian hackers went to great lengths in their attempts at misinformation. A few days ago, a video of President Volodymyr Zelensky appeared on social media. A video faked by artificial intelligence called a deepfake explains Julien Nocetti: “It was a matter of borrowing Mr. Zelensky’s words to urge the population to surrender, to give up the struggle and the resistance. Again in vain. But depending on the escalation, we can find deepfake videos of Emmanuel Macron very well in a few weeks or Joe Biden announcing the launch of nuclear attacks on Russia. This could have an impact on the public, the population and decision-makers.”

On the left an image from the deepfake video, on the right an image of Zelensky's speech on Ukrainian television.  (DR)

If Russia is kept in check for the time being, cyber experts will remain cautious about the possible consequences of the war. “The digital weapon can still be used in the rest of the conflictappreciated Nicolas Arpagian cyber threat specialist, as it is available. States can use it directly or through cyber mercenaries: people who will carry out offensive attacks without formally assuming state responsibility.” In this area Russia is well armed. Direct links between groups of cybercriminals and the FSB (the Russian secret services) have been documented very recently thanks to the “Conti Leaks”a massive data breach from one of Eastern Europe’s leading hacker groups.

This group of hackers consisted of Russians, Belarusians but also Ukrainians who worked together until the invasion of Ukraine. After Conti publicly took a stand for Vladimir Putin, Ukrainians split from Conti and decided to break up the group. But when they left, they caused thousands of internal documents to leak onto the dark web. This enabled the public to discover for the first time what was going on within a large group of hackers. A blow to the criminal organization, which we learned about its methods, its targets, its income and its ties to the Kremlin.

But that doesn’t mean the end of Russian hacking, warns François Deruty, cybersecurity expert and former deputy director of operations at the National Information Systems Security Agency (Anssi): “There’s always a way to revive a group, or create a new one, that will use the same tools under a different name.” This data breach could even be a solution, believes the cybersecurity expert. “They are now available to the entire attacker ecosystem, and we will probably use them for other types of attacks in six months or a year.”

While Russia falters, the Ukrainians, on the other hand, are preparing. They have been developing defense capabilities for their systems for several years now. And a few days before the war, they received precious help from the United States, says researcher Julien Nocetti: “There has been close cooperation between Kiev, NATO and the United States to strengthen cyber defense and resilience of Ukraine’s infrastructure ahead of the conflict. We are seeing closer cooperation between US intelligence, the NSA and Ukrainians.” The Europeans also sent experts in the early hours of the conflict.

Added to this is the support of volunteers from all over the world. Two days after the start of the Russian invasion, Ukraine’s Minister of Digital Transformation announced the creation of a digital army or “IT army”. Thousands of people from around the world then joined a discussion forum about Telegram messages to attack certain Russian targets, government sites or others. Today, these volunteer pirates go so far as to identify and contact the families of Russian soldiers fighting in Ukraine, warning them of the actions of their loved ones. A very wide field of action to disrupt the Russian offensive as best as possible.

However, these actions are not without risk, warns Rayna Stamboliyska: “The people carrying out these attacks have no official mandate other than to reply to a tweet and join a Telegram group. They are Ukrainians, but also Americans, French, Danes, and they penetrate. So they are in violation.”

“It becomes even more problematic when Mr Putin says he can consider all countries where these pirates live as belligerents in the context of armed conflict.”

Rayna Stamboliyska

at franceinfo

Some Western countries are therefore afraid of possible digital retaliation or cyber attacks targeting Europe or the United States. US President Joe Biden made this risk clear a few days ago: “My government has warned me that the Russians are planning cyber attacks on us. The Russian potential is very great and the threat is becoming more and more apparent. The government is ready. National security is at stake.”

In the process, the US cyber defense agency published two notes accusing Russia have deposited implants with companies associated with the energy sector. These implants, like digital time bombs, can be later activated by some hackers and have serious consequences. France itself discovered this type of implant: in 2018, Guillaume Poupard, the director-general of Anssi . discovered announced for senators “We have uncovered very disturbing cases, including an attempted intrusion into card systems related to the energy sector, which had only one purpose: to prepare for future violent actions. Imagine the consequences for a country’s functioning of an attack on the energy distribution networks.”

“It is always complicated to know the purpose of these attackssays François Deruty, former deputy director of operations at Anssi. We find malicious codes, but as long as we don’t know whether it’s just a matter of spying on communications or destroying them, we don’t really achieve the desired ultimate effect. And it’s complicated to go back to the sponsor.”

Anssi had published a note on the subject at the time, but without ever mentioning Russia. “The French doctrine is not to name the culprits publicly as other countries do.continues François Deruty. We can discuss it bilaterally, we can use the diplomatic route. There are other ways to point the finger or let people know they know things.” However, according to our information, Russia seems to be behind this deposit of implants. A criminal group called Energetic Bear, spotted close to Moscow and also under other names in the United States, is said to be behind these attacks.

Faced with these fears, France is preparing. Anssi published a note at the beginning of the war to ask French companies to protect themselves. Especially in the run-up to major events such as the Rugby World Cup in 2023 or the Olympic Games in 2024, the operators of vital importance (ministries, nuclear power plants, etc.) are monitored. The army is also preparing. It held its annual crash test: a simulation of cyber attacks to facilitate the functioning of the chain of command. This year the theme of the exercise was: “a country excluded from the Olympics decides to invade a border area of ​​a state linked to France”† The implication is clear.

But if the fear is mainly about computer hacking, there is also the risk of a physical attack on network infrastructures. A hostile state could very well attack the undersea cables connecting the countries, disrupting Internet communications. Bernard Barbier, former technical director of the Directorate-General for External Security (DGSE), explains: “These cables are visible, laid at the bottom of the sea. They look like big garden hoses, easy to cut. You can very well go with a submarine up to 5000 m deep and cut them. If you cut one, it has no effect , but if you cut five or ten, there’s a serious slowdown in the internet, and when those cables are gone, the digital collapses.”

This fear is a fantasy for some experts for now, but it’s based on a precedent: In 2015, a Russian oceanographic vessel, the Yantar, approached a little too close to cables near the US east coast. The United States then suspected him of espionage. But if it is possible to listen to a cable, it is also quite possible to damage it.

two Franco-French duels, shocks for Toulouse, Clermont and Montpellier … What you need to know about the round of 16

our opinion on the 180 hp petrol version