Russia and Ukraine in cyber 'stand-off'

Anti-government protesters read the latest news on internet at a barricade in Kiev Ukrainian security services have accused Russia of disrupting mobile networks

As diplomatic efforts are stepped up to ease tensions in Ukraine, security experts have warned that Kiev and Moscow are locked in a cyber stand-off.

Security forces in Ukraine have accused the Russian army of disrupting mobile communications.

Smaller-scale attacks have seen news websites and social media defaced with propaganda messages.

Cyber-attacks were utilised heavily during Russia's 2008 conflict with Georgia.

In that case, distributed denial of service attacks - known as DDoS - were used to overwhelm websites and servers in Georgia in the weeks leading up to the military action.

The Georgian government said Russia was behind the DDoS attacks, but the Kremlin denied this - stating that it was possible for anyone, inside or outside Russia, to launch such an attack.


On Tuesday, Ukrainian authorities confirmed that communication networks had been targeted, the first significant disruption of technology.

"I confirm that an... attack is under way on mobile phones of members of the Ukrainian parliament for the second day in a row," Ukrainian security chief Valentyn Nalivaichenko told journalists.

"At the entrance to [telecoms firm] Ukrtelecom in Crimea, illegally and in violation of all commercial contracts, was installed equipment that blocks my phone as well as the phones of other deputies, regardless of their political affiliation."

In addition, Ukrtelecom said its premises were raided last week by armed men, and fibre optic cabling was tampered with, causing loss of service for some users.

Georgian military Cyber-attacks were mounted on Georgian targets ahead of the 2008 conflict

Russian security services have not commented on whether they were behind either incident.

Security experts have speculated that Russia may be exercising restraint with its cyber-capabilities.

Marty Martin, a former senior operations officer with the US Central Intelligence Agency, said more extreme cyber-attacks may only take place if violence escalated.

"A lot of times you don't want to shut things down," he told Reuters.

"If you do that, then you don't get your flow of intelligence. You are probably better off monitoring it."

What we are unlikely to see, experts say, is cyber-attacks of the same scale as in 2007, when Estonia suffered a 10-day attack on its internet services, causing major disruptions to its financial system.

The attacks coincided with a disagreement between Estonia and Russia over the relocation of a Soviet war memorial.


While military action is visible and open to scrutiny from the international community, cyber-activity is considerably harder to track and attribute to a source.

Much of Ukraine and Russia's cyber-attack capability lies with criminal gangs, as well as so-called patriotic hackers willing to work for each country's respective cause.

"If the Russians are able to get their patriotic hackers to effectively participate in a war for them, it could be very effective," said Paul Rosenzweig, founder of Red Branch Consulting, and formerly of US homeland security.

Start Quote

We just don't know whether they will be motivated to fight or not”

End Quote Paul Rosenzweig

"That's not even beginning to think about the Russian military's capabilities directly, which are also no doubt quite sophisticated, but we've never really seen deployed. The Russian military's capabilities are unclear."

Likewise, Ukraine can also draw on considerable expertise - provided it can be mobilised.

"They are very active and very effective as well," Mr Rosenzweig told the BBC.

"We sometimes mistake Ukrainian groups for Russian groups as they come from roughly similar IP addresses and things like that. The Ukrainians, being slightly more westernised in their nature have expertise based in other countries.

"It's a really effective outside group, a diaspora if you will, but we just don't know whether they will be motivated to fight or not."


Activity from these groups would probably focus on small-scale defacements and disruption, experts believe.

One Ukrainian hacktivist group - Cyber-Berkut - posted a list of 40 websites that it had vandalised since the dispute began.

It included the homepage of state-funded broadcaster Russia Today, which for a short time was altered so that the word "Russians" was replaced with "Nazis".

But Mr Rosenzweig was keen to stress that any perceived damage from these types of cyber-attacks is of little significance if on-the-ground military action is taken.

"We should not overemphasise the importance of cyber," he said.

"Tanks beat cyber-bullets."

Follow Dave Lee on Twitter @DaveLeeBBC

More on This Story

Ukraine crisis

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • Mukesh SinghNo remorse

    Delhi bus rapist says victim shouldn't have fought back

  • Before and after shotsPerfect body

    Just how reliable are 'before and after' photos?

  • A cow wearing sunglasses overlaid with the phrase 'Can't touch this'Cow row

    Thousands rally against the ban on beef in India

  • Dana Lone HillDana Lone Hill

    The Native American names that break Facebook rules

BBC Future

(US Navy)

The world’s noisiest spy plane

The Soviet giant that still soldiers on


  • Former al-Qaeda double agent Aimen DeanHARDtalk Watch

    Islamic State is about revenge says former al-Qaeda member turned spy Aimen Dean

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.