cyber terrorism

February 4, 2022

What Does Cyberwarfare Look Like? Just Ask Ukraine.

Since March of last year, Russia has been deploying troops close to the Russia-Ukraine border ^[1]. While troop movement within a nation is typically normal, Russia’s relationship with Ukraine is anything but. Since 2014, Russia has aggressively shown its desire to annex Ukrainian territory, starting with its occupation of Crimea, a territory that was formerly part of Ukraine, but mostly comprised of people of Russian ethnicity. However, it soon became clear that Crimea was just the beginning for Moscow’s leaders. Following Russia’s occupation of Crimea in 2014, the country began to use unique, digital strategies to destabilize Ukraine.

Beginning in 2015, Russia has engaged in flagrant cyberwarfare with Ukraine. And these attacks weren’t just data breaches and ransomware attacks; they’ve affected nearly every resident of Ukraine. Ultimately, the Russia-Ukraine conflict could be a sneak peek of how war is waged in the future.

Hackers Target Ukraine

Following Russia’s annexation of Crimea, Ukraine saw relative calm for almost two years. However, in December 2015, Russia launched an effective, atypical attack. On December 23, a Russian cyber-military unit, “Sandworm,” attacked Ukraine’s power grid, and knocked out electricity to over 200,000 Ukrainians.^[2] Thankfully, power was restored to most places within six hours. Although a few hours without electricity isn’t exactly a devastating attack, it was undoubtedly worrying. After all, this was the first-ever confirmed hack that took down a power grid.^[2] Additionally, power grid control centers were still not fully operational over two months after the attack, highlighting the sheer strength and organization of the attack.

Unfortunately, this was not the only cyberattack that Russia has executed on Ukrainians. One year later, in December 2016, Russia again attacked Ukraine’s power grid.^[3] They quickly followed up by targeting Ukrainian banks and state-owned industries in June 2017.^[4] Following this major attack, Russia seemed to calm down, and tensions actually diffused for a few years. However, this changed in early 2022. As Russia began to mobilize its troops toward the Ukraine border, Moscow launched another cyberattack. This time, Russians were able to take down over 70 Ukrainian government websites, along with a message that warned Ukrainians to “Prepare for the worst.”^[5]

Although Russia launched multiple effective cyberattacks, many cybersecurity experts believe Russian President Vladimir Putin could have ordered the attacks to be so much worse. After all, Ukraine’s 2016 power grid outage only lasted for about an hour. This made some believe that Russia was using Ukraine as a “testbed” for refining cyberattacks that could be used globally^[3]. No matter Russia’s ultimate purpose, these cyberattacks show a glimpse of Russia’s unique military strategy.

Disinformation Campaigns

In addition to cyberattacks, Russia has also used the Internet to sew instability within Ukraine as well. When Russia invaded Crimea in 2014, the country used state media and social media to sway ethnic Russians in Ukraine to support the annexation.^[6] These accounts falsely alleged that Western forces manipulated Ukrainian protests, and also fabricated stories of Ukrainian soldier misconduct. Using this disinformation, Russia was able to gain enough support to annex Crimea with (relatively) little pushback.

If these disinformation efforts sound familiar, well, they are. Russia used similar techniques to meddle in the United States’ 2016 presidential election.^[6] It’s a sinister, yet successful strategy for promoting Russian interests. With the emergence of the Internet and the popularity of social media, information warfare is relatively simple. Being able to kindle instability from thousands of miles away is a new, anxiety-inducing strategy that is being utilized in Ukraine, the United States, and other nations. Although it may not lead to traditional warfare casualties, Russia’s cyberwarfare actions have been extremely successful in promoting Putin’s interests.

What Would a Cyberwar Look Like?

When people think of cyberattacks, most think of data breaches and ransomware attacks. Damaging, yes, but they typically don’t harm anyone outside of the affected business and its customers. Cyberwarfare is very different. While Russia’s power grid attacks on Ukraine were effective, they were not nearly as devastating as they could have been. If Russia chooses to execute full-strength cyberattacks, the consequences could be deadly. In this scenario, Russia could shut off most of the country’s electricity, disable heat in the middle of winter, and shut down Ukraine’s military communications.^[7] A cyberattack like this could make it astonishingly easy for Russia to successfully invade Ukraine. While an attack of this magnitude has not been undertaken by Russia or any other nation, the possibility of one is undoubtedly concerning. Full-fledged cyberwarfare is something the world has never seen, but the possibility of it increases every day.

Of course, it’s naive to assume that Russia is the only country preparing for cyberwarfare. The United States certainly has the capability to defend itself against cyberwarfare, and the ability to execute offensive cyberattacks. In fact, the United States was one of the first nations to engage in an act of cyberwarfare. In 2010, the U.S. and Israel jointly infected Iran’s nuclear infrastructure with the Stuxnet computer worm.^[8] This attack crippled Iran’s nuclear program, highlighting just how successful cyberattacks can be.

When it comes to cyberwarfare, we really don’t know what the rules are yet. If Russia attacks another nation’s electricity or heat, indirectly leading to civilian deaths, is that a war crime? Or is remotely targeting infrastructure fair game? There are dozens of questions that haven’t been answered. Unfortunately, we may learn these answers during a future cyberwar. Whether this new kind of war is waged between Russia and Ukraine, the U.S. and China, or some other combination of unfriendly nations, we know the consequences of cyberwarfare will be severe.

About AXEL

Cybercrime is an ever-present threat. Thankfully, AXEL makes it easy to protect yourself from ransomware and data breaches. At AXEL, we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. If you’re ready to try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

^[1] Roth, Andrew. “EU and UK Pledge Backing to Ukraine after Russian Military Buildup.” The Guardian. Guardian News and Media, April 6, 2021. https://www.theguardian.com/world/2021/apr/05/eu-sounds-alarm-at-russian-troops-ukraine-border-moves

^[2] Zetter, Kim. “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid.” Wired. Conde Nast, March 3, 2016. https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

^[3] Zetter, Kim. “The Ukrainian Power Grid Was Hacked Again.” VICE, January 10, 2017. https://www.vice.com/en/article/bmvkn4/ukrainian-power-station-hacking-december-2016-report

^[4] Polityuk, Pavel, and Alessandra Prentice. “Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack.” Reuters. Thomson Reuters, June 27, 2017. https://www.reuters.com/article/us-ukraine-cyber-attacks-idUSKBN19I1IJ

^[5] “Ukraine Cyber-Attack: Russia to Blame for Hack, Says Kyiv.” BBC News. BBC, January 14, 2022. https://www.bbc.com/news/world-europe-59992531

^[6] Merchant, Nomaan. “US Tries to Name and Shame Russian Disinformation on Ukraine.” ABC News. ABC News Network, January 28, 2022. https://abcnews.go.com/Politics/wireStory/us-shame-russian-disinformation-ukraine-82526617

^[7] Miller, Maggie. “Russian Invasion of Ukraine Could Redefine Cyber Warfare.” POLITICO, January 28, 2022. https://www.politico.com/news/2022/01/28/russia-cyber-army-ukraine-00003051

^[8] Melman, Yossi. “’Computer Virus in Iran Actually Targeted Larger Nuclear Facility’.” Haaretz.com. Haaretz, September 28, 2010. https://www.haaretz.com/1.5118389.

February 12, 2021

Have We Entered the Age of Cyber Terrorism?

What pops in your mind when you hear the term ‘hacker’? Years of corny representations in pop culture probably conjure up the image of a sweaty, obese man giggling to himself in his parent’s basement. Recently, the proliferation of state-sponsored hacker groups may have shifted this view somewhat. Still, even the worst breaches, such as the SolarWinds incident disclosed in December 2020, only move the needle of our collective attention span for few days at most. The danger is too abstract to take seriously.

But, what about attacks against critical infrastructure? Does a hacker’s attempt to poison a small Florida town’s water supply transform your conception from goofy punchline to legitimate terrorist? It should.

Oldsmar Florida water supply hack

On February 8, 2021, an unknown hacker or hacker group attacked Oldsmar’s water treatment plant[1]. The culprit took control of the treatment plant’s computer system and briefly increased the amount of lye in the water supply from 100ppm (parts per million) to 11,100. Lye is a corrosive chemical used to balance water’s pH, but it can be very harmful or even deadly in the incorrect ratio. Needless to say, a 100-fold rise in the amount of lye would have meant dire consequences for Oldsmar.

Luckily, a plant worker spotted the intrusion immediately and decreased the lye to normal levels quickly so no tainted water made it into the system. Had the plant operator not been on their game, or if the plant was completely automated, it could have been a disaster. Many smaller water treatment plants throughout the United States do not have constant human supervision, and they’re even less likely to have robust cybersecurity defenses.

Currently, the identity of the malicious agent(s) responsible for the attack is unknown. Both the FBI and Secret Service are investigating the matter[2]. Oldsmar is a town of approximately 15,000 people on the Gulf Coast of Florida, so you wouldn’t think it’s exactly a prime target for nation-state actors. Furthermore, the attack was not very sophisticated[3], pointing toward a more inexperienced perpetrator.

Preliminary analysis shows that the hacker accessed the water plant’s computer system via the remote desktop program, Teamviewer[4]. The system ran Windows 7, an older, outdated operating system that Microsoft has not supported with security patches for over a year. This, combined with poor password policies, led to the dangerous breach.

Not the first incident of cyber terrorism

The Oldsmar hack is very frightening but not the first occurrence of cyber terrorism. Here are a few notable past examples.

Israel water supply attack

Water supply attacks didn’t begin with Oldsmar. In May 2020, Israel implicated Iran in an attack on water treatment plants throughout the country. There is a striking similarity to the Oldsmar situation in that the hack’s goal was to change the proportion of chemicals mixed into the water[5]. So had Israel not noticed and foiled the assault, thousands of people could have been harmed.

The Israel-Iran conflict is way beyond this article’s scope, but know that this cyber incident is just one event in a long game of cat-and-mouse between the two archnemeses. With tactics such as these escalating the conflict, hopefully sanity prevails before a catastrophe happens.

Australia targeted by China

In another geopolitical squabble, in June 2020, Australia reported attacks against a variety of its critical infrastructure[6]. While officially unconfirmed, government officials attributed the attacks to China. Power plants, water networks, transportation grids, and communications grids all fell in the crosshairs.

The prevailing explanation for China’s motivation is that Australia put pressure on the communist nation to let an independent research team investigate the origins of the COVID-19 pandemic. This led to increased tensions, with China placing restrictions on trade with Australia and encouraging its citizens not to visit as tourists[7]. Analysts believe the hacks fell into this category of retaliation.

Ukrainian power grid hijacked

When discussing cyberattacks against infrastructure, you can’t leave out the Ukrainian power grid’s hack in December of 2015. Malicious agents infiltrated deep into the control systems of nearly 60 power Ukrainian substations[8]. It cut the power to 230,000 people in the area for between 1-6 hours. It was the first time a hack of a country’s electrical grid resulted in significant power outages. Cybersecurity experts pinpoint Russia as the offenders, and the very next year, they struck again by blacking out a small portion of Kyiv[9].

A look to the future

These situations largely avoided the worst potential consequences of cyber terrorism, can that be counted on forever? The truth is that all countries have vulnerable Industrial Control Systems (ICS) tied to critical infrastructure. The number of vulnerabilities disclosed in 2020 increased by 25% compared to the previous year, and this trend is only expected to continue[10].

There needs to be a national discussion about the prevention of cyber terrorism, as well as the contingency plans required just in case the worst happens. There can’t be a situation where a city’s electrical grid is so compromised that citizens are without power for a significant amount of time. Or where a threat actor successfully poison’s a town’s water supply. If society is not proactive about these scenarios, calamity is inevitable.

Securing data is our job

AXEL’s dedication to providing secure solutions for file sharing and storage is unparalleled. Our innovative, easy-to-use file-sharing platform, AXEL Go, protects your sensitive document from hackers and nosey corporations. Our engineers integrated blockchain technology, the InterPlanetary File System, and AES 256-bit encryption to ensure industry-leading privacy and safety. Download AXEL Go today for Windows, Mac, iOS, and Android to see how secure file sharing can be.

[1] Jack Evans, “Someone tried to poison the water supply of this Florida city in a hack, sheriff says”, The Miami Herald, Feb. 8, 2021, https://www.miamiherald.com/news/state/florida/article249110820.html

[2] Mahsa Saeidi, “FBI and Secret Service investigating Florida water hack”. News Nation, Feb. 9, 2021, https://www.newsnationnow.com/us-news/southeast/fbi-and-secret-service-investigating-florida-water-hack/

[3] Ionut Ilascu, “Hackers tried poisoning town after breaching its water facility”, Bleeping Computer, Feb. 8, 2021, https://www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/

[4] ABC News, “Outdated computer system exploited in Florida water treatment plant hack”, ABC Columbia, Feb. 11, 2021, https://www.abccolumbia.com/2021/02/11/outdated-computer-system-exploited-in-florida-water-treatment-plant-hack/

[5] “Israel thwarted attack on water systems: cyber chief”, DW.com, May 28, 2020, https://www.dw.com/en/israel-thwarted-attack-on-water-systems-cyber-chief/a-53596796

[6] Associated Press, “Australia says an unnamed state is increasing cyberattacks on its infrastructure, businesses”, LA Times, June 19, 2020, https://www.latimes.com/world-nation/story/2020-06-19/australian-leader-says-unnamed-state-increasing-cyberattacks

[7] “China punishes Australia for promoting an inquiry into covid-19”, The Economist, May 23, 2020, https://www.economist.com/asia/2020/05/21/china-punishes-australia-for-promoting-an-inquiry-into-covid-19

[8] Jose A. Bernat, “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid”, Wired, Mar. 3, 2016, https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

[9] Andy Greenberg, “’Crash Override’: The Malware That Took Down a Power Grid”, Wired, June 12, 2017, https://www.wired.com/story/crash-override-malware/

[10] Eduard Kovacs, “Number of ICS Vulnerabilities Continued to Increase in 2020: Report”, Security Week, Feb. 4, 2021, https://www.securityweek.com/number-ics-vulnerabilities-continued-increase-2020-report