AXEL.org

international

What Does Cyberwarfare Look Like? Just Ask Ukraine.

Since March of last year, Russia has been deploying troops close to the Russia-Ukraine border [1]. While troop movement within a nation is typically normal, Russia’s relationship with Ukraine is anything but. Since 2014, Russia has aggressively shown its desire to annex Ukrainian territory, starting with its occupation of Crimea, a territory that was formerly part of Ukraine, but mostly comprised of people of Russian ethnicity. However, it soon became clear that Crimea was just the beginning for Moscow’s leaders. Following Russia’s occupation of Crimea in 2014, the country began to use unique, digital strategies to destabilize Ukraine.

Beginning in 2015, Russia has engaged in flagrant cyberwarfare with Ukraine. And these attacks weren’t just data breaches and ransomware attacks; they’ve affected nearly every resident of Ukraine. Ultimately, the Russia-Ukraine conflict could be a sneak peek of how war is waged in the future.

Hackers Target Ukraine

Following Russia’s annexation of Crimea, Ukraine saw relative calm for almost two years. However, in December 2015, Russia launched an effective, atypical attack. On December 23, a Russian cyber-military unit, “Sandworm,” attacked Ukraine’s power grid, and knocked out electricity to over 200,000 Ukrainians.[2] Thankfully, power was restored to most places within six hours. Although a few hours without electricity isn’t exactly a devastating attack, it was undoubtedly worrying. After all, this was the first-ever confirmed hack that took down a power grid.[2] Additionally, power grid control centers were still not fully operational over two months after the attack, highlighting the sheer strength and organization of the attack.

Unfortunately, this was not the only cyberattack that Russia has executed on Ukrainians. One year later, in December 2016, Russia again attacked Ukraine’s power grid.[3] They quickly followed up by targeting Ukrainian banks and state-owned industries in June 2017.[4] Following this major attack, Russia seemed to calm down, and tensions actually diffused for a few years. However, this changed in early 2022. As Russia began to mobilize its troops toward the Ukraine border, Moscow launched another cyberattack. This time, Russians were able to take down over 70 Ukrainian government websites, along with a message that warned Ukrainians to “Prepare for the worst.”[5]

Although Russia launched multiple effective cyberattacks, many cybersecurity experts believe Russian President Vladimir Putin could have ordered the attacks to be so much worse. After all, Ukraine’s 2016 power grid outage only lasted for about an hour. This made some believe that Russia was using Ukraine as a “testbed” for refining cyberattacks that could be used globally[3]. No matter Russia’s ultimate purpose, these cyberattacks show a glimpse of Russia’s unique military strategy.

Disinformation Campaigns

In addition to cyberattacks, Russia has also used the Internet to sew instability within Ukraine as well. When Russia invaded Crimea in 2014, the country used state media and social media to sway ethnic Russians in Ukraine to support the annexation.[6] These accounts falsely alleged that Western forces manipulated Ukrainian protests, and also fabricated stories of Ukrainian soldier misconduct. Using this disinformation, Russia was able to gain enough support to annex Crimea with (relatively) little pushback.

If these disinformation efforts sound familiar, well, they are. Russia used similar techniques to meddle in the United States’ 2016 presidential election.[6] It’s a sinister, yet successful strategy for promoting Russian interests. With the emergence of the Internet and the popularity of social media, information warfare is relatively simple. Being able to kindle instability from thousands of miles away is a new, anxiety-inducing strategy that is being utilized in Ukraine, the United States, and other nations. Although it may not lead to traditional warfare casualties, Russia’s cyberwarfare actions have been extremely successful in promoting Putin’s interests.

What Would a Cyberwar Look Like?

When people think of cyberattacks, most think of data breaches and ransomware attacks. Damaging, yes, but they typically don’t harm anyone outside of the affected business and its customers. Cyberwarfare is very different. While Russia’s power grid attacks on Ukraine were effective, they were not nearly as devastating as they could have been. If Russia chooses to execute full-strength cyberattacks, the consequences could be deadly. In this scenario, Russia could shut off most of the country’s electricity, disable heat in the middle of winter, and shut down Ukraine’s military communications.[7] A cyberattack like this could make it astonishingly easy for Russia to successfully invade Ukraine. While an attack of this magnitude has not been undertaken by Russia or any other nation, the possibility of one is undoubtedly concerning. Full-fledged cyberwarfare is something the world has never seen, but the possibility of it increases every day.

Of course, it’s naive to assume that Russia is the only country preparing for cyberwarfare. The United States certainly has the capability to defend itself against cyberwarfare, and the ability to execute offensive cyberattacks. In fact, the United States was one of the first nations to engage in an act of cyberwarfare. In 2010, the U.S. and Israel jointly infected Iran’s nuclear infrastructure with the Stuxnet computer worm.[8] This attack crippled Iran’s nuclear program, highlighting just how successful cyberattacks can be.

When it comes to cyberwarfare, we really don’t know what the rules are yet. If Russia attacks another nation’s electricity or heat, indirectly leading to civilian deaths, is that a war crime? Or is remotely targeting infrastructure fair game? There are dozens of questions that haven’t been answered. Unfortunately, we may learn these answers during a future cyberwar. Whether this new kind of war is waged between Russia and Ukraine, the U.S. and China, or some other combination of unfriendly nations, we know the consequences of cyberwarfare will be severe.

About AXEL

Cybercrime is an ever-present threat. Thankfully, AXEL makes it easy to protect yourself from ransomware and data breaches. At AXEL, we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. If you’re ready to try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

[1] Roth, Andrew. “EU and UK Pledge Backing to Ukraine after Russian Military Buildup.” The Guardian. Guardian News and Media, April 6, 2021. https://www.theguardian.com/world/2021/apr/05/eu-sounds-alarm-at-russian-troops-ukraine-border-moves

[2] Zetter, Kim. “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid.” Wired. Conde Nast, March 3, 2016. https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

[3] Zetter, Kim. “The Ukrainian Power Grid Was Hacked Again.” VICE, January 10, 2017. https://www.vice.com/en/article/bmvkn4/ukrainian-power-station-hacking-december-2016-report

[4] Polityuk, Pavel, and Alessandra Prentice. “Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack.” Reuters. Thomson Reuters, June 27, 2017. https://www.reuters.com/article/us-ukraine-cyber-attacks-idUSKBN19I1IJ

[5] “Ukraine Cyber-Attack: Russia to Blame for Hack, Says Kyiv.” BBC News. BBC, January 14, 2022. https://www.bbc.com/news/world-europe-59992531

[6] Merchant, Nomaan. “US Tries to Name and Shame Russian Disinformation on Ukraine.” ABC News. ABC News Network, January 28, 2022. https://abcnews.go.com/Politics/wireStory/us-shame-russian-disinformation-ukraine-82526617

[7] Miller, Maggie. “Russian Invasion of Ukraine Could Redefine Cyber Warfare.” POLITICO, January 28, 2022. https://www.politico.com/news/2022/01/28/russia-cyber-army-ukraine-00003051

[8] Melman, Yossi. “’Computer Virus in Iran Actually Targeted Larger Nuclear Facility’.” Haaretz.com. Haaretz, September 28, 2010. https://www.haaretz.com/1.5118389.

Your Unlocked Phone In A Stranger’s Hand? It Might Happen When You Fly Internationally

Belts off, shoes off, keys, and pocket change in the bin.

Most of us know the routine by heart. Before we even get to the front of the line we have a security bin in our hands. It’s all become so routine it’s second nature.

On the one hand, we know it’s a complete pain but on the other hand most of us have adopted an “it’s better to be safe than sorry” stance on this matter.

When does it go too far?

When does security cross the line from vigilance to invasion of privacy?

Is it when the TSA agents are giving you the kind of pat-down that your doctor wouldn’t do? Is it when they’re grilling you about every minute detail of your trip? Is it when an agent is rifling through the unmentionables in your luggage?…

…Or, maybe, it’s when they’re asking you to unlock your smartphone?

You read that correctly. There is a staggering increase in the amount of searches where a traveler’s phone is being accessed by agents. Does that make you feel secure or  violated?

Your smartphone is an extension of your life

Do you go around handing photos of your kids to complete strangers? How about confidential company documents? What about your personal medical documents?

Now think about what you keep on your phone. There is so much personal data on our phones. Data that we want to keep private. After all, that’s why we put passcodes and use thumbprint IDs to unlock our phones.

Our phones are more than just a device to make calls. It’s the one thing most of us use every day and carry with us wherever we go.

Think about your pictures, your emails, your documents, and even your message chats.

To say that our phones hold all the information about our lives wouldn’t be an exaggeration. Spend 30 minutes looking at someone’s unlocked phone and you will gain a lot of insight into that person.

So ask yourself, how comfortable would you feel with a stranger taking your unlocked phone into a private room for 30 minutes or more?

That’s the question many travelers are asking themselves lately.

The rules that you think are protecting you aren’t

Some of you may be tempted to dismiss this as a serious concern. After all it seems like it’s an illegal action being taken by overzealous border agents. And that’s what the constitution is for.

If there’s one thing most Americans are familiar with, it’s the constitution.

The Fourth Amendment prevents illegal search and seizure.

The Fifth Amendment prevents self-incrimination.

These are some of the bedrocks of the constitution and it protects the privacy rights for Americans. It also doesn’t protect you in this case.

Yes, that’s correct. The constitution doesn’t protect you when it comes to your phone being searched when you’re flying.

How is this possible? Well, the same way most questionable actions are legitimized…by a loophole.

Decades ago the Supreme Court created an exception for border agents with regards to the Fourth Amendment. So technically they can search whatever they want and there’s nothing to stop them.

So while it would be illegal for a police officer to stop you and ask you to unlock your phone, it’s perfectly legal for a border agent to do so.

What, me worry?

As you read about this issue another temptation might be to come up with reasons why you don’t think you should worry about this.

You might say to yourself “I’m a US citizen, this only applies to non-Americans”. But unfortunately you’d be wrong about that. American-born citizens have had to turn in their phones at the border already.

As a matter of fact, according to a recent lawsuit, NASA engineers, journalists, and even military veterans (all of whom are American citizens) have recently had to unlock their phones when entering the country.

Even phones that were government-issued and might contain confidential data were subject to being searched at the border.

So no one is immune from this scrutiny.

Another thing many people might say (wrongly) to themselves is the belief that “I’ve done nothing wrong so I’ve got nothing to hide”. But it’s never that simple.

Again, think about all the information that you have on your phone. Is it possible that a friend of a friend on Facebook is a criminal? What about the people you follow on Twitter? Guilty by association, perhaps?

Have you ever made a comment, seriously or in jest, about the government or the President? What if you’re reading a fictional book about a government revolution or terrorist attack?

It might seem extreme but it doesn’t take much for something innocent to lead to further scrutiny. Suddenly your phone isn’t just taken for 30 minutes but for 10 hours.

Different story now isn’t it?

And for those of you that aren’t American and are shaking their heads and thinking “this would never happen in my country”, you might want to rethink that position. Similar scenarios have already happened in Canada and there are reports of it occurring in the UK and Australia as well.

They have the power, you have the control

This situation sucks. The bad (and obvious) news is that you’re left without a choice. Border agents have all the power in this situation and if you want to get back into the country you need to comply.

The good news is that you do have a choice in how much information they get. As we’ve been known to say around here, awareness about an issue is the first step. So now that you’re aware, you can prepare yourself.

Here are some options that you can take before your next flight:

  • Don’t take your devices with you: This might be easier said than done. But for many people going on vacation, is it really necessary to bring your phone with you?If you need to take pictures you can bring a digital camera, if you want to connect to the Internet then you can take something like an iPod that has Wi-Fi capabilities. There are alternatives to having to take your smartphone with you.
  • Restore your phone to factory settings: Just backup all the data on your phone so it’s saved securely, and once it is you can restore your phone to its factory setting for your trip. All your files and apps will be off your phone and anyone who looks at it will be looking at essentially a blank device. When you return you can restore your backup so your phone is back to the way it was before your trip.
  • Buy/rent a temporary phone: If you really need a phone on your trip you can leave your main phone back at home and grab a rental or prepaid phone in your new destination.You’ll get a number for people who need to contact you and many of them come with a data plan as well. You just use it for the duration of the trip and then return it once you’re done, or simply save it for your next trip.

Doors locked, oven turned off, private phone data secured

These solutions might seem a bit extreme but keeping your data private is not a joke. It’s just a fact of life that this is something you may encounter when it comes to flying.

It’s always important to be prepared and aware whenever there’s a situation where your private data might get accessed by someone you wouldn’t want. Unfortunately this is where we’re at in society.

For better or worse security has taken us here, so it’s up to us to determine how much information we want to give up.

Ultimately it’ll be up to each individual to decide if they’re comfortable handing an unlocked phone to a complete stranger or not.

If this is something you aren’t comfortable with then at least you know what you’re up against and you can take whatever steps you need.

Traveling comes with enough stress and anxiety, and the last thing you need to worry about is an invasion of privacy. By taking these steps you’ll be ensured that your vacation is smooth sailing all the way.