Military confrontation between superpowers gets messy, so disrupting communications to help occupy an area or confuse an adversary before attacking looks increasingly tempting. That just may be happening in Ukraine, as Russia forces might be jamming networks in the Crimea region.
Russia preceded its invasion of Georgia in 2008 by disrupting the country's communications and networks using direct denial of service attacks to crash websites by flooding them with traffic, which is cited by cybersecurity researchers as a precedent for cyberspace as a new real-time battlefield. Russian military forces have raided Ukrainian telecommunications infrastructure, disrupting cellphones and Internet signals, and have targeted the communications of Ukrainian lawmakers, Reuters reports.
The U.S. has a dubious reputation for foreign surveillance programs used by the National Security Agency, but the Stuxnet virus, designed by the Obama administration and Israel to sabotage Iranian nuclear facilities, also set a precedent for hacking to enter the modern battlefield if it advanced a policy goal.
Hacking infrastructure of foreign adversaries remains a controversial strategy, but it could be a tempting alternative to avoid physical war, as Sen. John McCain, R-Ariz., has said there is "not a military option that can be exercised now" to counter Russia in Crimea. President Barack Obama reportedly limited the scope of the Stuxnet hack to military targets, even though the virus spread farther than its intended target and contaminated broader networks.
These risks of collateral damage to the Internet and the potential to complicate war are the reason hacking communications and infrastructure, including electrical grids, should off limits as weapons, says Jarno Limnéll, a doctor of military science and a former cybersecurity officer with Finland’s Defense Forces.
Limnéll says his cybersecurity sources are uncertain whether Russian hackers are targeting government services and critical infrastructure in Ukraine, but he adds, “Restraint is needed at this moment before making any strong conclusions.”
“I believe that these kinds of major attacks like targeting electricity and communications could probably be considered as crossing the line,” says Limnéll, who is currently director of cybersecurity at McAfee, which is a part of Intel Security. “That would be a very dangerous development because that could escalate the whole situation in Ukraine.”
The information war is already being waged online in Ukraine, as activists social networks “battle for hearts and minds” while hackers also disrupt and deface websites as part of this “mental front,” Limnéll says.
Hackers have defaced the website of Russia Today, a news network funded by the Russian government, replacing headlines and articles containing the word “Russia” with the word “Nazi,” and security researchers are noticing an increase in DDoS attacks crashing news websites that favor both the West and Russia, the New York Times reports.
Disrupting news websites to spread propaganda is an increasingly popular option during wartime, as seen with the persistent activity of the Syrian Electronic Army taking control of online news and social media sites to advocate for the regime of embattled Syrian President Bashar al-Assad.
Groups including the United Nations and Europe's Organization for Security and Cooperation in recent years have tried to set international protocol to limit the use of government hackers, similar to the way nations slowly built detente to avoid the use of chemical and nuclear weapons. The problem of nations agreeing not to hack infrastructure is that a nation “could outsource cybersecurity attacks,” to hacktivist groups which could allow that nation deniability, Limnéll says.
“That happened in Georgia in 2008 and in Estonia in 2007,” Limnéll, alluding to attacks that disabled networks in those nations in which Russia’s government is believed to have been involved.
The Syrian Electronic Army are one type of outsourced hacker group with a cause, and Russia's government may already be supporting a group of hackers to steal secrets from hundreds of companies in the U.S. and Europe, according to a report by cybersecurity research firm CrowdStrike.