(TEXT) 31/03 2016
What’s ‘Cyber’ In Cyber War? Three Cases from the Ukraine-Russia Conflict
On December 23, 2015, a number of power plants in Western Ukraine underwent a sophisticated cyber attack that resulted in a major power blackout in the region. This hack is reportedly the first known case of a power blackout caused by a cyber attack on physical infrastructure in history. Vast evidence suggests that this attack was perpetrated by hackers most probably linked to the Russian military, although, as is often the case with cyber conflicts, it’s seemingly impossible to confirm the connection (1).
A little more than a month before the power plant hack, on November 20, 2015, the high-voltage power lines that supply Crimean peninsula with electricity from the territory of Ukraine were blown up. As a result, Crimea, which was annexed to Russia in March 2014, was blacked out completely, and a long-lasting power supply crisis started on the peninsula. Even though it is impossible to establish a cause-and-effect connection between the two events, they seem to be structurally symmetrical. Taken together, they seem to represent a shift in a war that is fought in the East of Europe – and beyond.
Destroyed power supply lines to Crimea (Kherson region, Ukraine, November 2015)
An explosion that destroyed power lines to Crimea was perpetrated not by the Ukrainian army, but by a militant group comprised of the members of Ukrainian volunteer battalions and exiled Crimean Tatars, engaged into the blockade of Crimean Peninsula. This is just one of many signs of the Ukrainian state loosing the grip on its monopoly on violence. Participants of the blockade claimed that they were merely enacting what the state itself should have done in relation to the government that occupied a part of its territory – for instance, stop supplying Russia’s troops stationed in Crimea with electricity from mainland Ukraine. In effect, some representatives of Ukrainian government supported the blockade, but the power lines were eventually restored.
The blackout in Crimea and the power plant hack in West Ukraine are both episodes of warfare that take place in a gray, undefined zone of power and conflict, in legal limbo where the military cedes its assignments and capabilities to proxies – both online and offline. The warring parties outsource their fight into both of these realms simultaneously.
In September 2014, a blog post that referred to Ukrainian troops fighting the battle for Donetsk International Airport as ‘cyborgs’ became wildly popular both in the blogosphere and in the mainstream media. This blog post claimed to reproduce the conversation of pro-Russian fighters besieging Ukrainian troops in the airport buildings, who were stating that the Ukrainian army had deployed cyborgs, rather then humans, in this battle. Otherwise, they just wouldn’t be able to remain inside the debris of a former airport and resist every attempt by the pro-Russian proxies to take it over.
The post, disseminated by the pro-government website Obozrevatel (2), was actually a hoax meant to boost the declining morale of Ukrainian army and ordinary citizens. However, the term ‘cyborg’ in its new sense was soon taken on by Ukrainian president Petro Poroshenko, and it soon became an almost unavoidable designation of anyone who participated in the defense of Donetsk Airport.
Despite their proud title, the so-called cyborgs of the Donetsk Airport were in reality very far from high-tech imaginary associated with contemporary warfare. The troops besieged in the airport reportedly only possessed small arms while being confronted with heavy artillery. They were called ‘the cyborgs’ precisely because they could survive in this battle despite their obvious lack of military technology (3).
During the Russian invasion of Crimea and its covert intervention in East Ukraine, a number of proxy groups emerged online – as a supplement to innumerable proxy actors that were offline infiltrating the protest movement of East Ukraine. The most visible of these online groups was operating under the name ‘Cyber-Berkut’, whose name is derived from the title of Berkut, the Ukrainian riot police which gained notoriety during the Maidan uprising in Kyiv due to its extreme brutality. The emergence of ‘Cyber-Berkut’ collective was a way to pay tribute to this counter-revolutionary force. It was based on the image of a loyal and committed counter-insurgency police officer who is operating in a grey zone between law and crime, half legal, half proxy.
During the Russian intervention in Ukraine, ‘Cyber-Berkut’ immediately became instrumental in soaring the anticipation of a full-scale cyber war against Ukraine. The first major cyber attack on Ukraine took place during its presidential election in late May 2014. The website of Central Election Commission was hacked and fake results of the elections were posted, claiming the election was won by a far-right candidate Dmytro Yarosh (who in reality gathered around 1% of the vote). The hack was fixed, but not before the images of fake election results made their way to the Russian television. However, nothing like a much-expected large-scale cyber conflict took place in the following months (4).
Insignia of Berkut police forces (left) and Cyber-Berkut hacker group (right)
Both Ukraine and Russia are famous for their thriving hacker communities, engaged into the circles of international cyber crime. In Ukraine, some of them made their way into state politics – like Dmitry Golubov, who was once considered a top cyber crime boss by U.S. law enforcement, but now serves as a Ukrainian MP and a leader of the Ukrainian Internet Party. This party is famous for nominating Darth Vader as its candidate in the presidential elections. In one of the party’s most recent political hacks, a statue of Lenin in Odessa region was converted into a monument to Darth Vader which also serves as a wi-fi hotspot (5).
Dmitry Golubov, head of Internet Party of Ukraine, taking the photo op with his party’s candidate in Ukraine’s presidential election, 2014
The lack of an all-out cyber war between Ukraine and Russia is symmetrical to the lack of an all-out civil war that was projected and envisioned in the East of Ukraine in the months leading to the Russian armed intervention in 2014. The scope of individuals, groups and communities that were mobilized to participate in the Russian-backed uprising in spring 2014 was not significant enough to sustain a prolonged rebellion, which led to the covert military intervention to prevent a total collapse of pro-Russian movement. In a similar way, the vast numbers of those engaged in illegal cyber activity were reluctant to join either side of the conflict, thus diminishing the danger of its full-scale fallout into the cyberspace. An attempt to outsource cyber war to private proxy actors has, for now, largely failed – which can not be said of the attempts to outsource the actual war to proxy actors in the offline realm.
1: Legal confusion regarding the attribution of Russian cyber-attacks on Ukraine and other countries is reflected here: https://www.asil.org/insights/volume/19/issue/1/cyber-operations-private-actors-ukraine-russia-conflict-cyber-war-cyber
3: In his book ‘Cyber-Proletariat’, Nick Dyer-Witheford describes ‘the coexistence in contemporary capitalism of extraordinary high technologies and workers who live and die in brutal conditions often imagined to belong in some antediluvian past. This coexistence is also a connection. Mines and artificial technologies seem to belong to different worlds, but they are strongly linked.’ The story of the cyborgs of Donetsk airport could shade these observations.
4: This is made explicitly clear by most of the contributors to this publication: https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_full_book.pdf