Flickr user: Kecko

Reports in recent days of cyber incidents involving Russia and Ukraine are largely unconfirmed and inconsistent.

The scale and frequency of website defacements—of the kind the Russian government broadcaster RT reported over a week ago—is barely distinguishable from the ordinary background noise of hostile activity against any high-profile site.

This is a vastly different situation to the mass denial of service (DoS) and hacking attacks that targeted Estonia in 2007 and Georgia in 2008.
The first incident to be definitively linked to the Russia-Ukraine confrontation came when an Internet exchange point (IXP, an important node for Internet traffic) located in Crimea was physically taken over by Russian forces on, or about, March 1. Ukraine then alleged that this facilitated attacks on the mobile phones of members of parliament in Kiev.

There has apparently been no corroboration in open sources of the Ukrainian claim. But even if the incident was reported accurately, it simply underscores how little cyber activity there has been to date.

Even the IXP incident was instead a physical action aimed at facilitating an information operation.
When on March 8 the long-expected DoS attacks against Ukraine were first reported, they apparently had only one target—the National Security and Defense Council.

This too was in contrast to the much broader range of targets which came under attack in Estonia and Georgia. Considering that this specific Ukrainian target will be a key decision-making center for managing the crisis and any military response, some analysts have suggested that the attack could be a precursor to further military action by Russia. In this way, it is the reverse of the previous incident—namely an information operation designed to suppress communications preparatory to kinetic action.

Leave a Reply