17 May 2022

What the War in Ukraine Means

Kurtis Minder

Amid the largely kinetic activity involving the invasion of Ukraine by Russia, numerous shifts in the cyber landscape are occurring. Leading up to the military invasion, Putin made overtures of cyber recourse to his global opponents. Over the last week, the cyber tables turned against him. In addition to Ukraine’s cyber offensive operations, Russia has been hit by cyber-attacks from vigilante groups like Anonymous and recruits worldwide.

Also, when the banks closed, the ATMs in Ukraine quickly ran out of hard currency. Many Ukrainian citizens then turned to cryptocurrency to pay for their gas and groceries. Suddenly, the concept of decentralized finance made sense in a real-world scenario. Central banks aren’t functioning. So, out of cash, how do we pay for things? Crypto is the answer.

The mysterious hacking collective, Anonymous, made public overtures against Moscow, promising to attack the cyber infrastructure of the Russian state. Shortly after their first announcement, Russian government websites began going offline, culminating in a dump of confidential documents from the Ministry of Nuclear Safety in Moscow on the file share site Mega. They have continued their cyber offensive over the last month, hitting Russian web assets, and Kremlin infrastructure, among other targets.



Anonymous, however, is just part of the international cyber effort against Russia. For example, on Feb 26, Ukraine’s deputy prime minister and minister for digital transformation, Mykhailo Fedorov, asked for help from individual security researchers worldwide and created the “IT Army of Ukraine.” The IT Army is a volunteer group of cyber warriors tasked through the chat platform Telegram. In the Telegram channel, Ukrainian cyber leaders are tasking cyber actors worldwide to successfully attack Russian digital assets.

Crypto Becomes Mainstream

Regardless of the conflict outcome, the shift in currency and combat to cyber infrastructure will likely have a lasting impact on domestic and foreign policy.

The shift to crypto as a currency of choice during conflicts, driven by the collapse or deliberate shuttering of traditional banking, legitimizes decentralized finance (DeFi). DeFi, as a concept, represents the separation of government, oversight and policy from the financial markets. Operating under a DeFi model, the federal government has little or no influence on a given currency’s value and purchasing power. In the case of Ukraine, and now in Russia, the lack of stability or control over the financial sector is driving people to adopt DeFi (cryptocurrencies) to function. The foundational impact of utilizing crypto when the financial system is unreliable will have lasting effects in all countries. We now have a strong use case.

The parallel cyber offensive to the kinetic attacks marks a new and burgeoning tactic to influence traditional warfare. As cyber mercenaries step up their attacks, both unilaterally and with the encouragement of the Ukrainian government, the concept of traditional bi-lateral kinetic warfare shifts dramatically.

Where the Russians Can Strike Back

Meanwhile, the looming threat of a Russian cyber offensive against the US and NATO incites paranoia and fear in state governments and commercial entities. The role of years of ransomware attacks against the US and its allies has mainly gone undiscussed. The impact of these attacks could provide key advantages to Russia should they carry out a state-sanctioned cyber-attack. The quid pro quo. Most ransomware attacks emanate from Russia because Russia has provided some unofficial amnesty for the actors as long as they do not attack Russian assets. This was further verified in some of the ransomware code that would not execute if the victim’s keyboard was set to Cyrillic.

The ransomware actors consistently steal the data of their victims. Regardless of whether they settle with a victim or not, it is safe to assume they are keeping copies of the stolen data. Why would they delete it? It is valuable, and data storage is cheap. There is likely a quid pro quo from the Russian state with the actors that the FSB / GRU has access to or gets a copy of that stolen data. If Russia decided to initiate a cyber offensive, this data would prove invaluable. Exabytes of US and ally corporate, municipal and federal private data. Credentials, systems information, intellectual property, emails, databases and plans.

Another possible outcome of the conflict is future software supply chain attacks. Russian actors have proven their capabilities to carry out these sophisticated attacks in the past. Many companies have outsourced some or all of their software development to Ukraine. Should Russia gain access to the software development houses, they would have the raw materials (source code) to carry out more sophisticated, long-term software supply chain attacks for the foreseeable future.

No comments: