The real story behind Russia-Ukraine cyber wars

“Russian president is likely to use cyber attacks as a form of retaliation against our country for its action to counter Russias incursion in Ukraine.” – President of USA, Joe Biden at Business Roundtable quarterly meeting, March 2022 “In March 2022, hackers associated with Russian IP addresses have been scanning the network of 5 US energy companies and 18 US companies in other sectors like defence and financial services, hunting for zero day( still undiscovered ) vulnerabilities to execute disruptive and destructive cyber activity. “ – FBI “We will unleash full wrath of world hackers, key components of your Government (Russian)would be hijacked. Websites of Duma ,Ministry of Defence, State control tv R.com and of Russian stock exchange have already been taken down.” – Hacker collective, the Anonymous, sympathetic to Ukraine, March 2022 Welcome to the scary world of new age hybrid warfare where cyber attacks are sine-qua-non to any military exercise. Ever wondered what following hacker groups have in common? -FancyBear, SandWorm, Conti,Turla; all Russian and allegedly responsible for hacking Presidential elections in Ukraine and launching ‘NotPetya’ attacks causing mayhem on critical infrastructure of Ukraine. – Groups like Bureau 121, The Lazarus group owing allegiance to North Korea and allegedly responsible for 2016 Bangladesh National Bank cyber heist of more than USD 90 million, launching WannaCry worldwide ransomware attacks (for more information on WannaCry ransomware attacks kindly refer to the author‘s column dated February 24 2022), hack on Sony pictures in November 2014 for allegedly mocking supreme leader of North Korea wherein Lazarus hacker Park Jin Hyok was held responsible and put on FBI wanted list, though North Korea denies his existence. – Hacker groups IRGC(Islamic Revolutionary Guard Corps),owing allegiance to Iran and infamous for iconic cyber attacks against Aramco oil refinery in Saudi Arabia rendering more than 30,000 computers useless. – MI5, MI6, GCHQ(Government communication headquarter) of UK, capable of tapping data flowing through underground sea cables i.e. approximately 25% of global data. – Unit 8200 of Israel allegedly launched world‘s most sophisticated cyber-attack Stuxnet to stymie Iran‘s nuclear ambitions. – PLA unit 61486, APT 31, APT 41, StonePanda, RedEcho groups affiliated to China and as per report in New York Times, allegedly responsible for sensational power outage in Mumbai, a city of 20 million people, wherein trains were shut down and stock market closed, while hospitals had to switch to emergency power to keep ventilators running amid Covid outbreak. This happened while Chinese and Indian troops clashed in remote Galwan Valley, bashing each other to death with clubs and rocks. The common thread running through all the aforesaid hacker groups is that they are all allegedly ‘elite nation state actors’ : Hacker collectives churning out bespoke malware to attack critical infrastructure of adversary states. With the support of nation states, they launched cyber attacks with incredible sophistication to emaciate critical infrastructure like power plants, banking systems, nuclear plants, transportation systems of inimical regimes in order to ‘soften’ them before launching an all-out physical military campaign on the ground. They have also earned the moniker ‘Advanced Persistent Threat (APT) actors. Operation Olympic games It was early 2010, the furrows  on the brows of Israeli authorities and NSA officials of USA had deepened. Iran was behaving like a rogue state, it was rapidly developing nuclear offensive capabilities, masquerading them as civil nuclear energy facilities. It had stopped cooperating with International Atomic Energy Agency, IAEA and closed its nuclear fuel enrichment plants to inspection. Israel knew a nuclearised Iran would tilt the balance of power in the region and the very existence of tiny Jew state would be jeoparadised. Full-scale preparations had begun to modify missiles and  bomb Iran’s nuclear facilities. This could have spawned a massive war culminating into major loss of life. In spite of such massive risks, Israel knew that Iran has to be stopped for the sake of its own survival. Just in the nick of time, a Eureka moment dawned, when allegedly the technology advisor to Israel prime minister, in consultation with the chief scientist in NSA instead decided to launch operation Olympic games. An operation to design and deploy the world’s most sophisticated cyber weapon called Stuxnet(name derived from keywords in its code), without firing a bullet. Stuxnet discovered by scientist Serjey Ulasen and its propagation studied first by cyber security firm ‘VirusBlockAda’, was the most sophisticated piece of malware ever discovered and its effects ingenious and terrifying. It opened the Pandora’s box of the state actors’ executed cyber warfare. Stuxnet sabotaged Uranium nuclear fuel enrichment facility in Netanz, Iran, which was highly fortified and airgapped ,i.e. not connected to internet. The chief Nuclear Physicist of Pakistan, Dr AQ Khan, had sold the centrifuges for enrichment of uranium to Iran and their operation was studied meticulously by researchers in Mosad  and NSA. Accordingly, bespoke Stuxnet was curated. It is speculated that external contractors, overcame the air-gapping  by introducing Stuxnet via USB flash drive in Siemens’ Programmable Logic Controllers PLCs, which are small computers that control industrial automation in practically all sectors including airlines, power plants, water purification plants, nuclear plants etc. Cyber sabotage of PLCs can bring a whole nation down to its knees. This was the beginning of hybrid warfare and launch of the state of the art digital weapon, equipped with immense speed, precision and agility, sans any ground troops. Incredibly, in just a few minutes, zombie centrifuges started to spin at supersonic speeds, tearing themselves apart. Stuxnet’s baptism by fire, ensured for the first time, irreversible physical damage due to a cyber weapon leading to complete derailment of Iran‘s nuclear programme. Stuxnet proved to be Iran‘s nightmare, which gave a death blow and was the sole reason why Iran, till date, could not become an acclaimed nuclear weapon state. The story behind Russia Ukraine cyber wars -In 2014, Russia annexed Crimea, which was part of erstwhile Ukraine. It was followed by Russia backed insurgency in Eastern Ukraine, which has resulted in more than 20,000 deaths till date. The year marked

The real story behind Russia-Ukraine cyber wars Read More »