Russian President Vladimir Putin presides over a state with advanced hacking capability and a willingness to use it.Credit:Jamie Brown,Getty Images
The first act of major conflicts now usually play out in cyberspace,experts say. Just nine countries have nuclear weapons but most have state-sponsored hackers. Russia is widely considered to have some of the most advanced cyber capabilities in the world,and has launched some of the most brazen attacks in history,such as those that paralysed broadcasts of the 2018 Winter Olympics after Russia’s doping scandal andthe recent SolarWinds breach which reached into Western government agencies,including in the US and Australia.
Running cyber campaigns alongside regular physical warfare is a common Kremlin tactic. NotPetya hit during fighting in Ukraine’s east with Russian-backed separatists in an earlier iteration of the war in Donbas. In the former Soviet republic of Georgia in 2008,cyber attacks seemed to strike towns just ahead of Russian soldiers arriving to back pro-Russian separatists there.
What is considered theworld’s first digital weapon was unleashed in 2009,a highly advanced computer worm known as Stuxnet,built by the US and Israel to damage an Iranian nuclear enrichment facility. An arms race has been under way ever since among security agencies looking to patch vulnerabilities faster than hackers and rival nation states can exploit them.
But cyber weapons are still mostly deployed as “short of war” tools,in the grey zone between peace and war. They are cheap,effective and often difficult to trace back to the state behind them in comparison to boots on the ground,making retaliation complicated.
Cars stream out of Kyiv on February 24,following missile strikes by Russian forces on Ukrainian territory.Credit:Getty Images
That’s a thorny question,and one countries are still determining,according to international law expert and former Navy captain Professor Dale Stephens. While the Geneva Conventions and other treaties set out clear definitions for traditional warfare,the threshold for when cyber attacks cross the line and so justify a military response is often unclear. Some countries have kept it deliberately vague to keep enemies wary of crossing an invisible line and avoid the risk of defining their own offensive cyber operations as warlike.
In 2009,when Estonia’s government websites were shut down and defaced in Russian cyber attacks dubbed “Web War One”,it went to NATO for help. There was even (brief) talk of invoking Article 5,which demands all other nations in the alliance defend one another from enemy assaults. Big hacks have triggered sanctions,but the world did not see a direct military retaliation to a cyber attack until 2019,whenIsrael attributed its decision to bomb a building in Gaza to Hamas hacking links.
Still,in 2018,NATO said it could invoke Article 5 in the event of a serious cyber assault against an ally (the mode of retaliation depending on the severity.)In 2019,Australia solidified its own position. The gist is that when a cyber attack poses an imminent risk of damage equivalent to a traditional armed attack,such as significant loss of life or critical infrastructure,then a country should be able to defend itself. That’s generally the standard most countries accept as crossing the line,Stephens says.
Ukrainian President Volodymyr Zelensky posts video of himself and his team in Kyiv’ after false rumours that he’d fled. “We are defending Ukraine.”
It’s possible. If a major cyber attack did spill across Ukraine’s border into a NATO member state,that would test nations’ views on the right to self-defence,chair of the US Senate Intelligence CommitteeMark Warner told NPR. It could even force them to come to Ukraine’s defence if serious enough. Cyber attacks don’t recognise borders,Warner said. And if an attack in Ukraine also “shut down Polish hospitals ... you’re rapidly approaching what could be viewed as an Article 5 violation of NATO. We are in an uncharted territory.”
The disc-wiping bug detected this week in Ukrainian machines has already spread over the border to NATO members Lithuania and Latvia,but it’s smaller in scale,and only at organisations with a major presence in Ukraine,according to the company tracking the malware. And this appears to be accidental,not deliberate targeting.
Russia has yet to unleash the full extent of its cyber weapons in Ukraine. Experts say it will likely escalate attacks as Ukrainians resist the invading force. And many have suggested that Russia might look to target the “weaker links in NATO”,as well as big targets such as the US,with cyber attacks in retaliation for Western sanctions,inflicting economic pain of its own.
Meanwhile,Russia has already been hit by cyber counter-strikes itself. Cyber citizens around the world,including some in Russia who oppose their government’s invasion of Ukraine,have been sharing resources in an effort to launch disruptive attacks against the Kremlin,such as denial-of-service attacks that crash websites by overwhelming them with traffic. The activist hacking group Anonymous has already targeted Russia with such attacks,briefly shutting down some of its government websites and Russian news agency Russia Today,which has been described by Western officials as “Putin’s personal propaganda arm”. The Kremlin’s official website was down again as the fourth day of the invasion began,and Ukrainian fighters continued to hold off invading forces attacking the capital,Kyiv.
One of the West’s strongest weapons against Russia’s information war so far has been greater transparency than usual. Intelligence services in the US and the UK have been quick to attribute hacking in the weeks leading up to the attack on Russia and called out the Kremlin’s fake claims of Ukrainian violence and even a “genocide” against Russian speakers in the east. In recent days,Russia has moved to restrict Facebook andparts of the internet even further,decrying independent reports of Ukraine civilians killed and Russian missiles pounding cities in its assault on the country as “fake news”.
After a plea from Ukraine’s government,billionaire Elon Musk says his Starlink satellite internet service is up and running in the besieged country.
There are three scenarios where Australia could be hit with a cyber attack stemming from the Ukraine conflict,according to the director of the International Cyber Policy Centre at the Australian Strategic Policy Institute,Fergus Hanson. The first,and least likely,is if Russia turned its highest-level hacking tools directly on Australia.
“That’s the most unlikely because it’d be very obvious that Russia was doing it and it’d invite more countries to band together in more offensive ways against Russia’s activities,” Hanson says.
The second scenario is if a major self-spreading hacking tool is deployed by Russia in Ukraine and gets out of hand,as NotPetya did. “We could see that type of attack ... spreads globally,” Hanson says. “I think that’s pretty likely.”
Finally,there are sophisticated criminal hacking groups that operate with the tacit authorisation of the Kremlin as they run financial crimes online,locking up data and demanding ransoms for its return,for example (known as ransomware). “They could be given the nod to step up malicious activities against particular countries that need to be punished in Russia’s view,” Hanson says. “That’s the most likely activity in my view.”
Australia is likely well down the list of countries that Russia is interested in,though. Ukraine,the United States and European NATO powers are all above it,in Hanson’s estimation. Still Australia,which ispart of the Five Eyes military alliance,has been providing remote technical assistance and cyber training to Ukraine to bolster its digital defences.
Even if Russia does not focus on Australia,security experts have warned our proximity toother contested territory in Asia and role in the new AUKUS security alliance between Australia,United Kingdom,and United States means other countries have a greater interest in cyber surveillance in Australia.
Late last year,federal Parliament passed legislation to allow Australia’s cyber agencies to go into private companies under digital attack. A second tranche of laws putting more obligations on firms in critical sectors to beef up their defences is under consideration.
Intelligence chief at cyber security firm CrowdStrike,Adam Meyers,said countries such as North Korea and China had a greater incentive to conduct online espionage in Australia to understand how the alliance had altered their security positions.
“They’ll be targeting things related to the ports,they’ll be targeting things related to marine engineering,they’ll be targeting things related to supply chain and movement of things,” Meyers said from Washington DC last week,before the Russian invasion.
If you'd like some expert background on an issue or a news event,drop us a line atexplainers@smh.com.au orexplainers@theage.com.au. Read more explainershere.