Tony Proctor MBCS and Emily Proctor explore how nation states, including Russia, have deployed offensive cyber activities and assess what these mean for UK citizens and their devices.

When encountering security practitioners from espionage’s darker side, I often start the conversation with an initial question: how far inside our critical infrastructure might our adversaries be? And, how far inside theirs do you think we are?

What usually results is a short silence, followed by a swift rhetorical manoeuvre towards another topic.

In reality, the answer to my question might simply be unknown — but the fact that experts don’t seem willing to engage with the enquiry is important in itself. For example, do the Russians (or other potential adversaries) have the capability to disable our electrical power networks? Can they do this with a click of a mouse and with the same apparent ease with which Russia can turn off gas supplies across Europe?

Speculation and sharing intelligence

We live in uncertain times. The war in Ukraine, concerns about Taiwan’s security and conflicts in the Middle East are evidence of a world that’s far from stable or predictable.

In times like these, you don’t need to look too far to find headlines speculating on cyber-attacks and their technicalities.

It’s reasonable to expect that since the start of Russia’s war GCHQ, the National Cyber Security Centre, the NSA and other Western cyber-powers have all been sharing knowledge with Ukraine.

Early in the Ukraine war, NBC reported that President Biden had received a ‘menu of options for conducting cyber attacks against Russia.’ The story stated the attacks would focus on disrupting networks and not harming people. Read past the headline, however, and the story reports that a US government spokesperson described the its given menu of possible cyber attacks as ‘wildly off base and does not reflect what is actually being discussed.’

Despite the spokesperson’s reported rebuttals, it’s hard to imagine that what NBC described in its story isn’t already part of a longstanding strategic cyber response plan.

Ongoing assessments

Russia itself is sure to have utilised, at least in some part, their significant cyberwarfare capabilities to further their intentions in Ukraine. During the 2014 invasion of Crimea Russia amped up its attacks on Ukraine, taking down government sites and social media platforms, and using spyware to track the movements of Ukrainian politicians.

Attacks went as far as physically ripping up fibre-optic cables between the Crimean peninsula and the rest of Ukraine in order to sever communications with Kyiv and give the Russian state media the monopoly on information. But the attacks made during the conflict itself were not the first: for months before the start of the 2014 invasion, Russia had been taking part in strategic cyber-espionage to gather information they could use in advance of their first strike.

Cyber warfare

Moving to the current war in Ukraine, reports continue to emerge of cyber activities. Some commentators suggest a haphazard approach by Russia’s cyber forces — a theory which seems to line up with the invading state’s reportedly ineffective overall military approach to date.

It’s a fair assumption that Russia will have used their cyber capabilities to assist their military objectives. It is equally fair to assume that Ukraine will have done everything in its power to prevent a Russian cyber-victory. We are unlikely to ever discover the reality of the situation, but some of the initial activity that we have observed include: various Ukrainian Government sites suffering Distributed Denial of Service (DDoS) attacks, spear-phishing activities taking place in NATO countries and a malware ‘wiper tool’ erasing data from devices. Pro-Russian hacking groups have also been able to successfully disrupt businesses and government infrastructure in countries backing Ukraine, including in Lithuania, Latvia, Poland and Denmark.

A war without rules

The most worrying aspect in the cyber world is that, unlike the Cold War and its nuclear proliferation, there is no détente - no international agreement or arms control. Additionally, we currently live in the cyber-wild-west where politically motivated cyber attacks aren’t the sole preserve of nation states. Rather, such attacks can be launched by individuals.

However you describe them – patriots or vigilantes – these attackers have many potent digital weapons at their disposal. Just how numerous and dangerous these software tools are became clear with the recent Vulkan Files leak: disgruntled by the war in Russia, black-hat hackers leaked a huge trove of data and insights about how Russia’s offensive cyber activities work.

An attacker’s actions also have the potential for catastrophic worldwide impact. Even targeted attacks by nation states have the potential to spill over into the rest of the world, as we saw with the Petya/NotPetya ransomware attacks carried out on Ukraine. These spread to organisations across the globe, including Maersk, Mondelez International and the UK’s own Reckitt Benckiser.

Internet of unfriendly things

The Internet of Things (IoT) is often not well-protected, leaving systems such as CCTV cameras vulnerable to attack. Indeed, there have been reports of Russian individuals hacking the dashboard cameras of Ukrainian defence forces, leading to dashcams being banned in parts of the country.

While this is, of course, incredibly dangerous for Ukrainians on the battlefield, other scenarios could see serious impacts for civilians too. Moving our discussion away from the battle field, your smart doorbell, baby monitor and smart watch data could all theoretically be used to paint a picture of your life: what you do, where you go and who you care about. These devices, which often have only basic defences against malware, could all also be used to monitor politicians, civil servants, judges or military personnel and provide hostile states with invaluable intelligence.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

Russia is not the only state looking to take advantage of vulnerabilities. While China’s social credit system sees to it that many Chinese citizens are never truly alone, the country has also allegedly utilised its cyber capacities to spy on Uyghur Muslims and Hong Kong dissidents abroad by hacking their devices and tracking their movements, sometimes with consequences for their families back in China.

Chinese hacking groups have also been accused of attacking a number of large western companies in order to steal intellectual property for use in domestic Chinese firms. These actions have not yet threatened our critical infrastructure — but they may yet pose a worse threat; one to the very fabric of our society. Our creativity, our values of free speech and our democracy. Threats that the Ukrainians currently understand better than us all.

Hope for the future

Ultimately, what is happening in Ukraine is simply very sad — but I am optimistic that the lights won’t be going out in Europe any time soon. The continent has now made it through the winter, and, at the time of writing there is talk of a potential Ukrainian counteroffensive against the Russians on the battlefield.

But, what is yet to come in cyberspace? We continue to see increased activity and probing of our networks, from Russia and other nations. We may also experience significant breaches and outages associated with nation-state activity and will need to operate with an increased vigilance and sensitivity to cyber activity. History also tells us that military conflicts often provide further opportunities for criminality (for example, in the Former Yugoslavia, Northern Ireland, and even evidenced by Europol’s own recent efforts to tackle organised crime in Ukraine).

Whilst the United Kingdom is no longer a military superpower, our cyber capabilities are at that level: but as recent events have shown us, there is no certainty in life, and it is therefore vital that we are all ‘cyber prepared’.

About the authors

Tony Proctor MBCS is a highly experienced security practitioner and academic. A pioneer of cyber security information sharing through the creation of a number of networks in the U.K. He is a regular commentator on cyber security matters and is currently working as a Security and Information Risk Advisor.

Emily Proctor is a graduate in international relations and security. Her expertise includes East Asian geopolitics, disinformation and security. She currently works as a content editor.