For over a decade Ukraine has been subject to an ominously large amount of Russian network reconnaissance of Ukrainian networks and growing Russian Cyber War attacks. None of this was a major news story and that was typical for the massive Cyber War campaign Russia has carried out against Ukraine in 2022.
Russia has always been considered a major Cyber War threat. Since the 1990s Russian Internet based espionage has been very active and effective. That led to fears of a Cyber Pearl Harbor. Russia had hoped for such a daring and damaging attack on Ukraine but was disappointed because Ukraine had looked for and noticed the Russian preparations. Before and after the first Russian attack in 2014, Ukraine had been receiving more military aid and assistance from NATO countries. Ukraine and NATO Cyber War experts agreed that an international effort, including the major American providers of Internet infrastructure and services had to be involved. This meant Amazon, Cloudflare, Google, Microsoft and several smaller but essential Internet services or security firms had to be involved.
It is not known for sure if Russia was aware that this international coalition of Internet infrastructure and services was involved with defending Ukraine. This organization came to be known as Cyber NATO because most of the major resources came from NATO nations.
Microsoft was the oldest of these Internet giants and the one that pioneered large scale, organized and highly responsive efforts to deal with hackers operating at the consumer level or against national Cyber infrastructure. These Internet giants increasingly cooperated in Cyber defense. When Ukraine and NATO governments went looking for Internet industry help and cooperation, they found that their inquiries and requests were welcomed. Ukraine took advantage of this in 2016 when they established their Ukrainian National Cybersecurity Coordination Center. This operation played a key role in coordination and synchronizing the Western efforts or forming a large-scale effort to detect and block Russian Cyber War activities against Ukraine, or any NATO nation.
Before 2022 Russia had a reputation for being a formidable threat as a practitioner of Cyber War. So far in 2022 the Russian reputation as a military power has been much diminished along with their standing as a Cyber War threat. While Russian military activities were widely reported on by the media, much less attention was paid to the similar defeats Russia suffered as they sought to carry major Cyber War campaigns against Ukraine even before Russian troops crossed the border. The Cyber War defeats continued throughout 2022. Russia had a formidable arsenal of Cyber War weapons and pre-planned attacks, especially against Ukraine.
Like many other capabilities, that reputation was tarnished and diminished during the recent war in Ukraine. For Russia the defeats were frequent and victories few in this network battle space. Russian defeats began the day before Russian troops crossed the Ukrainian border and continued during the first months of the war as Russian unleashed most of their pre-planned attacks designed to do maximum damage to Ukrainian networks and Internet-based capabilities. Ukraine knew what its key Internet vulnerabilities were and, with the assistance of Cyber NATO and the major American Internet services and security providers, the Russian efforts were blocked. China, the other Cyber War threat to NATO and the West, took note.
This sort of large-scale coordinated Internet defense was always theoretically possible and now the main Cyber War threats (Russia, China, North Korea and Iran) saw it in action. That changed the Cyber War strategies of all these aggressor nations. At the moment, the best the Internet threat nations can hope for is that the defense coalition grows less effective over time because the defenders might believe they have the problem solved and major investments of time and effort in defense are no longer necessary. That would be a mistake because the benefits of effective Cyber War weapons expand as more of the world becomes dependent on Internet based services.
It takes time and effort to develop effective large scale Internet defenses. Microsoft was the first to discover this. Since the 1990s Microsoft created a formidable Internet security organization that monitors networks worldwide for signs of malware, especially new malware, being used. Network security features have been added to the Windows operating system and one of them for PCs is to automatically send back to Microsoft potential hacker presence information back to Microsoft. At the same time, Microsoft will quickly send out fixes to infected PCs. Ukraine and Microsoft began developing a cooperative relationship in the late 1990s because after 1991 Eastern Europe, especially Ukraine and Russia, were major sources of hacker activity. Ukraine cooperated with Microsoft to reduce the hacker threat while Russia insisted it didn’t exist.
For example, back in 2009 Ukraine cooperated with the United States and Microsoft to deal with a Ukrainian gang (six specific individuals) who put together one of the largest botnets (PCs secretly controlled via hacker attacks) ever encountered. In early 2009 (February and March) the gang used spam, containing hidden programs, to take control of 1.9 million PCs. A computer security firm discovered the botnet and cooperation between Ukraine, the United States and other countries led to the server controlling the botnet being found and taken off line. At the same time this effort identified members of the gang. Ukrainian police arrested the six after participating in the international effort to find them.
The Soviet Union created a lot of software engineers who worked for the government. Most of these programmers and software engineers were out of work after the Soviet Union collapsed in 1991. Some left for the West and found good jobs but most sought opportunities at home and the most lucrative ones involved illegal hacking, often for criminal gangs. Russia never cleaned up this problem but Ukraine did. Russia allowed the gangs to operate in Russia as long as they did not hack Russian networks and did jobs for the government. This included developing malware to be used against neighbors and Western nations in general. Ukraine vigorously enforced laws against hacking and the local hackers either left the country or found legit jobs.
Other East European nations also cracked down on the hackers. Many, but not Ukraine, joined NATO, and sought to have NATO declare massive hacker attacks as a cause for war against the aggressor. After the 2022 Ukraine invasion Russia launched a major Cyber War attack on Lithuania because of Lithuanian threats to disrupt access to Kaliningrad, a Russian enclave on the Baltic Coast that must use Lithuanian or Polish railroads to reach the enclave.
Back in 2007 Russia planned Cyber War efforts against the more prosperous and affluent former Soviet territories. At the top of this list was Estonia, which was hit by a massive Russian Cyber War-scale attack. The Estonians withstood the attack despite the temporary damage it did to their economy. This was something a NATO member had never faced before and Estonia pointed out that if there was no NATO response to the Russian attack on Estonia, the Russians would be tempted to try it on other new NATO members in East Europe.
This led to a 2010 agreement with NATO to facilitate cooperation between NATO and Estonia if Estonia was hit by another Internet based attack. In 2008 NATO established a Cyber Defense Center in Estonia. This, and the 2010 agreement, was a result of being called on by Estonia, in 2007, to declare Cyber War on Russia. That was because Russia was accused of causing great financial harm to Estonia via Cyber War attacks, and Estonia wanted this sort of thing declared terrorism, and dealt with. NATO agreed to discuss the issue, but never took any action against Russia. The new agreement did create a legal framework for striking back, or at least to defend Estonia more vigorously if there is another attack.
In 2014 Russia seized Crimea province from Ukraine and half of two east Ukrainian provinces. There was not a lot of physical violence but Russia did use Ukraine as a test site for new Cyber War tactics and techniques. An example of this appeared in 2016 when Ukraine accused Russia of employing hackers to insert trackers into cell phones used by Ukrainian military personnel fighting in Donbas. Ukraine has also found evidence of the same or similar hackers, usually civilian groups working as contractors for the Russian government, going after numerous government and commercial networks in Ukraine. Some of these hackers were also identified as going after targets in the United States. The hacking of cell phones used by military personnel is believed to be the cause of several accurate and fatal attacks on Ukrainian troops in Donbas. The hackers made it possible to track the location of the phone owners and accurately fire shells or rockets at them.
These capabilities had already attracted the attention of the U.S., which was supplying Ukraine with military equipment and technical assistance. American and NATO electronic warfare experts paid close attention to what the Russians were up to in Donbas and the cell phone hack was not unexpected. When it did arrive, it was scrutinized and dissected. That led to countermeasures that were ignored by the Russians and used by Ukrainian forces fighting the 2022 invasion.
By the end of 2021 Ukraine had created a network of half a million software engineers, information specialists and other experienced Internet users to deal with Russian Cyber War attacks as well as carry out information campaigns worldwide to let the world know what was really happening in Ukraine. The Ukrainian efforts were successful and this resulted in Ukrainian attacks against Russian networks and propaganda. The existence of these formidable Ukrainian Information and Cyber War capabilities is another reason NATO is eager to have Ukraine join the EU (European Union) and after that NATO. Ukraine is already a founding member of Cyber NATO.