Internet works apparently well in Ukraine after more than a week of Russian invasion. In addition, cyberespionage experts are trying to decipher messages that Russian troops send each other over the open radio, even with conventional cell phones. These are two surprising details for a country like Russia, which is specialized in cutting off foreign communications and protecting its own in the conflicts in which it has participated.
Russia, which is a world power in electronic warfare, has so far neglected this facet of its aggression against Ukraine. Among the community of experts who investigate and work on issues related to this matter and in cybersecurity, the main sensation is one of surprise: why has nothing happened so far?
Along with the lack of cyberattacks, the absence of a dominant role for this type of offensive provokes above all speculation; on the same social networks, there are countless messages asking about this matter. EL PAÍS has consulted half a dozen specialists.
One reason why we are not seeing much cyber activity in Ukraine right now:
Cyber is a perfect weapon for gray zone conflict: the space between peace and war.
Once war breaks out, cyber becomes much less useful for anything but very tactical objectives in support of kinetic ops
— Dmitri Alperovitch (@DAlperovitch) March 2, 2022
Ukraine has been a Russian digital trading yard for more than a decade: the hack country’s electrical infrastructure in the middle of winter 2015 and the launch of malware NotPetya in 2017 are the two main milestones of these years. It is as if a terrifying monster, to test his success, surrounds a flimsy house, cuts off the power, shoots flares out the window, and sends rats and snakes down the pipes. And all of a sudden, after years of those attacks, he’d come crashing down the door. From the outside, everyone expected a thunderous peal of punishments and digital outrages. But nothing has happened. It is as if the cyber moment has already passed; Now they play real bombs.
According to some specialists, this fact may be due to better local preparation. “Ukraine has been a test lab for Russian cyber operations for the last eight years,” says Nadiya Kostyuk, a professor in the College of Public Policy at Georgia Tech. “While it was not ready for cyber warfare in 2014; it has learned a lot from its western partners and has significantly improved its defense. While in 2014 Ukraine’s networks and systems were completely dependent on those of Russia, Ukraine has been working to reduce its dependency. Furthermore, the internet became decentralized due to market dynamics. And Western partners have been preparing Ukraine’s defenses for months before the conflict. I was pleasantly surprised to see the success of Ukraine’s defenses,” adds this expert. But it could also be that Russia reserves, or has dismissed, this resource for the time being.
As if that were not enough, the Russian troops that have entered the country have allegedly done so with unsophisticated communications equipment. In a war it is difficult to clarify what is happening because it cannot be verified on the ground. But from the first days circulates the image of a walkie Chinese 20 euros. On Twitter and YouTube there are several examples of messages intercepted by fans to suspected Russian soldiers.
More and more evidence is emerging that the Russian forces rely on civilian radios and mobile phones for their communications. Our source in one invading unit confirms this.
This photograph is said to show a civilian radio captured by Ukrainians.https://t.co/ppwYktFsaD
— CIT (en) (@CITeam_en) February 28, 2022
“I’m surprised,” says David Marugán, a security consultant and radio communications specialist. “That photo [del walkie] It has come to me a thousand times and, although it could be true, I don’t know which unit it belongs to, but it is a low-cost Chinese ham radio equipment. In many conflicts where irregular forces, guerrillas or very poorly financed troops participate, these types of teams appear”, he underlines. Although the expert believes that it could be a logistical failure or a lack of adequate materials, he says he feels “strange” that an electronic warfare power such as Russia is supposed to “send its troops with some walkies Chinese from AliExpress of 20 euros”. And he explains: “It could be, of course, but something doesn’t add up to me; sometimes it is true that components of armies that are well equipped in principle carry radio equipment that does not correspond to an official endowment”.
This type of material has the obvious problem that it transmits in the open and its signals are easy to intercept, in the context of the great possibilities offered by the Internet and with many people with knowledge of radio. “Unencrypted shortwave military communications also perplex me,” continues Marugán. “It is the first war that I know of in which an internet community is acting as a signal analyst in real time and on the Net. I had never seen anything like this. There is a community focused on the interception and translation of the alleged conversations of Russian military units; it’s spectacular,” he adds.
If all this is surprising, the almost normality with which the mobile communications of Ukrainian authorities and civilians operate is equally or even more so. In principle, it is common to think that an invading country is interested in preventing or complicating local communications: to avoid counterattacks, negative propaganda or insurgencies. So far, it hasn’t happened.
Why? The simplest answer is: because it is not so easy to block the internet in an entire country, unless that initiative comes from your government. When there is a revolution against the authorities of an autocratic state, the solution is usually simple: ask the operators to turn off the switch. But without that drastic option, everything is more complicated, especially geographically.
“Disrupting mobile service in a region is not easy, although for a foreign country it is certainly feasible,” explains Joerg Widmer, director of research at Imdea Networks. “Signal jammers have a certain range, say up to 10 kilometers. The military may have more powerful ones, but spanning hundreds of miles would be extremely difficult. So blocking a city is doable; a region is already more difficult, and blocking an entire country is very difficult, ”he adds.
Jan 31: Russia will do a massive cyber against Ukraine.
Feb 14: Russian cyber will explode on the internet, like NotPetya
Feb 23: this is cyber war! Attacks on some Ukrainian websites
Feb 24: …
Mar 1: why not cyber?
Mar 3: cyberwar, as we know, is useless and doesn’t exist
— Thaddeus E. grugq 🌻 (@thegrugq) March 3, 2022
But the difficulty is only a hypothesis. Another is that Russia may not be interested in using that card now, according to Nadiya Kostyuk. “Russia may not have an interest in shutting down the internet in Ukraine. He goes to great lengths to push his propaganda and disinformation campaigns to influence the Ukrainian population. That is why it is important to maintain the networks, ”she explains. It could also be a cost-benefit calculation, according to Kostyuk: “It could be more difficult to destroy them than to use these networks to continue spreading messages about the [supuesto] genocide by the Ukrainian government,” he adds.
If, instead, it wanted to limit communications, it would not be a test for Russia: it has already done so. As with cyber attacks, it has also tested these attacks in 2015 in eastern Ukraine. “It seems that Russia has already used it,” says Sadia Afroz, a researcher at the ICSI (International Computer Science Institute) in Berkeley, California. “It is very easy for anyone to block the mobile network. But it usually works in a small area, as most commercial cell phone jammers have a small range,” she adds.
This is the big technical problem. To block the line, the attacker must be close and use a lot of energy. It is about creating an additional signal that confuses communication. “It’s like standing next to two people who are talking and starting to shout so they can’t hear each other,” explains Marco Fiore, a researcher at Imdea Networks. “But it requires a lot of power and you have to be close to communication. Even if the Russian army had a lot of trucks with jammers, it would need to be close and an incredible number of these devices for a big city, ”he stresses.
A second method of bringing down the network is to destroy the infrastructure with bombs. Russia could have done something like this in the east of the country, although it is not clear if it is not working due to direct attacks or due to lack of electricity. Today the total destruction of communication stations in a city is a feat. Between 2G, 3G and 4G networks, a large European city can have thousands of such infrastructures. In the initial versions of these technologies it was easier to hack or block a station, but now the network is more distributed. And when 5G is deployed it will be even more complex.
Two more drastic options remain. “The mobile internet has weak points, but they are not in the mobile infrastructure,” says Fiore. “There is probably a data center that serves as a very important point in the network that covers a certain region; but perhaps that point is in another country. It is not impossible to know which one, but the problem is that it is perhaps thousands of kilometers away, and that second territory would have to be bombed. Another way to get as much blockage on the global internet signal as possible is to go underwater and cut undersea cables,” he adds, in an effort to look for weak spots.
In Ukraine the list of apps most downloaded reflects civilian concerns. There are apps encrypted messaging such as Signal or Threema (for a fee) and apps that allow you to send messages without a mobile network, such as Bridgefy, which goes bluetoothor applications with other purposes, such as Zello, which imitates the operation of walkie talkies. The help offered by Elon Musk and its Starlink satellite network would fall into this category of extra resources.
The great difficulty is to know what is happening, why Russia does not use its cyberwar potential. The speculation here is varied. In the case of communications, Marugán ventures almost all the options: “It is clear that the Russian army knows that they listen to it. It can be due to disinformation, intoxication, distraction, laziness, psychological strategies or even self-sabotage, to make the operation fail ”by the Russians themselves, he concludes.