Uproar in Information and Cyberspace

The war in Ukraine: The Question of Information and Cyber  Dominance

Written By;Joseph Schroefl- Sep 10, 2023

Background Information 

On the morning of February 24, 2022 Russia’s attack on Ukraine suddenly catapulted the West into a reality it hadn’t realized until then. Since then, especially the larger Western states have been forced to leave a state ofself-deception that they have cultivated. In the meantime, other perspectives have become familiar to them. The Russian president has always denied the murders, the poison attacks, and the many attacks on our western value system, for which he has used his “truth” as a perfidious disruptive strategy. That “truth” was coherently messaged in and of itself: Russia is always innocent of everything the West attributes to that country. Putin’s mission is to save Russia and the Russian people from destruction because the West wants to destroy Russia. The invasion of Ukraine cannot be understood without Putin’s view of history. In his view, Russia had to assert itself against enemies from the West for 1000 years and thereby gained its strength – most recently in Second World War. Putin accuses the West of denying Russia’s world power status since 1990. This world view results in a permanent diffuse sense of threat. To pursue his goals, Putin has merely reactivated the old methods from the KGB junk room. The “old” Soviet instruments included:


1) Dis-and misinformation: Fake news hasto be spread on all possible channels. In recent years, the Kremlin has also built up its own media industry with RT and Sputnik in order to influence opinion abroad. A specialty of the Soviet as well as current Russian disinformation is the reinterpretation of real or historical events. 


2) Sabotage: The goal is to confuse the enemy and destabilize the enemy’s population trust in the government’s ability to guarantee the basic needs of life. State actors work closely with organized crime, which is a general feature of Russian warfare.


In contrast to the Soviet era, however, new and additional “digital fire accelerators” are available to him in the form of the Internet and social networks. In our times that means, the Russians are conducting an ever more intense cyber and information war, including the electromagnetic spectrum: The systematic distribution of psychologically and ideologically grounded material with provocative character and a mixture of partly truthful and false information accompanied by attacks on the critical infrastructure can create mass psychosis, to despair and a mood of doom and undermine confidence (of those attacked) in their government and armed forces. That measures serve a nihilistic ideology of pure power.


The Interdependence of Cyber- and Information War, Using the Electromagnetic Spectrum 


Cyber war is on the one hand the military conflict in and around the virtual space, the cyberspace, and includes all measures of information and communication technology security as well as all measures to ward off sovereignty-endangering cyber-attacks. Endangering sovereignty may be cyber-attacks on military ICT systems as well as on critical infrastructures and / or constitutional institutions. On the other hand, cyber war refers to the high-tech forms of war in the information age, which are based on extensive computerization, electronization and networking of almost all civil and military areas and concerns. That means, that the battle for (the right) information – including information warfare – takes mainly place in cyberspace. The manifestations of Information war are known as deepfakes, dis- and misinformation campaigns and -operations as well as psychological operations (PsyOps). And all of that can be interrupted or disturbed via the electromagnetic spectrum, fe. by attacking satellite communications.


But cyberspace offers also defensive options: False and/or Dis- and Misinformation can also be countered by means of the Internet. As excellently demonstrated by Gen Nakasone’s US CyberCommand during the US elections last year, when dozens of social media accounts on Twitter, Instagram, etc. were simply shut (shot) down using military Computer Network Attacks. The same can also be seen in the current war in Ukraine: common cyber-attacks such as ransomware, DDoS attacks, use of crypto apps, malware, compromise of information systems, 0-day cross-platform worms, SCADA attacks, etc. were used by both sides, to influence the enemy, cause damage or repel (see the examples in the Cyberspace-chapter below). At the same time accompanied by Dis- and Misinformation campaigns.


If you want to understand how Russian citizens see the world, you must speak Russian and watch Russian TV. Kremlin control permeates every part of Russian TV. During the day there are no more soaps or series, just hard-hitting propaganda about Russia’s place in the world, the threat posed by the liberal but weak West and the “liberation” of the Ukraine from Nazi´s.“The Bandera elites must be liquidated; they cannot be re-educated. The societal swamp that supported them must experience the terror of war, learn the lesson, and pay for its guilt.” was and is still one of the main messages from Russia and serves the narrative “Threatened Values”. That narrative is also used to criticize progressive Western values such as the rights of women, ethnic and religious minorities or the LGBTQ community. According to pro-Kremlin disinformation outlets, the western world is destroying fundamental values through decadence, feminism and political over-correctness. Russia, on the other hand, isthe guardian of decency and morals. 


The electromagnetic spectrum has been used for interfering and/or disrupting the adversaries flow of information. Russia tried to cut the Cyber space within the Ukraine by shooting down their server and mobile connectionslike 3G/4G-band, to disturb their national command- and controlsystems and that the Ukraine cannot reply on russian dis- and misinfo.


One of the main intents of Russian propaganda activities is to “dehumanize” the other side. Targeted means of influencing serve as part of psychological warfare, a common method in times of war. From now on, these narratives7 determine how and what the West should think about a crisis/war and what judgment hasto be made. Many agree that Ukraine’s conflict with Russia — an established cyber superpower that isn’t hesitant about flexing its muscle aggressively — could test the rules of war in new and unexpected ways. Some say it already has.

Cyber is the new battlefield and its means like Information-operations could be as hard powers as military means, although NATO and EU and their member states are still not clear on this either. Is it one new comprehensive domain or maybe is it better to regard them separately. The same applies to the electromagnetic spectrum.


The electromagnetic spectrum, information-, and cyberspace reside within the physical dimensions of the information environment and can be used as sites of warfare, equivalent and akin to the domains of land, air, sea, and space. 


From the author’s perspective, these domains are of equal value, whereby it must always be considered that one can influence the other and that information- or electromagnetic attacks cannot be that successful without using the cyberspace. The connection between can also be summarized with a comparison: It´s a threaded pipe in which water flows. The thread is the electromagnetic spectrum, the pipe is the cyberspace, and the water represents the information flowing in it. The electromagnetic spectrum cannot therefore fully be separated from the cyber- and information space.


The Electromagnetic Spectrum


Listening to storiesfrom Russian soldiers, one can get the impression of an army that is having major problems in coordinating: 


”This is Kaspi-23,” says a soldier. “I don’t understand you. I can’t hear you, I repeat, – I can’t hear you.” Once someone complained about the lack of artillery support. “I told you to send the damn grenades. Confirm!” he says – “Whom did you tell that?” came back. Not only that the Russians misunderstood each other, they were also disturbed in the process. When Ukrainians spotted the frequencies, they bombarded the Russian soldiers with propaganda or blare the Ukrainian national hymn through the channel. In one case there were only grunting pigs to hear. The soldiers try in vain to yell at it. Sometimes Ukrainians directly insult Russians. “Go home!” is one of the kindest things they are confronted with. 


But there is also an invisible battle for radio dominance ongoing. Both sides are trying to block the opponent’s radio and radar systems. Still, with advantages for the Ukrainian side, since they, among other things, have used cyber-attacks to disable Russian drones, which pose as Russian fighter jets by using false identifiers, and in some cases, they have even been able to take control over drones. But why and how isthe electromagnetic spectrum and the Internet in the Ukraine still existing, why hasn’t it not been destroyed by Russia?


First, – Starlink, a company of the US-American business magnate Elon Musk, which offers Internet access via its satellite network, comes into place. Several thousand Starlink terminals are currently in use within the Ukraine to support and maintain the local mobile network. Even Elon Musk recently publicly rolled out the idea ofturning off the system again because it would cost him, the richest man in the world, an enormous amount. He also posted a peace plan for Ukraine on Twitter, which must have caused extremely satisfied faces in Moscow. In it he suggested that Crimea should remain with Russia (“that was Khrushchev’s fault,” he argued) and that the people of Donbass should vote whether they would rather belong to Russia or Ukraine. Some days later he denied. His satellite network is still working and paid by him.


Second, – because on the day of the invasion (24th of February) – three long planned key decisions took place:

 

1) The Ukrainian Telecom regulator (NKRZI) had allocated the Ukrainian operators additional 3G and 4G frequency bands. That increase of frequencies meant that the whole country benefited from that extra capacity, especially during the first wave of refugees. 


2) The Ukrainian mobile operators and the Telecom companies decided not to suspend any account if it would run out of credit. That meant, that allsoldiers(but also refugees and the population at all) has always been able to communicate, – fe. with their families. 


3) All Ukrainian mobile operators and the NKRZI, suspended all inbound roamers from Russia and Belarus. That meant, that Russian and Belarussian mobile networks could not be used for roaming anymore.


All that are key reasons, why Russia hasn’t yet disrupted Ukraine’s cellphone network and internet, neither with hacking nor bombing. Russian soldiers need it for their communication as well! Smartphones can be found with all soldiers involved in the war. But Cell phones are pinging signals to the nearest radio tower, allowing both Ukraine and Russia to track the movements of enemy forces. In this case, the Ukrainian side has an advantage because it ownsthe domain in which this radio traffic takes place and has the means to evaluate them. 


But it would also be important to mention in which area of warfare Russia was successful, at least initially. Namely in the field of electronic warfare. The Organization for Security and Co-operation in Europe (OSCE), observed and reported at the end of 2020 already, that there was a massive increase in the deployment of electronic warfare systemsinto the Russian-occupied Donbass. It took a few weeks until around mid-March 2022 for the Russian army to complete this marching up and begin to very successfully disrupt the exertion of Ukrainian drones. Especially at the beginning of the war, the Ukraine hoped that these drones would give them an advantage in reconnaissance, so that they could use their own artillery more successfully against Russia’s much larger arsenal. 


Most recently, NATO has supplied Ukraine’s armed forces with anti-drone jammers. The jammers are part of a comprehensive support package, said Secretary General Jens Stoltenberg on November 25th at a press conference in Brussels. In particular, the jammers are intended to help Ukraine fend off attacks with kamikaze drones. The devices are usually electromagnetic transmitters that interfere with the drones’ navigation or communication systems, but could also be used for interfering the russian tank and/or artillery command- and control systems.



The Information Space 


Vladimir Putin’s information space army of trolls, cybercriminals and warriors has shown the western world their destructive power for years. Their Cyber-attacks have interfered in countless elections and referendums, with Brexit and the 2016 US elections being the best-known examples. They hacked western computer systems, spreaded viruses like NotPetya (one of the most disruptive cyberattacks in history) in Ukraine in 2017 and attacked western critical infrastructures like SolarWinds 2020 or Colonial pipeline 2021. But they also fed conspiracy theorists and right-wing hardliners if you look at the stories about Q-Anon or western coronavirus vaccines. 


However, when the time came to oversee Putin’s most ambitious and probably most important operation, the information space army appeared to have failed on all fronts. The goal has been to spread false information and tries to manipulate society, to push for actions that can destabilize the country during the war. But rather than the narrative of Russia as the Eastern leader fighting Nazis in Ukraine and protecting all ethnic Russians in the minds of Europe, Ukraine dominates so far this online battle for the hearts of Westerners. And now it is very hard for Russia to change the narrative. Nevertheless, the impression that Ukraine is clearly winning the “information war” or that it would dominate the digital discourse through informational self-defense is only true for Western observers. In social media in some African states, India, Pakistan or China, Russian disinformation actors are sometimes more successful in placing their narratives and memetic communication artifacts. Russian propaganda can fall on fertile ground there because it also draws from negative cultural experiences in these countries. The fact that such an approach can then turn into the opposite was shown in September 2022 at the summit of the Shanghai Cooperation Organization (SCO) in Samarkand, where many of the region’s countries now look at China, not Russia, as the helping hand and development assistance.


However, after many years of a far disproportionate dominance of Russian and European right-wing extremist propaganda – the two can often hardly be distinguished – the tide has turned mostly, especially on social media like Facebook, Twitter and Instagram. Since the outbreak of the war, attempts have been made there, to circulate conspiracy narratives justifying the Russian invasion. The most common of these were that Putin had to invade to dig up secret bio-labs in Ukraine, where even more secret chemical and biological warfare agents were being produced on behalf of the CIA. All of this seems somewhat spasmodic, and the spread of such fake news is more than limited and not successful. The sheer visual power of war videos makes it difficult to establish narratives that compete with these videos in the infosphere. 


The Russian Duma, meanwhile, passed a law providing prison of up to 15 years for publishing “false information” about Russian state operations. The law, passed by the Moscow Duma in its third reading, sets prison terms and fines for people who “knowingly spread false information” about actions by Russian government agencies “outside Russian territory” 


However, after a break around the primary attack on February 24th Russian Dis- and Misinformation campaigns and attacks have come back at a high level. The floated fake news on the European population from September 2022 to denigrate the neighbors to the police if they heat their apartment to over 19 degrees was unsuccessful, because nobody believed that “news” and governmental authorities reacted immediately on social media. Also, the recently launched disinformation campaign with Minister of Defence Shoigu as front man, who after a six-month break called his counterparts in the US, UK and France accusing Kyiv of wanting to detonate a radioactive, “dirty” bomb without presenting any kind of evidence, also failed because the US, France and the UK called the claim about a “dirty bomb” clearly false. A jointstatement by the foreign ministers of these countriessaid “As a reminder, Ukraine does not have nuclear weapons! The world would see through any attempt to use this claim as a pretext for escalation.” 


The Cyberspace 


The war in the cyberspace has begun long before the first Russian troops crossed the border into Ukraine. Since 2014 Ukraine has registered more than 5,000 cyber-attacks on state institutions and critical infrastructure. 


By mid-2021, the hackers started to target digital service providers, logistics providers and supply chains in Ukraine and abroad to gain further access not only to Ukrainian systems but also to those of NATO member states. When in early 2022 all diplomatic effortsto de-escalate the conflict failed and the Russian military began to complete its troop deployment along the border with Ukraine, cyberattacksrapidly intensified. The hackers were also increasingly using wiper malware, which erases hard drives and data, against Ukrainian institutions. 


Shortly after the invasion, websites of banks and government departments were attacked again in a next wave of attacks. At the same time, thousands of broadband users in Europe lost their Internet connection in a targeted attack on modems operated by the American satellite operator Viasat. The common goal of all these attacks was to shut down the command-and-control-systems of the Ukrainian officials and especially from the military. 


Principally, the Ukraine has expanded and improved its capabilities in the last years. With support from some western nations, like f.e. Israel, Lithuania, Netherlands, Poland, Estonia, Romania and Croatia, which send cyber security experts to help Ukraine dealing with Cyber threats.


But Ukraine did not get only support from nations: 


1)The Anonymous collective immediately to support after the physical invasion. Starting with YourAnonNews, one mighty Anon account after another, which had been known for years, popped up on Twitter almost every day. As a starting present, the website of the Russian Ministry of Defense was hacked and data records that were hidden on the server were published, while the notorious “Killnet gang” pledged support for Moscow and threatened retaliation. Anonymous posted on Twitter on May 21 that “the collective is officially in cyberwar against Killnet”. Shortly after Anonymous declared cyberwar, another message was posted saying that Killnet’s website had been shot down. So far, around 45 hacker groups have become active for the Ukraine. Most of them are loosely associated with Anonymous. All groups are running ransomware, psyops, hack and leak, DDoS and defacement campaigns against Moscow.


2) Ukraine’s Minister of Digital Transformation, Mykhailo Federov founded in late Feb. 2022 the Ukrainian volunteer-“IT-Army” operating on Telegram. Currently around 300.000 volunteer hacker from all over the world are supporting the Ukraine by attacking russian media, broadcasting, companies, etc.


At all, Russia wanted to bring down Ukraine to its knees also in cyberspace. Russian attacks did some damage, but nothing dramatic so far. DDoS attacks, in which European- and US- websites are deliberately overloaded with data traffic and thus become unusable, cyber-vandalism, in which websites are hijacked and redesigned can be observed as well. Some of them were also coordinated with kinetic attacks, such as attacks on cell phone providers in regions that were simultaneously being shelled by Russian artillery or more previously by attacks against the critical infrastructure. But nothing has hurt Ukraine so much right now that it couldn’t stay online. Russian hackers also managed successful attacks outside of the Ukraine. Noteworthy here are those attacks on government servers in Lithuania (May), Italy (June), Montenegro (August), Germany (September), Bulgaria and Poland (both in October) But none of them not repairable.


The fact that the Russian elite hackers with catchy names like “Fancy Bear”, “Snake”, “Sandworm” or “Killnet” have so far been able to cause relatively little damage only has even more reasons than Ukraine being well prepared for these attacks. Many experts observed the Russian attacks and made a devastating verdict. “Except for the satellite hack at the beginning of the war, all attacks were purely opportunistic. Nothing was thought out or well planned.” It seems, that the Russian online war is executed and fought similar to that on the ground: With brute force instead with finesse. 


Why is the russian “Cyber- and/or Information Pearl Harbor” still missing? 


One of the biggest surprises of the war so far is the absence of a visible, full-scale cyberwar, also in information space. Why has the IT superpower Russia not yet mobilized all its cyber-and information warfare potential in the war against the Ukraine? Why does “Cyber Armageddon”, or “Cyber Pearl-Harbor” not happen so far? From the authors perspective,there are three explanations possible:


1) Time- Hypothesis: 


To cause greater damage, attackers would have to wait in the well-protected networks of Western companies and authorities to detonate their “virtual bombs”. However, even powerful and well-trained cyber armies of western states would need at least a year for preparing such programs and would also be spy able against during that time. Russia’s hackers may have had much less time. Thus, the cyber and information warriors no longer found the necessary attention and support from the Kremlin, because the military build-up in the other domains (land, sea and air) needed all of Russia’s power.


2) Preparedness- Hypothesis: 


Kyiv may has learned the lessons of 2014 and is better prepared, as described also because of the help from western states and non-state actors. F.e. also. Microsoft is helping the Ukraine by taking over Internet domains from the Russian hacker group Strontium (affiliated to Killnet) and redirected attacks into so-called “sinkholes” That would presuppose that the Western world was also better prepared for the Russian cyber and information war machine.


3) Uncertainty- Hypothesis:


That solution would be the most unpleasant and dangerous. Cyber Armageddon is not missing, – the russian cyber- and information warriors had enough time and support from Moscow to prepare a large-scale attack and implemented the Virus already in our networks. But we don’t know about it and Putin is just waiting to trigger it. But no matter which hypothesis’ might be the correct one, the lessons from Ukraine call for a coordinated and comprehensive strategy from EU and NATO to strengthen defenses against the full range of cyber -destructive, -espionage, and -influence operations.


Conclusions and Recommendations 


Since the annexation of Crimea in 2014, it was believed that Russia had created a new form of modern warfare. Without firing a single shot, Putin’s troops took control of the Ukrainian peninsula, which was considered the new gold standard for warfare through hybrid warfareespecially with cyber means – a war in which tanks are not the focus, but instead disinformation, cyber-attacks, sabotage and special forces. No one in NATO and/or EU had believed Moscow would be capable of such an operation, everyone had been taken by surprise. But it is now apparent that the Russians are not as far along as assumed. The underestimation of the Ukrainian public will to resist led to the fact that the hybrid attack on Ukraine become a hybrid war which went rogue, and which is now also a conventional war. 


However, also in this war, the cyber- and information space, using the electromagnetic spectrum isstill one of the most important parts of the battlefield, it’s not just only about pure propaganda. What should the NATO, the EU expect in the future and what could be done? The West is likely to be prepared for a protracted, mostly low-intensity war. Putin already perceives the imposition of sanctions almost as a declaration of war. For Russia, the tool of retaliation could be cyber and disinformation operations. In its report from June 2023 Microsoft warned of an increase of Russian military offensive cyber operations (wiper malware) against European critical infrastructures in the next months. But also cyberattacks from actors like “Cadet Blizzard” they are associated with the Russian GRU. These attacks, which began in February 2023, targeted government agencies and IT service providers in Ukraine. Collective Western efforts towards cyber resilience, both at national, EU and NATO level, therefore, urgently need to be stepped up. The cyber threat landscape is evolving at a rapid pace. Europe and the US must now prepare for ongoing gray area conflicts. Only through anticipation, risk mitigation, and creativity can they shift the balance of power in cyberspace in favor of the defenders of a whole, safe, and free Internet. 


EU and NATO countries should develop satellite capabilities to provide coverage and connectivity to the global internet. This would become part of a global doctrine to encourage open information provided in conflict zones and authoritarian internet shutdowns. The logic should follow that of Cold War shortwave radio. Whoever wins inside the Cyber space decides what people and societies believe and what they think truth looks like but also, what is happening physically on the ground. Because whoever loses the battle for information also loses the moment to act and win the physical war. It currently looks, that Russia is not in favor to win that war, – not even in information- and cyberspace.

About Author

About Author

Josef Schroefl started his career in the Austrian Armed Forces in 1982 and worked since that in various areas of the military, including several mil operations/UN-tours f.e. to Syria and Afghanistan. Since 2006 he served in the Austrian MoD heading: “Comprehensive Approach”, “Hybrid threats” and “Cyber Security/Cyber Defence”. He holds a B.A. in Computer Technology, an M.A. in Intern. Relations from University of Delaware/US and a PhD in Intern. Politics from University of Vienna. Several publications/books on Asymmetric/Cyber/Hybrid threats, crisis, conflict and warfare. Peer Board member/reviewer of/from several magazines, f.e. “The Defence Horizon Journal”. Current position: Deputy Director for CoI Strategy & Defence at the hybrid CoE in Helsinki/Finland, leading the Cyber-workstrand there.

Twitter

Welcome to Foreign Analysis Magazine.
By signing up for ''free and easily'' on our think-tank,
you can read this unique article.
In advance, thanks for your membership.