Hack Attack

This story was updated at 8:12 PM. 

The Russian forces occupying Crimea are jamming cell phones and severing Internet connections between the peninsula and the rest of Ukraine. Moscow hasn’t succeeded in imposing an information blackout, but the attacks could be sign that Russia is looking to escalate its military operations against the new government in Kiev without firing a shot.

Russia has a history of launching cyber attacks on its neighbors with the aim of disrupting the countries’ ability to communicate to their citizens and with the outside world. One attack in 2008, during Russia’s war with Georgia, accompanied a ground-based military assault and was intended to disrupt government and media communications.

Although the efforts in Crimea so far have failed to choke the region’s communications lines, experts are concerned that the strikes could be a precursor to damaging Russian cyber attacks on communications infrastructure elsewhere in Ukraine, particularly if tensions escalate or Russian military forces push beyond Crimea. Disrupting Internet service or knocking out Ukrainian government websites would allow Russia to flex its muscle without necessarily drawing a military response from Kiev or its Western allies.

The new strikes appear to have been conducted mostly by hand rather than by hackers, but they have the same goal. On Monday, Reuters reported that Russian military forces were blocking mobile telephone services in some parts of Crimea. Russian naval vessels were seen moving into and around the port at Sevastopol. Russian navy ships are known to carry jamming equipment that can block phone and radio signals. Two Crimean government web portals were also offline; it was unclear whether they’d been taken down by government officials or had been hit with a malicious cyber attack.

The attacks have been escalating for days. On Friday, Ukrtelecom, the state-owned telecommunications service provider, reported that several of its offices in Crimea had been seized by unidentified individuals who cut phone and Internet cables. As a result, customers across nearly the entire region lost phone and Internet service, and the company said it was no longer able to provide a link between the peninsula and the rest of Ukraine.

Two days later, armed commandos reportedly cut off power lines at the Ukrainian navy headquarters in the port city of Sevastopol. Hours later, Ukraine’s UNIAN news agency said other teams of commandos broke into several Ukrainian navy communications stations and sabotaged communications lines in an attack similar to the one on Ukrtelecom.

Asked whether the administration was tracking any cyber attacks by Russian forces against Ukraine or in the Crimea, White House spokesperson Caitlin Hayden said, "The United States is concerned with all aggressive actions in Ukraine and expects all parties to abide by recognized international norms that apply online as well as offline. We are closely monitoring the situation in Ukraine, including reports that the Internet and telecommunications have been disrputed in the Crimea."

A spokesperson for the National Security Agency and U.S. Cyber Command declined to comment about what steps the United States might take to defend Ukraine’s computer networks.

Still, there are clear parallels between the Crimea attacks and those in Georgia and Estonia in 2007, which were widely attributed to hackers working at the unofficial behest of the Russian government. Those attacks knocked government and media websites offline, blocked Internet access, and in Estonia disabled ATMs. "Russia wants to degrade the ability of Ukraine to communicate inside and outside the country," said Adam Segal, a senior fellow at the Council on Foreign Relations who tracks countries offensive cyber capabilities. "If there is military conflict, cyber attacks will be used to degrade the ability of conventional forces to operate," Segal said.

If history is a guide, any cyber attacks from Russia might not come directly from military or intelligence services, but through mercenaries or so-called "patriotic hackers" Moscow quietly encouraged to strike Estonia and Georgia. This would give the Russian government the ability to deny that it was behind any offensive.

"The U.S. president, NATO secretary general and European leaders could call [Russian President Vladimir] Putin to warn that they are not fooled by his use of nationalist proxies and will hold him to account," Jason Healey, the director of the Cyber Statecraft Initiative at the Atlantic Council, wrote in a blog post Monday. "Since warnings won’t sway Putin, they should be backed with harder options. The U.S. Department of Defense could order its muscular Cyber Command to prepare to disrupt the attacks if asked to do so by Ukraine’s government."

Healey said "the technical means and proxies used this time are likely to be similar" as in past conflicts. He added that Western governments should make clear to Russia that significant cyber attacks on Ukraine would cross a line and be regarded just like a physical strike. "There is no excuse for surprise: the Kremlin’s habit of routinely resorting to them in the past — and in situations with far less existential danger for Putin’s plans — are well known," Healey wrote.

Were Russia to launch a cyber attack on Ukraine, the country would not be without defenses or the ability to strike back. As early as 2002, Ukraine’s government began to build up its cyber defenses to combat fraud and online crime, according to a report by the Center for Strategic and International Studies. Under existing military doctrine, Ukraine’s government considers cyber attacks on vital infrastructure — including nuclear facilities, chemical and defense industries, military facilities, and "economic and information entities" — as grounds for armed retaliation, according to the report. A national government agency guards against attempts to penetrate or disable official computer networks and government communications systems.

"Ukraine has a strong and diverse Internet frontier," according to a recent analysis by Renesys, a computer intelligence company that monitors Internet service around the world. "The roads and railways of Ukraine are densely threaded with tens of thousands of miles of fiberoptic cable, connecting their neighbors to the south and east (including Russia) with European Internet markets. The country has a well-developed set of at least eight regional Internet exchanges, as well as direct connections over diverse physical paths to the major Western European exchanges. At this level of maturity, our model predicts that the chances of a successful single-event Internet shutdown are extremely low."

For the moment, the defenses seem to be holding, with the attacks on communications lines and mobile phone networks in Crimea causing only limited damage. Ukrtelecom reported that it was able to restore service five hours after the intruders cut its lines. Renesys reported that as of last Friday, traffic routes in Crimea appeared to be functioning normally. The company doesn’t track whether individual websites have come under attack, nor does it monitor whether telephone systems are working.

Most Internet service providers in Crimea route traffic through Russia, rather than countries in Europe, said Doug Madory, a senior analyst at Renesys. That could give Russian forces easier access to computer networks. But Crimea is not entirely dependent on one provider for its connections to the Internet. Some traffic is also routed through carriers in Europe. The dispersed nature of the networks would make it more difficult for Russia to knock large swaths of the country offline for long. "In that environment, it’s very hard to have a national outage," Madory said.