How the tech community has rallied to Ukraine’s cyber-defence | Joyce Hakmeh and Esther Naylor

From an army of volunteers to EU and Nato teams, the variety of online actors working for the cause is unprecedented

As the conflict in Ukraine escalates, expert cyber-watchers have been speculating about the kind of cyber-attacks that Russia might conduct. Will the Kremlin turn off Ukraine’s power grid, dismantle Ukraine’s transport system, cut off the water supply or target the health system? Or would cybercriminals operating from Russia, who could act as proxies for the Russian regime, conduct these activities?

Over the past decade, Ukraine has experienced many major cyber-attacks, most of which have been attributed to Russia. From election interference in 2014, which compromised the central electoral system and jeopardised the integrity of the democratic process; to a hack and blackout attack in a first-of-its-kind fully remote cyber-attack on a power grid in 2015, resulting in countrywide power outages; to one of the costliest malicious software attacks, NotPetya, in 2017, which significantly disrupted access to banking and government services in Ukraine and, subsequently, spilled over to France, Germany, Italy, Poland, Russia, the UK, the US and Australia.

On the eve of 13 January, as troops were amassing along the Ukrainian border, about 70 Ukrainian government websites were taken down due to “unauthorised interference”, dubbed WhisperGate. The following day, these websites were defaced with a political threat that Ukrainian data had been leaked and with a warning to “be afraid and expect the worst”. The attacks did not stop there. Almost a month later, further denial of service attacks took down government websites and state-owned banking services. The UK, US and Australia were quick to publicly attribute the attacks to Russia, and name and shame the military intelligence arm of the Russian armed forces (GRU) as responsible for the attacks.

In response to the Russian threat, there have been unprecedented efforts by private and government entities – and even individuals – to support Ukraine’s cyber resilience.

Responding to cyber-attacks and building national cyber resilience has never been – and will never be – the sole responsibility of governments. It requires a whole-of-society approach grounded in international cooperation efforts. For the first time since its inception, the EU rapid cyber response team, with capabilities to detect and respond to a variety of threats, and headed by Lithuania, was deployed to help defend against cyber-attacks targeting Ukraine. The Romanian national cybersecurity agency and a cybersecurity company called Bitdefender launched a public-private partnership to provide pro bono technical support and threat intelligence to Ukraine’s government, businesses and citizens for “as long as it is necessary”. Nato, which has been working for a number of years with Ukraine to increase its cyber defences, signed an agreement a few weeks before the invasion aimed at enhancing cyber cooperation with Ukraine.

The tech community leveraged its resources and knowledge to expose cyber-attacks and threats, and limit their spread. Shortly after WhisperGate, Microsoft shared technical analysis on the tools and techniques used in the attack and recommendations for those affected, and it continues to do so. The Slovakia-based cybersecurity firm ESET exposed the nefarious component of the HermeticWiper malware attacks in February, a malware designed with a component aimed at “wiping” the data out of systems. This timely technical analysis provided vital information to security experts and governments about the technical steps that should be put in place to mitigate and protect against hacks.

At the same time, efforts within Ukraine started to materialise. In what has been referred to as an unprecedented effort in the midst of an armed conflict, a whole “IT army” of volunteers was assembled in response to a request by the minister of digital transformation to support the country’s cyber-defence efforts, with reports of some even operating from within bomb shelters.

The solidarity shown so far is unprecedented and a testament to the benefits and potential of collective action across sectors and communities. As the war continues, this solidarity will become even more important.

  • Joyce Hakmeh is a senior research fellow for the International Security Programme at Chatham House. Esther Naylor is a research analyst at the International Security Programme


Joyce Hakmeh and Esther Naylor

The GuardianTramp

Related Content

Article image
Russia unleashed data-wiper malware on Ukraine, say cyber experts
UK government and banks on alert for new form of electronic attack said to have affected hundreds of machines

Dan Milmo Global technology editor

24, Feb, 2022 @10:28 PM

Article image
Only a cyber ‘arms control’ treaty can keep online criminals and terrorists at bay | Michael Clarke
Michael Clarke: Regin malware and the Sony Pictures hacking show how vulnerable the west feels about its cyber dominance

Michael Clarke

05, Dec, 2014 @4:52 PM

Article image
Cyberwar is not coming to the US – it’s already here
As recent high-profile hacks show, cyberwar is a very real danger and is likely to get much worse, says a US security expert

Dan Tynan in Las Vegas

04, Aug, 2016 @8:59 AM

Article image
Cyber-attacks have tripled in past year, says Ukraine’s cybersecurity agency
UK security minister Tom Tugendhat warns of ‘persistent threat’ of Russian attacks on country’s infrastructure

Dan Sabbagh Defence and security editor

19, Jan, 2023 @12:01 AM

Article image
Evidence implicates government-backed hackers in Tor malware attacks
OnionDuke malware linked to MiniDuke hacker tools, which are thought to have been used to target Nato and European governments. By Tom Fox-Brewster

Tom Fox-Brewster

14, Nov, 2014 @1:30 PM

Article image
NHS cyber-attack causing disruption one week after breach
Hospitals slowly returning to normal after ransomware attack led to cancelled operations and diverted ambulances

Jamie Grierson and Samuel Gibbs

19, May, 2017 @3:12 PM

Article image
Internet experts see ‘major cyber attacks’ increasing over next decade
Pew Research report’s survey finds 61% of respondents predicting at least one attack causing ‘widespread harm’. By Stuart Dredge

Stuart Dredge

29, Oct, 2014 @4:00 PM

Article image
Hackers will not be deterred by UK cyber defences, report warns

OECD study also says state-supported cyberwar will become more common alongside conventional attacks

Owen Bowcott

17, Jan, 2011 @12:01 AM

Article image
Ukraine accuses Russia of cyber-attack on two banks and its defence ministry
Kremlin denies it was behind the attack, which Ukraine’s deputy prime minister said was the largest of its type ever seen

Dan Sabbagh Defence and security correspondent

16, Feb, 2022 @7:12 PM

Article image
Russian hackers suspected of Kremlin ties used Windows bug ‘to spy on west’
Cyber-threat intelligence firm iSight says ‘Sandworm Team’ used unknown bugs from 2009 to steal EU and Nato documents

Alec Luhn in Moscow

14, Oct, 2014 @5:41 PM