Since the start of the Russian invasion of Ukraine, the war on the battlefield has been accompanied by cyber attacks. Those attacks against critical infrastructure have knocked out banking and defense platforms, mostly by targeting several communication systems.
In a timeline set up by NetBlocks, you can follow individual attacks on communication services, starting Thursday 24 February 2022, the same day the invasion of Ukraine started. The attack methods are very diverse, as are the consequences.
But that wasn’t the start of it, the denial of service attacks that were clear attempts to disrupt banking and defense services began earlier, and a huge drop of connectivity was noticed as early as February 15, 2022.
NetBlocks is a global Internet monitor based in London. It uses “diffscans”, which map the IP address space of a country in real time, and show Internet connectivity levels and corresponding outages. Deliberate Internet outages will often show a distinct network pattern, and NetBlocks uses those patterns to determine and attribute the root cause of an outage.
The NetBlocks timeline shows disruptions of fixed-line service provider Triolan, the Viasat satellite internet network, backbone internet provider GigaTrans, network operator Kyivstar, the Vinasterisk network, as well as targeted attacks on certain areas that were often accompanied or followed by physical strikes.
Financial problems have also presented challenges for network operators. On Tuesday 15 March, internet provider LocalNet announced that it would have to lock down subscribers with debt on their account due to difficulty paying the company’s own bills.
On Monday 28 March 2022, Ukraine’s national provider Ukrtelecom experienced an extended, nation-scale network disruption, following a major cyberattack. It’s not yet known whether Ukrtelecom—a telephone, internet and mobile provider—was hit by a distributed denial of service (DDoS) attack or a deeper, more sophisticated intrusion. But NetBlocks stated that the gradual loss of connectivity was a giveaway that it wasn’t a power or cable cut.
As we have said in the past, communication systems are a vital infrastructure. Important decisions may be postponed when the person or body that is supposed to make that decision is unable to gather the information necessary. This is also why we see a lot of misinformation and disinformation on both sides of the conflict.
The ongoing conflict has also affected radiation monitoring, communications, and long-term maintenance and cleanup efforts at nuclear power plants across Ukraine, which is an extra worrying factor. The loss of communications was subsequently raised as a point of concern by the International Atomic Energy Agency.
Methods of disruption
When it comes to disrupting communications services the methods are as diverse as the means of communication. Communication lines and infrastructure include physical lines, satellites, and other wireless methods.
Physical lines can be cut off in physical attacks, but they are also vulnerable to the cyberattacks that can be used against wireless communications.
- An unwanted wireless signal injected into the original signal may result in a temporary loss of wireless signals, poor receiver performance, or bad quality of output by the electronic equipment.
- Channel interferences influencing the performance of wireless communication systems can be co-channel interferences or adjacent channel interferences.
- Overload attacks, like DDoS attacks are designed to overwhelm the available capacity of the infrastructure or absorb so much capacity that the negative influence on the service is notable.
- Attacks on physical components like cables, switches, routers, and network centers.
As we discussed recently, even our networks of satellites and space systems are vulnerable to cyberattacks, which can create a backdoor into the physical and digital systems we rely upon on a daily basis.
A tried and tested method to disrupt communications is to overload the network(s) with a Distributed Denial of Service (DDoS) attack. This type of attack involves sending large amounts of traffic from multiple sources to a service or website, intending to overwhelm it.
One DDoS method that was used against Ukrainian websites was via hundreds of compromised WordPress sites that use visitors’ browsers to perform DDoS attacks by means of an inserted malicious script. The DDoS attacks will occur in the background without the user knowing it’s happening, other than a slowdown of their browser. BleepingComputer discovered that the same script is being used by a pro-Ukrainian site to conduct attacks on Russian websites.
The cyberattacks on communications are an understandable part of modern warfare. And one that nations and international organizations should prepare for. But, as always, these attacks have consequences for the inhabitants of the countries that are at war.
On both sides of the conflict, people have been cut off from communications. On the Russian side people have been denied access to most social media, which they have been trying to circumvent by using VPNs. But what is way worse from a human perspective is that worried Ukrainians are unable to reach their relatives in areas that are under attack.