An apparent hack of the railway system in Belarus by activists trying to disrupt a potential Russian invasion of Ukraine could be a prelude to a vicious cyber-war, NATO and Ukrainian security officials have told VICE World News.
This week a group calling itself the Belarusian Cyber-Partisans claimed to have hacked and encrypted key databases in the state railway computer system. The group said it was part of an effort to disrupt the transport of Russian forces in the country under the guise of military exercises and force the release of detained opposition activists, according to Yuliana Shemetovets, a New York-based Belarusian activist who is not a member of the group but volunteered to act as a spokesperson for the group.
Alexander Lukashenko’s regime in Minsk – helped by support from Russian President Vladimir Putin – survived a peaceful uprising following a widely disputed 2020 re-election. After a brutal crackdown on political opposition, including mass arrests, deportations and international air piracy, the Belarusian opposition has been mostly forced into exile. As a result of Putin backing Lukashenko, the activists consider Russian troop movements inside Belarus an obvious target.
Shemetovets said the operation was carefully planned to avoid major travel disruptions or rail accidents that would impact ordinary people in Belarus.
She denied any link between the Cyber-Partisans and Western or Ukrainian intelligence services, pointing out the Belarusian opposition has never been treated as a high priority for Western intelligence in the recent past. But she said the operation was conducted independently by opposition activists who once worked in the country’s well respected computer science community.
A NATO intelligence official – who cannot be named in the press – said the hackers appeared independent and had not done anything from a technical standpoint that requires the help of a state intelligence service.
“I have no reason to doubt they’re an independent outfit and don’t appear to have done [more than] a decent hacker might do,” said the NATO intelligence officer from a Western European country they did not want identified. “If I had first hand information I couldn’t have spoken with you. But it's an important moment and I think plenty of services in opposition to Russia are pleased to see it happen.”
A second intelligence official based in Brussels declined comment on the question of external support for the operation but said its effectiveness was of great interest to their service.
“Something happened but it's possible that there was less disruption than there was the sense there could be future disruption,” said the official, who refused to further describe the assessment their service is conducting, which remains ongoing.
“I can confirm there’s technical concern by both the Russians and Belarusians about this incident,” the official said. “It sent a message [that] their security infrastructure both physical and cyber ….can’t be properly secured.”
In terms of state sponsored cyber attacks by NATO in the face of further aggression, both sources agreed that Russia’s combination of widespread internet use, chaotic bureaucratic culture and widespread corruption on virtually every societal level leaves the country uniquely vulnerable to aggressive cyber operations that could be deadly.
“In Russia? What do you want turned off?” said the second official. “How hard do you think it would be for the world’s best hackers backed by a major state to wreck Russia’s cyber infrastructure, black everything out and get people killed in accidents?”
But that would be terrorism said both officials, agreeing it’s part of the legal argument against working with independent outfits such as the Cyber Partisans, who could never be completely controlled.
But the first official said there were still plenty of poorly defended legitimate targets for anti-Russian activists or intelligence services to attack should conditions in Ukraine escalate. “Target specific military and communications, databases, banks, telecom,” said the second official.
“But while the Russians can’t protect their own systems, they certainly can strike back and this is why such operations become far above my level,” they added. “Political question now: The value versus risk of retaliation.”
Russia has a long history of effective cyber-operations including major hacks across the US, Western Europe and Ukraine, and Russian hackers are considered extremely dangerous adversaries by NATO. On Friday the UK’s National Cyber Security Centre warned British businesses to strengthen their digital security due to a raised threat of Russian-based cyber-attacks.
But it's clear that even non-state groups have a strong ability to hit widely across both Belarus and Russia.
“There’s plenty of activists, like we see in Belarus, with ability and motivation to go after Putin and Lukashenko’s regimes and Ukraine has serious capacity of their own,” said the first NATO officer. “It’s better to keep an eye on them but let them operate on their own. How much does someone need to hack a railway database in Belarus? [In] Ukraine there will be some coordination but if the country comes under invasion, we’d expect them to be very aggressive in attacking Russian systems, and the Russians attacking back.”
In a brief interview, a Ukrainian intelligence official who works in cyber activities confirmed that Ukraine had planned responses to any eventual Russian invasion.
“There’s always endless ‘kinetic’ activity between Ukraine and Russia, it’s an ongoing battlefield,” said the Ukrainian official. “So if the ground war escalates, we will escalate in cyber,” they said.
“But so will the Russians. But we think we can hurt them in ways they have yet to understand, while we know what they can do to us. They've done it repeatedly, we are prepared.”