By the time anyone noticed the problem, it was far too late. Hackers had compromised the network of a popular Ukraine-based maker of tax software with malware as far back as April, then waited until June 27 before pushing out a malicious update. It quickly spread across the globe, infecting multinational businesses like shipping giant Maersk and WPP, the world’s biggest advertising group.
In Ukraine, entire government departments were blacked out, with staff forced to use their own cell phones to communicate the scale of the problem. Some companies still haven’t fully recovered from the attack; others may never recover. At first the attack appeared to be simple ransomware, meant to lock up data until victims paid for the digital key. But it quickly became apparent the ransomware was a cover. In reality, the attackers simply wanted to cripple those they attacked.
The high-profile nature of the companies the malware impacted meant the attack gained global media attention, but for many Ukrainians, it was simply the latest in a series of persistent cyberattacks against the country that began more than three years ago, coinciding with Russia’s annexation of Crimea in 2014 and the surge of Kremlin-backed separatist fighters in Ukraine’s Donbass region.
And just like those attacks, Ukraine blamed the June cyberattack on Russia.
Since 2014, Russian hackers have attacked government networks, financial institutions, and businesses across Ukraine. Russia, in compromising Ukraine’s power grid on three separate occasions, is seemingly using the former Soviet republic as a testing ground to hone its modern warfare skills.
But Ukraine is hardly the only target; Russian hackers have been implicated in an attack on the German Parliament; a hack of French television station TV5 Monde; an attack on the Polish stock exchange; the theft and publication of the some of the NSA’s most powerful hacking tools; and, of course, the compromising of DNC servers and subsequent meddling in the U.S. election last year.
All this has happened with little response from the West. Experts warn that without publicly calling out the Kremlin for what is happening, their attacks will grow more daring and more damaging. Highlighting just how concerning this trend is, reports earlier this month revealed that the Russian hackers linked to the power-grid attacks in Ukraine had compromised the networks of U.S. energy companies.
“Passivity towards the occurring cyberattacks only encourages Russia to be more aggressive — and it will,” said Jarno Limnell, an expert in military science and professor of cybersecurity at Aalto University in Finland. “Russia will keep pushing more aggressive and sophisticated cyberoperations as long as the West doesn’t push back.”
Security experts tasked with keeping tabs on Russian hackers believe there is very little that can be done to stop another attack on Ukraine’s power grid this winter; temperatures during the last attack dropped as low 16 degrees Fahrenheit.
“So many people are obsessed, just pouring over the technical details of what’s going on,” said Thomas Rid, a professor at the department of war studies at King’s College London. “But this is the equivalent of being on the battlefield with a magnification glass and looking at the bullet casings on the ground while completely missing the larger troop movements.”
For years cyber measures have been part of conflicts around the globe. But Ukraine is different, Rid says. “Because of the remote nature of these operations, the risk appetite has increased. You can just try, at a large distance, to run operations in a way that doesn’t expose your personnel in the same way.”
The problem for Ukraine is that despite the very public nature of the attacks against it and its people, there appears to be very little appetite among Western leaders to take any significant action against the Kremlin and Russian President Vladimir Putin.
U.S. Department of Defense spokesperson Michelle Baldanza said that it “stands firm in support of Ukraine’s right to defend itself in the face of aggression, including in cyberspace.” She said the DoD’s position was reaffirmed by General James Mattis during a meeting last month with Ukrainian President Petro Poroshenko. However, both Mattis and President Donald Trump, who also met Poroshenko, failed to name Russia as the aggressor in these attacks.
The EU and NATO have been similarly silent when it comes to pointing the finger at Russia. A source in Brussels who was not cleared to speak on the record told VICE News that the EU is working to help Ukraine build up its resistance to these attacks, but the bloc has failed to make any public statements condemning Russia. This stands in stark contrast to both Russia’s annexation of Crimea in 2014 and the war in Donbass, when all major Western powers condemned the Kremlin’s actions. The U.S. National Security Council specifically called out Putin to “cease all efforts to destabilize Ukraine.”
Last week in Hamburg, on the sidelines of the G-20 summit, Trump spent more than two hours meeting with Putin and discussed Russian interference in the U.S. election. After the meeting, Russia claimed Trump had accepted Putin’s denial of hacking the DNC while U.S. officials said the two sides agreed to disagree. Regardless, there was no public condemnation of Putin by Trump for the hacking, which U.S. intelligence agencies blame on the Russian government.
“The situation now is that the U.S. president doesn’t seem to put faith in the assessment of America’s own intelligence community, which is really an unprecedented setup,” Rid said. “That of course sends a signal to an adversary, and the signal is the president will not push back, even if the CIA, NSA, and others recommend the White House should do so.”
The experts with whom VICE News spoke all said that international consensus would be necessary in order to bring any meaningful action against Russia for what is happening in Ukraine — and any international condemnation without the U.S. would be pointless.
“It will fall on deaf ears if the U.S. is not involved,” said Robert Lee, a former U.S. Air Force cyber warfare operations officer who is now CEO of Dragos, a security company focused on protecting critical infrastructure. Lee was involved in the investigation into the CrashOverride malware that crippled the Ukrainian power grid in December 2016, and his firm is currently tracking a group called Electrum believed to be behind that attack.
“They are still active, and I fully anticipate seeing continued attacks and escalation in Ukraine,” Lee said.
Ukraine created a National Coordination Center for Cybersecurity, and the government is attempting to push a law on cybersecurity through Parliament that would enable public-private partnerships to defend against attacks. But little appears to have had any impact.
“The situation is much worse than it seems at first glance,” said Oleksii Yasinsky, a chief forensic analyst at Kiev-based security company ISSP. In recent months he has investigated the networks of more than 15 large companies and found the presence of what are known as “advanced persistent threats” — a term that typically refers to a government hacking group seeking to covertly monitor what is happening on your network.
Despite this, the response from the international community to Russia’s escalating cyberattacks has been muted. In Europe, the EU has created the Cyber Diplomatic Toolbox that aims to “strengthen the bloc’s ability to deter and respond to cyber threats.” But the statement announcing the new initiative lacks details on the concrete steps the EU will take, and there is no indication that the EU is taking any active measures to press Russia to cease its activities. EU officials did not respond to multiple calls and emails to ascertain if the bloc is actively doing anything to counter Russia’s attacks on Ukraine.
Russia today has little reason to stop what it is doing, and indeed it is now testing out where the line is, how far it can push these operations before it will encounter any pushback.
“It has to be remembered that today’s intelligence operations enable tomorrow’s actions, and Russia is mapping networks to determine the resources necessary for future attacks,” Limnell warns.
Reports emerged last week that Russian hackers had compromised the systems of U.S. energy companies, including the Wolf Creek nuclear facility in Kansas. While core systems used to control those networks remain secure, the discovery points to intelligence-gathering operations and the probing of networks to find weak spots.
“The West needs to develop effective ways to deal with Russia’s cyber operations and have the political courage to act against it,” Limnell said. “Otherwise the West is sending a wrong message to the Kremlin, who will utilize the cyber domain even more severe way.”