The Media Today

One year on from Russia’s invasion of Ukraine, where does the ‘cyberwar’ stand?

March 2, 2023 By Mathew Ingram
Ukrainian flag displayed on a laptop screen and binary code code displayed on a screen are seen in this multiple exposure illustration photo taken in Krakow, Poland on February 16, 2022. (Photo illustration by Jakub Porzycki/NurPhoto via AP)

After Russian troops invaded Ukraine a little over a year ago, the latter country set out to reinforce a second front in the war—a digital one. As I reported for CJR at the time, the Ukrainian government posted appeals in online hacker forums, asking for volunteers to protect Ukrainian infrastructure and conduct digital missions against Russia. The posts asked hackers to “get involved in the cyber defense of our country.” According to Foreign Policy, within a couple of months, more than four hundred thousand people had joined the informal hacker army.

Cybersecurity experts say Ukraine had one important thing going for it when Russia attacked a year ago, at least in terms of computer warfare: it was already well aware of the risk of Russian hacking. In 2015, a digital attack crippled Ukraine’s power plants and left hundreds of thousands without electricity; experts believe that hackers affiliated with the Russian government caused the outage. In 2017, a ransomware attack known as NotPetya, which many experts believe was created by Russian entities, caused an estimated ten billion dollars in damages globally, much of it in Ukraine. In the year since Russia’s invasion, there have been thousands more digital skirmishes between the two countries. But it’s unclear who, if anyone, is actually winning, or what impact all this cyber-rattling has had on the larger war.

According to a recent presentation by Yurii Shchyhol, the head of Ukraine’s State Service of Special Communications and Information Protection, the country’s Computer Emergency Response Team responded to over two thousand “cyber incidents” last year. A quarter of these targeted the federal government and local authorities, Computer Weekly magazine reported; the rest involved defense and other security sectors, as well as energy, financial services, IT and telecom, and logistics. On the opposite side of the ledger, Russians in close to a dozen cities were greeted one day last week by radio messages, text warnings, and sirens alerting them to an air raid or missile strikes that never came. Russian officials said that the alerts were the work of hackers.

Google’s internal Threat Analysis Group says that hacking and other forms of computerized warfare have continued to play a “prominent role” in the war. Last month, the company released a report entitled, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape. It concluded that there has been a dramatic increase in digital attacks on Ukrainian infrastructure since 2020, with code names like Shadylook, Skyfall, and DarkCrystal. The targeting of internet users in Ukraine by Russian hackers was twice as high last year as in 2020, Google said, and the targeting of NATO countries was more than three times as high. The Threat Analysis Group said that it had also tracked a series of “self-described news entities” with ties to Russian intelligence—including News Front, ANNA News, and UKR Leaks—promoting narratives that, for example, blame the US and NATO for instigating the war and characterize the Ukrainian government as “Nazis.” The Internet Research Agency, which became infamous for running a disinformation campaign around the 2016 US election, is also still active, Google’s experts say, but has shifted its activity “from a range of domestic Russian political issues to focus almost exclusively on Ukraine and mobilization.”

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said on Twitter that the Google report represented “impressive work” by a company that has “more comprehensive telemetry than most SIGINT (signal intelligence) agencies today.” One of the most interesting aspects of the Google report, Rid wrote, is the “hack-and-leak integration, and the very old-school exploitation and collaboration with activists, often with disinformation and forgeries mixed in.” Rid also had some criticisms, though—the report, he said, focuses on Russian activities in or related to Ukraine, but “that’s highly likely just one part of the picture, and probably not the most impressive part.”

Meanwhile, some experts have expressed skepticism that all these attacks and counterattacks in cyberspace are materially altering the course of the war. A report from the Center for Strategic and International Studies, a research organization based in the US, stated last June that “It may offend the cyber community to say it, but cyberattacks are overrated. While invaluable for espionage and crime, they are far from decisive in armed conflict. A pure cyberattack is inadequate to compel any but the most fragile opponent to accept defeat. No one has ever been killed by a cyberattack, and there are very few instances of tangible damage.” However, the report did allow that cyber operations “are very useful to conduct espionage, to gain advance knowledge of opponent planning and capabilities, and to mislead.”

Sign up for CJR's daily email

Then, in August, researchers from the University of Cambridge, the University of Strathclyde, and the University of Edinburgh, in the UK, released a research paper in which they argued that “the widely-held narrative of a cyberwar fought by committed civilians and volunteer ‘hacktivists’ linked to cybercrime groups is misleading.” The researchers collected data on thousands of hacking attempts and conducted interviews with hackers, concluding that “the role of these players in so-called cyberwarfare is minor, and they do not resemble the ‘hacktivists’ imagined in popular accounts.” Contrary to some predictions, the report said, the involvement of civilian hackers “appears to have been minor and short-lived; it is unlikely to escalate further.”

For all the talk about the risk of cyber warfare over the past several decades, “this is the first time you’ve been able to see in real time how cyber contributes to an overall military campaign,” Tim Stevens, a senior lecturer in global security at King’s College London, told Euronews recently. “Yes, it can be useful under certain circumstances, but it’s not going to win you a war.” In other words, one year in, hackers don’t seem likely to dramatically change the outcome of Russia’s invasion of Ukraine, for all the James Bond-style nicknames. The fighting on the ground will matter more.

Other notable stories:

  • New York’s Gabriel Debenedetti profiled Kate Bedingfield, whose last day as President Biden’s communications director was yesterday. Bedingfield has amassed significant influence within Biden’s inner circle, Debenedetti writes, while keeping a lid on White House leaks and explaining “the obsessions of the voracious press to a president who still reads print newspapers.” Bedingfield’s replacement will be Ben LaBolt, a former Obama staffer who most recently worked for Mark Zuckerberg, the CEO of Meta. Politico assessed the growing West Wing influence of officials with ties to that company.
  • The Washington Post’s Jada Yuan explains how Jill Biden’s recent trip to Africa—which was intended to highlight food insecurity, among other issues—got overshadowed in the US press after she essentially confirmed in an interview there that her husband will run for reelection. The trip, Yuan writes, “was a perfect encapsulation of Biden’s time as first lady, promoting noble causes and being generally uncontroversial, but ultimately less interesting to American media outlets than a single decision of her husband’s.”
  • The Newark Star-Ledger moved to shutter its DC bureau—the only such newsroom still maintained by a New Jersey newspaper—and let go of Jonathan D. Salant, its veteran political reporter. According to the New Jersey Globe’s David Wildstein, eleven members of New Jersey’s Congressional delegation, including senators Cory Booker and Bob Menendez, have since written to the Star-Ledger in protest of the decision.
  • The Organized Crime and Corruption Reporting Project named Miranda Patrucic as its new editor in chief, succeeding Drew Sullivan, who will stay on as publisher. Elsewhere in the world of investigative journalism, the Center for Public Integrity announced that it will acquire and expand the Accountability Project, “an innovative platform that allows journalists to search 1.8 billion public records” and organize resulting data for analysis.
  • And according to D magazine, the Dallas Morning News fired Meghan Mangrum, an education reporter, after she addressed the city’s mayor as “bruh” in a Twitter post pushing back on his criticism of local-media coverage of crime. Mangrum was fired for a supposed violation of the paper’s social-media policy on the same day that she had helped to organize a union protest outside the paper’s headquarters.

ICYMI: Fred Ritchin on AI and the threat to photojournalism no one is talking about

Mathew Ingram is CJR’s chief digital writer. Previously, he was a senior writer with Fortune magazine. He has written about the intersection between media and technology since the earliest days of the commercial internet. His writing has been published in the Washington Post and the Financial Times as well as by Reuters and Bloomberg.