PL_S1E8_Cyber Warfare_Transcription
[Music playing]
Jakub: A couple of weeks ago, Russian president Vladimir Putin, travelled to Minsk to visit one of his very last friends in the world.
Lukashenko: [Speaking foreign language].
Jakub: The charming voice you can hear is that of Alexander Lukashenko, the dictator of Belarus. He looks like caricature of a moustachioed authoritarian. And here he's sneering that him and Putin are-
Lukashenko: [Speaking foreign language].
Jakub: Co-aggressors, the meanest, most toxic people on the planet. We only argue about who is worse. Vladimir Vladimirovich says I am. I've started to believe he is. We decided we're equal.
It's truly grim, gallows humor, a joke made on the back of the thousands of Ukrainians who have been killed this year. And the millions of Belarusians who continue to live without basic freedoms and human rights under his regime.
[Music playing]
Lukashenko and Belarus are indelibly linked to the war in Ukraine, a spectre on the northern border, which contains Europe's last dictatorship. They are now an international pariah who have assisted Russia in the war already. And following this meeting in Minsk, may be compelled by Putin to do so even more. It's a country whose people have suffered hugely in recent years.
Pavel: My name's Pavel Liber and I'm a software engineer. I was born in Belarus and I had to leave my country in 2020 because of political situations, protests and punishments personally against me from government officials.
Jakub: I'm speaking to Pavel Liber from his new base in Vilnius. He's an IT specialist, but was forced to leave Belarus for his role in setting up an election monitoring system, during the last elections in the country, in 2020.
Speaker 1: “In Belarus, huge crowds of protestors have been demonstrating against President Alexander Lukashenko and the election that they say he rigged, two weeks ago.”
Jakub: You'll remember the footage of the protest that followed Lukashenko falsified results in the election.
Speaker 2: “Our aim is to show the government that we are not their slaves.”
Jakub: He claimed to have won 60 or 70% of the votes. No credible organisation at home or abroad believes him.
[Protest chants]
I wanted to speak to Pavel about the role IT played in the revolution and a fascinating project he's working on, to help his fellow exiled compatriots.
Jakub (interview): Can you tell us a little bit about your role during that time? Because I believe that you were involved in this as well from an election monitoring perspective.
Pavel: Yes, exactly. So, that's exactly the place where IT managed to change everything together with people in the country. I was one of creator of platform called Golos, that was a platform to specifically reevaluate results of official elections.
That was a platform where we asked people to send us their polling sheets with their choices, and we duplicated them and allocated them to right polling stations and we compared them with official results.
Then we got few difference with official results. Because on one of polling station in Minsk, we had official protocols with like 1000 voices for Lukashenko and 100 voices for Tsikhanouskay. And then in same time from exactly these polling stations, we had 800 pictures with voices for Tsikhanouskay.
And that was the first case where we managed to do this process of falsification to transparent and public for everyone. People found with their own eyes actually, that there are huge falsifications during presidential elections.
[Music playing]
Jakub: The protest against Lukashenko turned into the largest anti-government protests ever in Belarus. But the crackdown was equally brutal. There were thousands of arrests and testimonies of torture were frequent.
It played out online as well. Seeing the ways in which people were using platforms like Facebook and Telegram to rally during the protests, the internet was pretty much taken offline by Lukashenko’s regime.
Pavel told me a huge amount of the IT sector in Belarus has now left the country because of the repressions. But becoming an asylum seeker comes with an extraordinary amount of challenges, from language barriers to bureaucratic issues. Even meeting fellow Belarusians in exile can be a challenge.
So, Pavel decided to set up a really ambitious project to counter this. It's called Digital Belarus, and it's the first platform of its kind. In essence a virtual country.
Pavel: Yes, it's pretty important project and we work on that exactly since end of 2020. And that's ecosystem which we consider as virtual country, where we try to keep together people inside country, inside Belarus and outside country. And why we create that, because physical space is too dangerous for now, especially inside the country.
We have danger for people who stays in the country. And we have huge deculturalisation which happens now, because Russia tried to remove Belarus identity from the country. Russia tried to do a lot of movements to become Belarus part of Russia. So, they start to destroy language. They start to destroy cultures; they start to destroy nationality.
And this is a digital space, this is the answer for us. How to keep this identity, how to keep our people. And that's why we created huge platform actually considering of multiple products with main sense to gather Belarus people together in digital space, to connect them to each other, to allow them to resolve their needs through huge crowd involvement. So, that's kind of prototype of virtual country for us.
Jakub: Digital Belarus is an app you can access on your phone with a vast number of different products, all designed to help Belarusians living abroad. It's fundamentally about connecting fellow Belarusians together, so they have a place to maintain their culture and identity.
Pavel: And this application combines all events connected to Belarus culture, meet-ups connected to Belarus culture, internal chats, offline meetings. It's like all Tinder for small community.
We found through investigations that in countries like Germany, people who are refugees, they’re spreaded out all over the country, in a lot of small cities and their real challenge for them, how to find enough people from Belarus.
Jakub: But this is about more than just meetups. Pavel told me there are so many different levels to his virtual country. There's an economic layer where you can connect with banking services, a social element for young entrepreneurs to connect or find professional services. There's a health layer where Belarusian doctors are able to give patients online, medical advice.
There's also a media layer and a place for education. It's a really fascinating concept. You could even call it a metaverse, that word that is now so synonymous with Silicon Valley and Mark Zuckerberg. But this one feels so much more real, tangible and genuinely useful.
Jakub (interview): So, it's kind of integrating society and economy. But as you say, there's also another layer.
Pavel: Yeah, that's most important. That's actually political layer, how we call that. Because we understand that when you have a huge crowd of people who connected to each other, these people can start to resolve the issue themselves.
They're definitely some help from European Union, United States and other countries. But it never will be enough to return back your real country and to return back to home and to change dictatorship we have right now to a normal democracy country.
So, that's ultimate goal of our product, to not just connect people and support people, but also help them do something together, something important, which will help us to get back to our home.
Jakub: But with your entire digital self, stored online, this also sounds like a project which would be ripe for Russian hackers to try to break into. Cyber warfare has been a huge part of Russia's campaign against Ukraine and the West for years, something will be looking into later in this episode. So, how is Pavel and his team protecting against that?
Pavel: We don't have any single registry or single database. We use self-sovereign identity approach, when people able to store their identity fully decentralised and separate application. We work with partner here.
So, in fact, you store in your credentials and blockchain, you decide what scope of these credentials you're ready to transfer to one or another platform. It's important to understand that we fully keep in ability for people to be anonymous on our platform because there are still terror inside the country.
Even people who are outside the country, their relatives, families can be under risk. That's why ability for people to stay anonymous is the key for us.
For now, we didn't see any real cyber-attacks from Belarus officials. While we still consider they can be, but probably not from Belarus, but with help of Russia because we understand that Lukashenko is using Putin’s supports as much as he can.
Jakub: Russia is the world's most notorious perpetrator of cyber warfare. Many hacker groups that were previously thought to be non-state have been revealed to actually be part of the Russian Security Services.
But the anonymous, decentralised nature of Digital Belarus means they have a safeguard against that. At least for now.
[Music playing]
We don't often get to bring you good news stories on Power Lines, but I think this is one of them. It's a way for those who have left Belarus to fight back against the deculturalisation going on back home. And a way to ensure that when regime change happens in Belarus, they are prepared and ready to return.
It's also a platform that could help other displaced communities outside Belarus, Ukrainians included.
Theoretically, this is something that could be applied to a lot of nations and a lot of communities around the world. Is that something that you envisioned for Digital Belarus?
Pavel: Yes, you are exactly right that we are not unique here. It definitely can be applied to multiple nations. I have a lot of friends in Ukraine and some of them are helping me right now with multiple volunteering projects for Ukraine.
And we also were discussing with them of how we can reuse our experience for the social platform, for example, for Ukrainian refugees. So, I definitely hope that this solution that can be created for resolving case of Belarus, can be usable for lot of nations who are actually fighting against dictators, who are actually fighting against tyrants in their countries.
Anastasiia: From Message Heard and the Kyiv Independent, you're listening to Power Lines: From Ukraine to the World.
Jakub: In this series, we're going to be mapping the undercurrents and global consequences of the war in Ukraine, beginning in Kyiv and following the roads out wherever they may lead. I'm Jakub Parusinski.
Anastasiia: And I'm Anastasiia Lapatina.
Jakub: This week we're taking a look at a different battlefield that has been extremely consequential over the course of the full-scale invasion. And actually, even more so beforehand, the war online, cyber warfare.
A couple of weeks ago I was in Kyiv. Nastya, you’re there now for the holidays. Have you had the same kind of difficulties getting online, that I did when I was there?
Anastasiia: Yeah, it's a really tough situation actually because for the last few days we've had really big problems with cell connection. So, just kind of driving around Kyiv, going around your business, it's pretty tough because a few days ago we've had another major Russian attack on our energy infrastructure. Like it really sucks. It's super annoying.
I was talking to some of my colleagues here at the Kyiv Independent, and it's really, really frustrating. Thankfully at the office, we have Starlink.
Jakub: It's incredible the burden really that it is to have to lead your everyday life without the usual access to electricity and internet.
Anastasiia: Also, my internet keeps on going off, so I don't know if you guys hear me or if it's just my thing.
Jakub: No, it just makes you sound really authentic, talking about internet problems.
Anastasiia: Okay.
Jakub: So, we were just talking about how the last couple of months really, Russia has pivoted to make these kind of attacks on the power grid, a major part of their attacks on Ukraine. Like that's been one of the big areas to sort of make civilian life much more difficult.
But that's actually not something that's necessarily that new because Ukraine had these kind of attacks on its power grid already about eight years ago. Except back then it was caused by cyber-attacks.
But what's interesting is that those attacks were part of a bigger story because they're still happening today. While most of the power outages are actually due to the missiles and the kamikaze drones that are hitting the power grid, there's still those same cyber-attacks that are cutting the power throughout Ukraine today.
And they're actually being run by the same group of people, a unit within the GRU, Russia's military intelligence services.
Anastasiia: Jakub, is there even a definition of cyber warfare? Because remember when I was studying like modern warfare in college, I remember it was this like very new kind of very mystical thing of the future, that we don't really know much about it and we can't really predict what it's going to look like, et cetera.
Jakub: So, it's definitely something that's quite confusing and I think a lot of people don't really realise how significant cyber warfare is. There's a lot of academic definitions, but the way that I sort of think about it is that it's everything related to using digital capabilities and digital infrastructure to wreak havoc on your opponent.
And that can mean a lot of things. That can mean the simplest one of just making the computers not work, so to speak which doesn't seem that bad. All the way to making data disappear, making systems malfunction and be unable to be rebooted and all the way to causing actual physical damage.
Anastasiia: Cyber warfare also definitely has the capacity to cause a loss of life. It's just that that hasn't happened yet because it's quite a new method, but there is a possibility of that anyway. So, it's pretty dangerous.
[Music playing]
But it is important and it is the subject of today’s episode, right?
Jakub: Exactly. Just before the holidays, we decided to look at the topic of cybersecurity, cyber espionage and especially cyber warfare. So, I had a chance to have a chat with the New York based writer and journalist, Andy Greenberg.
Andy is a senior writer at Wired where he covers hacking, cybersecurity and surveillance. That naturally means that he has turned his focus to Russia and its cyber capabilities in recent years.
And in 2019, he published a book, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. This was one of the first books to really dig into who this group actually is and their links with the Russian Security Services, something that we really got into during our conversation.
But to start off, we actually looked at Ukraine in the 2010s because according to Andy, this was the place where the first modern cyber war broke out.
Andy Greenberg, thank you so much for joining us on Power Lines. Before jumping into the current situation and the war between Ukraine and Russia, I'd like to go back a couple of years to what has been described by some, and I think including yourself as the sort of first case of cyber war, the NotPetya attacks back in June of 2017.
Can you tell us a little bit about it and why this was part of something bigger unlike sort of the, let's say, smaller scale or more one-off cyber warfare attacks that we had seen in the past?
Andy: Yeah, I would say that what occurred in Ukraine, really starting in 2014 or 2015 at the latest is (I don’t know), what I've described as the first full blown cyber war in history.
But this yearslong cyber war in Ukraine is unique. Really, it was the first kind of sustained yearslong series of cyber-attacks on dozens of targets with destructive effects and not just data destroying effects.
But in some cases, it was meant to have what we sometimes call like cyber physical effects, where a cyber-attack reaches out into civilian critical infrastructure and does something like turns off the lights. Which is what happened in December of 2015, the first time that hackers ever caused a blackout was in Ukraine where they hit a few electric utilities in the west of Ukraine and turned off the power for a quarter million people that had never occurred before.
And it is in some sense the kind of quintessential act of cyber war to cause physical effects with a hacker attack. And Russia's hackers did that in Ukraine, not once, but twice. They did it again in late 2016.
And those two blackout attacks came in the midst of a larger campaign of cyber-attacks that just sort of used dated destroying malware to destroy as many computers as possible inside of Ukrainian media companies and government agencies and the treasury and the ministry of finance and the railway system for instance. And that all was just leading up to NotPetya, which would be the worst cyber-attack in history.
Jakub: We have this cyber war that has erupted between Russia and Ukraine. And then as you mentioned, it culminates in a sense with the 2017 attacks of NotPetya. Why was this different?
Andy: From 2014 to early 2017, Russia's cyber-attacks in Ukraine were big and indiscriminate, but they were still kind of targeted in a way. They would like choose one organisation and try to destroy its network or in the case of these electric utilities in the west of Ukraine and then in Kyiv, they would very deliberately target those utilities to cause a blackout.
But then NotPetya was different, because with NotPetya they essentially released a self-spreading, self-replicating piece of malicious code, a worm that was designed to spread essentially everywhere in Ukraine. It took advantage of the software updates of a piece of Ukrainian accounting software called MeDoc.
And so, it was targeted at Ukraine, but really, everybody in Ukraine uses this accounting software to pay their taxes. And so, because they did this, what we call a software supply chain attack, where they essentially used the software updates of MeDoc to turn it into a piece of malware, everywhere in Ukraine that had the software installed suddenly was infected with NotPetya.
But that's just the beginning because NotPetya was designed to automatically spread. So, it very quickly, if you have one infection of NotPetya on your network, it saturates the entire network and destroys essentially all of your computers.
So, NotPetya wasn't just targeted at one organisation like those prior cyber-attacks. It was targeted at the entire country and it did destroy hundreds of organisations, networks inside of Ukraine. Dozens of banks, multiple airports, half a dozen hospitals across the country, by my account, every government agency essentially had all of their computers destroyed, in many cases in a matter of minutes.
The minister of infrastructure of Ukraine, Volodymyr Omelyan told me that the government was just dead. Like every government agency’s computers were just completely wiped by NotPetya. In a way that was indiscriminate in the sense that it just targeted everything in Ukraine.
Of course, NotPetya then, because it was a self-spreading worm, it doesn't respect national borders. And within hours it had spread beyond Ukraine and eventually took down all of these massive multinational corporations around the world and caused $10 billion in damage.
And shut down the world's largest shipping company and FedEx and Mondelez and the manufacturer of food and pharmaceuticals and destroyed medical record systems and hospitals across United States. The effects of NotPetya globally were truly unprecedented, but it did all start in Ukraine.
Jakub: So, looking back at that time, I think a lot of the people thought about it as well, Ukraine is essentially a testing ground. The first battlefield on which to test your cyber weapons that you can then deploy internationally. With hindsight, how do you see it? Do you think it was more about testing things, more about attacking Ukraine? A bit of both?
Andy: All along people have described Ukraine as this test lab for Russia's cyber war capabilities and warned that sooner or later, like all of these attacks that we were seeing in Ukraine, that we'd never seen anywhere else in the world, that Russia would then use those same cyber weapons as they've been described on the West or on other countries.
And they weren't wrong. First of all, NotPetya did very literally hit Ukraine and then spread to the rest of the world and do more damage than any cyber-attack anyone has ever seen before or since.
But then also we saw the same hackers, and by the way, everything I've described so far has been carried out by one group of hackers known as Sandworm, who are now known to be a unit inside of Russia's GRU military intelligence agency.
So, it's absolutely true that the extremely reckless and brazen cyber-attacks of this one group really, of the GRU more broadly do have international effects. All that was right, those warnings were correct.
But then I think also now looking back after almost a year of this full-scale invasion, you can also see the cyber war from 2014 to 2022 or so, as a different kind of harbinger, as like the preview of the way that Russia carries out war. And the way that it does not distinguish between military and civilian targets, the way that in fact it kind of prefers to attack civilians in an attempt to weaken the resolve of Ukraine in these endless conflicts.
And the way specifically that it targets civilian critical infrastructure as a way to kind of cripple Ukrainian society. You can kind of see the same thing happening now with the way that the Russian military is attacking the Ukrainian power grid. Like it's sort of now focused, I would say, on an even more kind of critical piece of infrastructure that is at the foundation of so much of daily life in Ukraine.
[Music playing]
Anastasiia: So, back in January of 2022, it was roughly a month before Russia's full-scale invasion of Ukraine. There was a major cyber-attack on Ukrainian government websites. And I was actually the person who broke that story for KI.
And I remember it was a very weird morning because we broke that story at 9:00 AM and I started going online and seeing on Twitter and on Facebook how this service doesn't work and this little service doesn't work. And it became obvious that something's happening.
First of all, this was like the first time that I as a conscious adult experienced kind of like a cyber-attack happening around me and in my country. And like watching it unfold was a very bizarre experience because it was pretty scary to be honest, because … well, it's not something tangible.
It's not like a missile attack that you can see, whereas a cyber-attack, it's kind of like everywhere and nowhere and you don't really know where it's going to go, how it's going to unfold.
Jakub: And how to react, right?
Anastasiia: And how to react too, right. So, I was like, “Am I personally somehow compromised? Like, is my data on my phone compromised because I'm using the same government services?”
So, that's pretty much my experience, the one that I remember. But what about you, were you in Ukraine at the time of any of these attacks in the power grid, that were in 2015, 2016 and later?
Jakub: No, I was already out of Ukraine. But what I think now is very, … it's almost shocking how obvious it was that this wasn't just the equivalent of a missile test. It was the start of (as Andy himself puts it), the first real cyber war. And looking back it looks very much like the run up to the full-scale invasion.
[Music playing]
Anastasiia: Okay. So, we mentioned the group called Sandworm. It's this Russian hacker group. Andy mentions them too, and I've heard of them, but who are they?
Jakub: That's exactly what I got into with Andy next. How did you find out that it was Sandworm behind these attacks and sort of what was the journey to discovering their work?
Andy: Yeah, yeah. Let me see. So, I picked up this story quite late, like my editors at Wired in late 2016 asked me to find like the big story of cyber war. And I wasn't even sure that cyber war was a real phenomenon at that point.
So, I went looking for where was cyber war actually happening? And I of course had read about like that first blackout attack that hackers had carried out in Ukraine. Just as I was looking into this, it happened again and it hit the capitol of Kyiv.
And so, I began to see like, yes, there is actually an unfolding real cyber war happening in Ukraine. So, I went to Ukraine, I met with like incident responders at cybersecurity companies there, and then I also started speaking to kind of like global observers and analysts who were pulling apart the malware used in these different attacks.
And it all seemed to be being carried out by one hacker group. And of course, everybody suspected they were Russian. And there were a couple of clues that showed that this group did appear to be Russian. And this one hacker group, they had even included in their malware samples references to the science fiction novel, Dune.
And so, the group that discovered them, which was at this little company called iSight Partners, had named them Sandworm, in a reference to like these sort of like giant monsters in that book series.
Now Sandworm did appear to be Russian. There were some clues, like they had at one point sort of left open one of their command-and-control servers, and the analysts who had discovered them saw that they had like a Russian language how-to manual for one of their pieces of malware in there.
It still wasn't proven if they were really Russian or if they were Russian government or Russian non-government hackers. And it was only years later that analysts at the cybersecurity firm, FireEye began to make connections and showed that in fact, one of Sandworm's attacks, and it was in fact the Olympic Destroyer malware, that's what it was called, like this attack that hit the 2018 Olympics.
That certain kind of giveaways in the infrastructure of that attack, the command-and-control servers and where they were hosted identified them essentially as this one group that had already been named in a criminal indictment by the U.S. Department of Justice, not related to Ukraine or any of these destructive cyber-attacks, but the Russian hacker meddling in the 2016 U.S. election.
It was actually the investigation by Special Counsel Robert Mueller, into the U.S. election meddling that had first named this Russian hacker group as being part of the GRU, but also these two units within the GRU. One was Unit 26165 and one was Unit 74455. And after that Olympics attack some commonalities in the servers that those hackers had used, essentially identified them as being Unit 74455 of the GRU.
And that meant that in fact, once you could tie all of this together in a kind of a web of forensics, you could then see at least in theory that all of these attacks from those blackout attacks in 2015 and 2016 and the data destroying attacks that had hit these targeted attacks against the Ukrainian government and civilians and media, and then finally NotPetya, that all of it had been carried out by this one GRU unit. That Sandworm was in fact this Unit 74455 of the GRU.
And I published that theory in my book as just a theory really. And then just a few months later, the state department in the U.S. and then later the NSA and then finally the Justice Department all confirmed, yes, Sandworm is Unit 74455 of the GRU. And in fact, six of those Russian hackers were indicted by name about a year after the book came out.
But it's kind of still almost an empty gesture. It's like a way to send a signal to Russia to say this is not okay. That this is a crime that these hackers have committed, a series of crimes, in fact. But it's very unlikely they'll ever be arrested or face charges in any court of law.
[Music playing]
Jakub: It sounds like a big chunk of these global hackers and various cyber warfare groups are Russian. And it's quite frightening really to see how much resources Russia has dedicated to this and how many specialists it has produced in this area.
Anastasiia: Yeah, it's pretty insane. They have this whole infrastructure for cyber warfare that's engraved in their education system. They've got programs on information security, which is what they call it, but it's actually on hacking and propaganda online. They have this program taught in like hundreds of universities. They also have specific institutes that were created and run, affiliated with the government to teach experts in this field.
Jakub: Yeah, it's kind of amazing to see that having a choice of where to sort of invest in technology, Russia has chosen this one. There's a fair amount of tradition of the Soviet Union and then later Russia or earlier also Russia sort of being a pioneer when it comes to various technologies. In the last 20 years, what's really been Russia's claim to fame in terms of advancing technology, has been hacking and cyber warfare.
Anastasiia: I think maybe another reason why they're using cyber so much is the impunity that that gives you. Because as Andy has talked about, you can't really do anything about it.
And with cyber, it's very difficult, I think to first of all link a government to these activities. Like it's very difficult to trace who is actually behind them. And then also, what are you going to do about this information? How are you going to punish them? And what are we looking at next, Jakub?
[Music playing]
Jakub: Now I wanted to bring things up to the present to see how Russia has been conducting a hybrid war, including cyber-attacks since the full-scale invasion.
Moving forward to the current phase of the war, the full-scale invasion, the global attention has been very much focused on the more physical kinetic aspect of the war, the bombings, the shellings, the tanks, the troops, the trenches.
Cyber has taken a little bit of a backseat in terms of at least the media's intention. How do you feel about that? Is it something that has been present as part of the war effort over these last nine months?
Andy: I guess first, I think it's important to say that I think that the fact that people have not been too focused on cyber war once the physical invasion and the bombing and the war crimes in Ukraine began, I think that that makes sense because that is a human cost that is far higher than any cyber-attack. It's not even the same order of magnitude, it's not close.
Nonetheless, like that doesn't mean that Russia's cyber war in Ukraine has stopped. Just because we've stopped paying attention to it for a good reason, it doesn't mean that cyber-attacks are not like barraging Ukraine in a way where if they were happening to some other country, it would be one of the biggest cyber wars we've ever observed in history. Russia has continued to attack dozens of targets across Ukraine.
I've heard from Ukrainian officials that they've seen hundreds of breaches of their electric utilities and finance industry and government agencies. In many cases, I would say in probably dozens of those cases, there have been actual destructive cyber-attacks as part of the intrusion. And they have been, I would say, on a smaller scale than what we saw previous to 2022.
But they've been faster and more numerous and kind of more agile. And you can kind of see in a way that the GRU, in particular, the same agency that was responsible for all of Sandworm's attacks, that they're almost like speeding up their pace and accelerating to try to keep up with the pace of this war.
And they don't have time to prepare these kind of like exquisite perfectly planned acts of destruction like NotPetya or even those power grid attacks. They actually tried to carry out a third power grid attack and it failed this year.
But they are carrying out these kind of relentless, simpler, get in, destroy a lot of data and get out kind of attacks.
Jakub: So, maybe turning to the side of Ukraine, one of the big surprises was I think how well Ukraine's infrastructure, digital infrastructure held up throughout the war.
I remember we were supporting a lot of media in the early weeks of the war, and one of the things that we were concerned about is something as simple as bank transfers and sort of the possibility of the banking system going down.
It never really happened. It's not that I'm fishing for a compliment for Ukrainian services, but what do you think sort of happened here? Like how did they manage to sort of withstand that?
Andy: I have to just admit like maybe that I don't really know exactly how Ukraine has managed to improve its defenses so noticeably in this round, after so many years of successful cyber-attacks.
You would think like after perhaps two years of like the worst cyber-attacks we've ever seen in the world in 2015 and 2016 and two blackout attacks, you would think that would be enough for Ukrainians to have just thrown everything they have at defending against these kinds of hackers. And yet still we saw NotPetya hit the next year, so-
But now it does seem like something has shifted and Ukrainians defenders are winning, in many more cases than in the past at least. And we saw, for instance, that the third attempted blackout, which was carried out by the same hackers using a new version of like one of their same pieces of malware, this kind of automated power grid attack malware called Industroyer or Crashoverride.
They tried that again in 2022 and it didn't work. And I don't know how that attack was foiled, and I'm sure that has a lot do with Ukrainians now being some of the most experienced in the world at fending off these sorts of attacks.
But I also think it has something to do with the rest of the world and the West sort of waking up to what was happening in Ukraine. For so many years the United States and Europe and the whole world really just watched what was happening in Ukraine and sort of treated it as someone else's problem.
Like this is not NATO, this is not the EU, this is Russia's sphere of influence and they can do what they want there even after NotPetya, which spread around the world and did $10 billion in damage or more. It took nine months for there to be any real response from like a Western government to call out and hold accountable the GRU for this unprecedented his like history making cyber-attack.
Now I think that the West has woken up and you've seen even just in the days before the war began, for instance, there were a series of distributed denial of service cyber-attacks on Ukrainian websites. And these are really basic simple attacks where you just kind of flood websites with junk traffic.
And it took only days for the White House, like an actual White House press conference to call out the GRU specifically for those cyber-attacks on Ukrainian websites.
That's compared to, in some cases years for anybody to say like that the same GRU hackers had carried out a cyber-attack on the Olympics. It took two years for that to be called out. And now we see these like much simpler, smaller stakes attacks called out in days.
So, the West has woken up to the fact that Russia is abusing Ukraine in ways that are unacceptable and like those attacks are now condemned almost immediately.
But also, what that means, I think is that the U.S. and European countries are supporting Ukraine not just with weapons and its physical war. But I think with support and in its cyber war as well.
And we've seen some hints that like U.S. Cyber Command is consulting with Ukraine, that there are, I think even us kind of cybersecurity officials on the grounds, if not in Ukraine, then in Poland, like in NATO. And they're working to help Ukraine fend off these attacks.
But I think that that has played a big role in foiling some of the most consequential Russian cyber-attacks that have targeted Ukraine since the beginning of 2022.
[Music playing]
Anastasiia: I think a big part of the story of Ukraine's resilience to Russian cyber warfare specifically since the beginning of the full-scale invasion, is the fact that we've had huge help from our western allies. And it's more than that.
I think it's the fact that helping Ukraine with cyber capabilities is a pretty easy way to help. Like it's not sending tanks, it's not sending some weapons that can potentially anger Putin or something like that.
It's just sending experts to us, which many of our allies in the West have done in the lead up to the war and then after the war began. Yeah, I think it's a pretty simple way to help.
Jakub: Yeah. And I think just over the last couple of years as well, it seems that that cooperation has sort of stepped up. Ukraine has clearly developed some pretty robust capabilities, whether it's to sort of defend yourself from attacks or kind of create redundancy in the systems to make you less exposed.
Because one of the things that has been kind of unexpected and incredible to see for me is just how resilient, for example, the Ukrainian banking system has been since the beginning of the world. Like at no point has it been really that difficult.
Anastasiia: I think that is just a testament to how amazing our services are in general.
Jakub: No, and the thing that people also don't realise is that Ukraine is a very digital country.
Anastasiia: Oh, yeah. Which is actually an interesting point in relation to cyber warfare because remember when we were just launching Diia, which is basically a government app that has an individual's main documents. Like your license, your passport, we have all of that information online.
Jakub: Ukraine is one of the only, if not the only country where-
Anastasiia: The only.
Jakub: The only one where electronic documents are equivalent.
Anastasiia: Equivalent.
Jakub: Yeah. Physical ones.
Anastasiia: Yeah, yeah. But I remember when the government was just drawing that out, there were a lot of skeptics. Exactly because of the fact that whoa, a lot of this is now online and our neighbor is definitely going to try to attack it. So Jakub, what are we ending with?
[Music playing]
Jakub: We're ending with what the international community is doing to stand up to these attacks from Russia. Like with so many other aspects of the war, it's really been a turning point.
Do you think that this is, let's say, the West is now more mobilised to work together to counter the threat of Russian cyber-attacks?
Andy: Yeah, well there's no question that the West has woken up to the danger of Russian cyber-attacks that they no longer kind of like are willing to let Ukraine be treated as this testing ground, that's sort of fair game for Russia. As I think was sort of like implicitly communicated to Russia for years, when Russian hackers turn off the lights in Ukraine for the first time in history with a cyber-attack. And there is no response whatsoever. The West was basically telling Russia, “That's okay, yeah, keep going. It's fine. That's your target to mess with.”
And that was absolutely an enormous missed opportunity to kind of set rules for how countries should behave with their cyber-attack capabilities and to draw lines, to draw red lines around civilian critical infrastructure.
And now, there's no question that the West is trying to make those rules a little belatedly. And I think also we see some evidence Western countries are going a step further and they are mobilising, they are trying to like in concrete ways, help a non-NATO country like Ukraine to defend itself, not just physically, where the U.S. has spent billions of dollars to arm Ukraine, but also in the digital world.
And I think that that makes sense. I think that that's necessary and it's important to show a country like Russia that if you go after civilians, whether it's bombing the power grid or releasing a piece of malware, like NotPetya, not only will you be condemned, but you will face kind of concerted defense with kind of global reinforcements.
Jakub: Maybe just to close this this discussion. So, you wrote your book about Sandworm a few years ago. Looking at the situation now for the next years, the next decade, how do you feel? Is it a bit more optimistic given that people are taking these threats more seriously? There's more mobilisation.
Or even more dystopian given just what we're seeing in terms of the threats that are out there and the potential benefits of waging cyber war against your enemies?
Andy: It's a really good question. Yes, absolutely. Like I tried in Sandworm to warn that cyber warfare, if it is not kind of controlled with diplomacy and almost like something like a Geneva Convention for cyber war, that it could spiral out of control. It could become a new force of chaos in the world.
I think what I've seen in the years since the book came out is actually kind of hopeful. I've seen Western officials and my own government in the United States sort of wake up to this and sort of end their pattern of negligence and like stop ignoring the GRU's reckless, insanely destructive attacks in Ukraine.
There's no Geneva Convention for cyber war, but there is a new kind of awareness and a new kind of vigilance about cyber-attacks. And also, Sandworm was indicted. They have been criminally charged for their sort of crime spree across the world.
And I think that that is part of why we haven't seen, for instance, like another NotPetya. Like we've never since NotPetya, seen an attack of that size or worse, which is what I feared back when I published this book in 2019.
But even as there are these kinds of signs of hope and like a silver lining, which is that it does seem like cyber warfare may actually be being brought under control or that there's an attempt to do that. The story of the book, I think now can be seen in a much sadder way as a preview of what we would see in this full-blown war in Ukraine starting this year.
The way that Sandworm demonstrates Russia's callousness towards damage, collateral damage, civilian damage in Ukraine and around the world, we've seen this elsewhere too from Chechnya to Syria.
But in Ukraine, like you can see just how brutal the Russian military's approaches and the ways that they're willing to not only accidentally hit civilians, but to target civilians and civilian critical infrastructure just as a way to score points in this war.
[Music playing]
Anastasiia: In two weeks in Power Lines, we're going to be focusing again on the Russian security services with the journalist and author, Michael Weiss. But this time as a whole looking at the history of the FSB, the successor of the KGB and its military counterpart, the GRU and what their role has been during Russia's war in Ukraine.
Jakub: If you want to further support us, you can subscribe to our ad free feed on Apple and by looking up Power Lines + on Spotify. You can also support the Kyiv Independent by finding us on our Patreon, to get behind the scenes content. Go to patreon.com/kyivindependent to continue helping us report on the most important stories in Ukraine.
Anastasiia: Look up Message heard wherever you're listening to this podcast for more of our original shows. And find us on our website at messageheard.com or on our Power Lines Twitter @PowerLinesPod, as well as Instagram and Facebook by looking up at Message Heard.
Jakub: You can also follow the Kyiv Independent on Twitter and Facebook at Kyiv Independent and Instagram at kyivindependent_official, to get the latest news and stay up to date with our coverage. Please also subscribe and rate Power Lines in your podcast app as it really helps others find our show.
Anastasiia: Power Lines is a partnership between the Kyiv Independent and Message Heard. It was produced by Bea Duncan, Harry Stott and Talia Augustidis. The executive producer is Sandra Ferrari. The theme music is by Tom Biddle and Alfie Godfrey.