With some cheering on attacks by anonymous hackers in Ukraine crisis, concern grows over an all-out cyberwar

SINGAPORE — Waging a “cyberwar” against Russia over the past week, a loose collective of vigilante hackers known as Anonymous have been wreaking havoc on communication networks and critical infrastructure by disrupting gas control systems, rail lines and television broadcasts.

Their efforts have been cheered on by Ukraine supporters, as well as officials who openly invite hackers to support it by attacking Russia. 

But as the conflict rages on, some experts warn that there is a risk of it escalating to become a global cyberwar, with these anonymous actors of sketchy backgrounds possibly becoming "key protagonists" in a tech-driven conflict.

While embracing anonymous hackers to target Russia may seem like a good idea, it could also encourage or incite Russia-based hacking groups to retaliate, Mr Chester Wisniewski, principal research scientist at British-based security firm Sophos, told TODAY.

“Up to now, most Russian cybercriminals have been continuing with business as usual and have not escalated or appeared to try to increase their targeting of critical infrastructure, but that could easily change if they’re supported by the Russian state,” he said.

In recent days, malware attacks that wipe out data from computer systems have been discovered targeting Ukraine, with the United States’ Cybersecurity and Infrastructure Security Agency warning that such attacks could spill over to other countries.

On Sunday, Singapore authorities urged companies to strengthen their cybersecurity posture amid the ongoing Russia-Ukraine conflict in an advisory issued by the Singapore Computer Emergency Response Team, although there have not been reports of threats to Singapore organisations so far.

Communications and Information Minister Josephine Teo wrote in a Facebook post on Tuesday (March 1): “While Singapore may be geographically distant from the theatre of action, we must be alive to such threats, as cyberattacks have no respect for geographical boundaries, and cyberthreats can emerge quickly.”

But with Anonymous and other black hat hacking groups now given a shot in the arm in the ongoing conflict, some noted that the cybersecurity landscape has already become more fraught. 

Black hats are hackers who break into computer networks with malicious intent. White hats, on the other hand, are those who break in with the permission of the system owner, so as to improve the security against the black hats.

Mr Michael Sentonas, chief technology officer at American cybersecurity tech company CrowdStrike, added that there has already been a rise in the number of “hacktivist” attacks in recent years.

They differ from other threat actors because hacktivists are neither motivated purely by financial gain nor the desire to steal intellectual property for economic gain.

Hacktivists often consider themselves as “virtual vigilantes,” working to expose fraud, wrongdoing or corporate greed, draw attention to human rights violations, protest censorship or highlight other social injustices, he said.

“(They are) fuelled by our collective reliance on the internet, social media and other forms of digital communication, as well as an emotionally-charged global political landscape. Whatever the motives, they’re still cybercriminals. What they do is illegal,” he said.

NAMELESS HACKERS AT WORK

However, their impact on the current conflict has been more muted than expected, at least for now. When hostilities began last week, many experts had expected Russian state-sponsored cyberattacks to steamroll Ukrainian digital infrastructure, taking down communication lines such as the internet and telephony services.

Those attempts did happen, though they have not made much difference in the conflict, said experts.

Mr Jamie Collier, senior threat intelligence advisor at US-based cybersecurity firm Mandiant, told TODAY: “Russia has a variety of cyber-espionage groups that have been known to not only steal information, but also conduct far more disruptive attacks, such as recent ‘wiper’ attacks on Ukrainian networks.”

These attacks involve malware that can delete data off computer systems without warning, and made their debut during the pre-invasion stage of the Ukraine conflict. Previously observed in a larger scale in 2016 and 2017, the recent attacks only managed to erase data off some Ukrainian computers, including border control offices.

With Russia sending ground troops into the Ukrainian heartlands, other anonymous hacking groups announced that they would side with the defenders, carrying out disruptive cyberattacks on Russia and Belarus.

The Anonymous group, via Twitter, publicly claimed to have been the source of several distributed denial-of-service attacks against various Russian government websites and media outlets. 

Some highlighted Ukrainian attempts to effectively “recruit” these anonymous cyberinvaders to target and coordinate attacks on Russian assets as an unprecedented move in cyberwarfare. It has been called the Ukrainian "IT Army".

Mr Lotem Finkelstein, head of threat intelligence at Israel’s Check Point Software, said: “This ‘army’ is actually a Telegram group created by an Ukraine cabinet minister, with 246,000 members from all over the world. 

“In this channel, the Ukrainian official shares targets in Russia and Belarus with the cyberadvocates.”

This has completely changed the playbook for how wars are fought, Mr Finkelstein said to TODAY.

"You now do not have to be related in any way to the conflict and still take part in the war while sitting on your couch. This is quite unique to this Russia-Ukraine conflict."

Sophos’ Mr Wisniewski said it is "highly unusual" that senior Ukrainian officials, including those who hold senior positions in the European Union, have encouraged such behaviour and asked for these activities to occur outside of normal legal frameworks.

“This is an unprecedented situation. This was literally a gold-embossed invitation laid on a red carpet inviting Anonymous to return,” he said.

Mr Christiaan Beek, lead scientist and senior principal engineer at Trellix Threat Labs, noted how when the Belarus government changed its law to allow nuclear missiles back on its territory, the country became the target of multiple hacking groups.

One hacktivist group, known as the Cyber Partisans, attacked its railway system to delay transport of military equipment towards the frontline, he said.

There have also been reports of theft and publication of sensitive information from the Russian military, added Ms Joanne Wong, vice president of international markets at LogRhythm, a US security intelligence company.

“While we are seeing a lot of such reports, it is likely too early to tell whether these cyberattacks will turn the tides of war,” she said.

AVALANCHE OF CYBERATTACKS

Nevertheless, the world might only just be witnessing the start of an avalanche of cyberattacks targeting both sides, experts said. 

“Beyond the capabilities of vigilante groups such as Anonymous, it is clear that cyberattackers will be key protagonists in the ongoing war,” said Ms Wong.

“Various intelligence sources have found that the Russian government controls an expansive arsenal of cyberwar assets, suggesting that the worst is yet to come.”

Outside of the Ukraine conflict, the expected rise in activity of black hat attacks on various targets will also mean the development of new methods of illicit entry and the discovery of vulnerabilities. Cyberdefences will therefore need to keep pace with the arms race, said experts.

The Anonymous collective and other murky hacktivist groups also do not have any allegiance, and their crosshairs can land on any target that fit their agenda of universal injustice. 

In 2013, hackers claiming to be from Anonymous attacked websites of The Straits Times and the Prime Minister’s Office in response to new licensing regulations for news websites.

Mr Ethan Seow, chief executive of the Singapore-based Centre For Cybersecurity, said the authorities have done well in coordinating and defending the critical infrastructure here. Last year, the authorities unveiled an updated national cybersecurity strategy for a more proactive stance to defend its infrastructure and boost capabilities in 11 critical sectors.

In the private sector, businesses and firms are also taking greater initiative in their digital security efforts, he added.

“While we are doing better than many other countries, we need to recognise that we still need to be alert as there have been new waves of ransomware and malware being spread online. They might be targeted at Ukraine, but it might spill over to Singaporean businesses,” said Mr Seow.

After all, Singapore had also joined in on the condemnation of the violation of a sovereign state by Russia, he said.

In any case, Ms Wong from LogRhythm said cyberattacks have become more political than ever, hence cyberdefence has also become a matter of national security and sovereignty for countries across the world. 

“The need for governments and organisations to shore up their cybersecurity posture to protect and defend themselves against the various forms of cyberthreats have become critical,” she said.