Ukraine's recent history has been dramatic, with border changes, riots, the occupation of government buildings, and bloodshed. Behind all this, a quiet conflict, free of gunfire but equally hard-fought, has been taking place in the online world. DDoS attacks and communications jamming has lead to misinformation in an already confused country. Now, North Atlantic Alliance nations are joining forces to help Ukraine protect its digital space.
Albania, Estonia, Hungary, Poland, Portugal, Romania, and Turkey have offered financial or in-kind contributions to Ukraine's Cyber Defense Trust Fund, a program agreed by world leaders during a NATO summit held last September in Wales. US president Barack Obama, British prime minister David Cameron, German chancellor Angela Merkel, and French president François Hollande all participated.
"The technical requirements for the implementation of this project have been set up and the negotiations for the necessary legal arrangements are at an advanced stage," a NATO official in Brussels told ZDNet.
"NATO needs to keep abreast of the rapidly changing threat landscape and to maintain a robust cyber-defence," he added.
Cyber-defence was one of five Trust Funds created to help Ukraine, and several components of the security arm of the program are already under discussion. "Based on availability of funds, assistance could include the establishment of an incident management centre for the monitoring of cybersecurity events and the establishment of laboratories to investigate cybersecurity incidents," the NATO official said.
Training up personnel on new technologies and equipment is also included in the Trust Fund, as well as practical advice on policy development. The number of IT staff that will be involved in its implementation "is not foreseen explicitly," the official told ZDNet, as it will be up to the countries involved to provide the appropriate staffing levels.
State attacks are difficult to prove
Romania, a country known for its skilled IT professionals, volunteered to lead the Trust Fund, offering to contribute €500,000 towards the total budget of €800,000 for this year. State-owned RASIROM, a company with a strong history in cyber-defence, will head up the project.
"A legal framework governing all the financial aspects of this fund has been set up at NATO headquarters," the Alliance official said.
As lead nation, Romania is managing all aspects of the fund and will work with the Ukrainian authorities on any relevant issues.
RASIROM reports to the Romanian Intelligence Service (SRI). "By analysing recent cyberattacks, starting with the ones in Estonia in 2007 and Georgia in 2008, and ending with those in Ukraine, we find that cyberspace is more and more disputed during conflicts," Sorin Sava, SRI's spokesperson, told ZDNet.
Sava said both companies and administrative structures are at risk on the digital battleground. In Ukraine's case, several media companies have been targeted.
Government officials in Ukraine accused Russia of being indirectly behind some of the attacks, though Russian officials denied the accusations. "Hypotheses regarding the involvement of certain state entities are extremely difficult to prove, given the complexity of the technologies used and the fact that researching the attacker's identity requires a complex and longstanding investigation," the SRI's spokesperson said.
Romania plans to become "a regional leader in cybersecurity," said Bogdan Aurescu, Romania's Minister of Foreign Affairs, during a cybersecurity summit held in Bucharest this May. The event was organized by the local authorities with the help of the US Department for Commerce.
"It is clear that in general we are witnessing a rapid increase in the frequency, scale, and sophistication of cyber incidents, reported widely in the global news. Cybercrime is a booming industry and it costs the global economy billions of dollars every year," the NATO official told ZDNet.
"Events in Ukraine have confirmed that future conflicts and crises are more than likely to include a cyber component. The Alliance's top priority is to protect its own networks against cyberattacks," he added.
How the cyber and information warfare started
Romania and Ukraine have already been working together in cybersecurity, joining forces to combat the hacking, phishing, and DDoS attacks occurring in the region. That collaboration has now stepped up a gear.
Political tension in Ukraine reached a boiling point in November 2013, when its president at the time, Viktor Yanukovych, decided not to sign an association agreement with the European Union. A wave of street protests emerged. By late November, hackers targeted media outlets, making them unavailable or editing their content, according to an analysis issued by the Swiss Federal Institute of Technology in Zurich.
In late November, when the country's special police force Berkut started to attack the Maidan protesters, Ukrainian hackers responded by targeting the Ministry of Internal Affairs website, the Swiss study notes.
By late February 2014, Yanukovych had left Ukraine. Troops, later identified as Russian troops by president Vladimir Putin, occupied Sevastopol and Simferopol airports. Soldiers raided sub-branches of the telco Ukrtelecom, which announced that it "lost the technical capacity to provide connections between the peninsula and the rest of Ukraine and probably across the peninsula too".
A few days later, equipment installed in Crimea was said to have interfered with Ukraine's telecommunications system, according to Reuters. The main Ukrainian government website was taken down, and politicians said their phones had been hacked.
Ukrainian hacker groups Cyber Hundred and Null Sector responded to the situation in Crimea by reportedly attacking the Kremlin and Russia's Central Bank computer systems.
There was no let up in the targeting of Ukrainian officials. A report issued at the time by the British security firm BAE showed that several computers in the Ukrainian PM's office were carrying Snake, a malware aimed at hunting down sensitive information.
Another critical moment came in November 2014. American-based iSight announced in a blogpost that the Russian hacker group Sandworm targeted NATO, the EU, and Ukraine's telecoms and energy sectors by using a Windows bug.
Regardless of the reports, "important pieces of this puzzle remain murky," ETH Zurich's analysis reads. Some theories posit the idea that the Russian government has full access to the Ukrainian telecommunications system, as the two country's telecom infrastructures are similar.
"Several observers have argued that the Russian government has demonstrated a considerable amount of restraint in the region in its use of cyberspace during the conflict," ETH notes. "The Russian government has had little incentive to reveal its full military capabilities, including its cyber arsenal."
Read more on Ukraine