FIGHTING A LOSING GAME
Countries in the West now face two forms of cyberwarfare with hacktivists manipulating gaming platforms to disseminate messages, and State-recruited ‘armies’ launching sophisticated hacking attacks
Two weeks ago, Finland’s largest selling media daily, Helsingin Sanomat, creatively hid newspaper articles inside one of the world’s most popular shooter online video games: Counter-Strike: Global Offensive.
The newspaper built a map inside the game of a war-torn city called “De-voyna”, after the Russian word for war, where players are led to a secret room of images and Russian text on the cruelties as witnessed by its real-life news teams in Ukraine during the war, now in its second year.
The move was designed to get around Russia’s restrictions on foreign media in the wake of its invasion of Ukraine and local ban on describing the conflict as a “war”.
“If some young men in Russia, just because of this game, happen to think for a couple of seconds ‘what is going on in Ukraine?’ then it’s worth it,” editor-in-chief Antero Mukka said of the novel counter censorship approach.
The move was not criminal nor necessarily sinister but highlights how the war in Ukraine and technology is reshaping online warfare and reaching global audiences that security agencies now fear could lead to broader real-world harm.
Intelligence agencies have noted two parallel themes of concern emerging from the conflict, both of which extend to Australia which has no clear laws to combat.
One is the apparent ease in which online gaming sites involving the most popular platforms can be exploited for espionage, radicalisation or dissemination of messages, potentially networking like-minded future extremists or criminals.
The other is the more overt cyberwarfare campaigns being directed by State-recruited “armies” now involved in the Russian-Ukraine war, that has led to unprecedented cyber attacks and left unchecked Five Eyes, intelligence agencies have warned could become as potent a threat as terrorism.
The UK’s National Cyber Security Centre commissioned a report into the cyber aspect of the Ukraine-Russia war that this month identified “concerning precedents” and a blurring of lines between combatants and civilians.
There was Russia’s Killnet hacking group, identified as making cyber assaults on critical infrastructure against Ukraine and the West, including in Australia, and Ukraine’s IT Army, a volunteer network of hackers that has been engaged in cyberwarfare with Russia since the conflict began.
Both had “gamified” the conflict by romanticising the cyber fight, notably the IT Army, with authorities providing step-by-step outlines on how to target and achieve effects, and questions what will happen after the actual war ends or their interest ends and the hacktivists move on.
“In the past, countries have had to deal with civilians leaving and joining terrorist organisations, becoming radicalised, and then returning to their native countries,” a report released this month points out.
“Many governments have developed systems to deal with this potential threat. With cyber operations, however, an actor can conduct attacks at a distance.”
It added, drawing tech-savvy volunteers in to fight for the State was simpler than radicalisation and no country had an existing legal framework to deal with the issue.
There was also a blur between political hacktivists and those interested in financial gain.
Ben Gestier, former intelligence officer for the ADF and AFP and now senior analyst and team leader for risk intelligence group Flashpoint, said pro-Kremlin hacktivist groups had become more open.
“For example, Killnet briefly rebranded as a ‘private military hacking company’, the Phoenix group started selling data and accesses, and other groups sought co-operation with cybercriminal gangs and darknet forums,” he said.
“Some of the groups have been linked to Russian security services, which may also be a financial motivation for them … it is plausible for these hacktivist groups to act as hired cyber guns, especially if animosity between Russia and the West persists, as is likely, or as allies of more sophisticated State-backed groups determine where ‘red lines’ lie.”
Dr Brenton Cooper, chief executive and co-founder at Adelaide-headquartered open-source intelligence company Fivecast, said FUD (fear, uncertainty and doubt) had become a viable objective for State actor-led cyber operations.
“We’ve seen the power of these paramilitary groups loom over the West for some time, but today’s mounting global conflict potential certainly deepens the threat. Deniable proxies – private contractors – are being played out to manipulate Western democracies in increasingly sophisticated ways. And with the internet and its influence almost infinite, the challenge for national security teams now is stitching together a holistic intelligence picture.”
Equally concerning has been how extremists are exploiting gaming platforms, now designed as customisable and as a social communication space, to recruit and spread ideology.
US Air National guard Jack Teixeira embarrassed the Pentagon and its allies after he leaked highly classified details about the Ukraine-Russia conflict, which he shared with a gaming social chat group, not for espionage purposes but for kudos with gun-loving gaming peers on the Discord platform.
It is the same platform the Russian Kremlin-linked Wagner private mercenary army uses to spread disinformation as they have tried to infiltrate popular game Minecraft. Russian foreign intelligence services are also using AI-generated girlfriends to cyber target through gaming chat rooms lonely analysts for possible intelligence.
“The relative ease with which extremists have been able to manipulate gaming spaces points to the need for urgent action by industry actors to avoid further harm,” a cyber hack and gaming report from the New York University Stern School of Business this week concluded.
The connection of contemporary gaming to radicalisation and violent right wing or other extremism had already been linked to real-world violence, notably in the US.
Steven Stone, who heads data security company Rubrik’s data threat unit, exposing espionage-led assaults, said geopolitical events often inspire groups sympathetic to regimes standing in opposition to them, notably Five Eyes nations (US, UK, Australia, Canada and New Zealand).
He said all cyber actions should not be viewed as separate from malware attacks or other technical activities for profit or intelligence gain, notably by Russia, China, Iran and North Korea.
The relative ease with which extremists have been able to manipulate gaming spaces points to the need for urgent action by industry actors to avoid further harm