The barbarians are at the digital gates
In 2017 the world was rocked by the NotPetya ransomware attack, which caused significant damage to global companies and hospitals. The malware was originally created to attack infrastructure in Ukraine, which at the time was already involved in a civil war with pro-Russian separatists in its eastern region.
NotPetya was not intended to get out into the world, but it nonetheless inflicted chaos on computer systems around the globe, causing at least $10bn worth of damage, according to former US homeland security adviser Tom Bossert.
It was “the most devastating cyberattack since the invention of the internet — an attack that began, at least, as an assault on one nation by another”, Wired journalist Andy Greenberg wrote in his book
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.
The release of NotPetya was “an act of cyberwar by almost any definition — one that was likely more explosive than even its creators intended”, he said.
Once it was in the wild, the malware took down such multinationals as shipping firm Maersk, pharmaceutical company Merck, FedEx subsidiary TNT Express and construction firm SaintGobain in France.
It crippled hospitals around the world, including the National Health Service in the UK. Ironically, it even infected computers at Russian oil firm Rosneft.
“While there was no loss of life, it was the equivalent of using a nuclear bomb to achieve a small tactical victory,” Bossert said at the time. “That’s a degree of recklessness we can’t tolerate on the world stage.”
NotPetya wasn’t the first attack on Ukraine’s infrastructure. In 2015 the country’s power grid was taken down twice, affecting hundreds of thousands of people. “As proofs of concept, the attacks set a new precedent: in Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality,” wrote Greenberg.
Worse, he said, the blackouts “were part of a digital blitzkrieg that has pummelled Ukraine — a sustained cyberassault unlike any the world has ever seen. A hacker army has systematically undermined practically every sector of Ukraine: media, finance, transportation, military, politics, energy. Wave after wave of intrusions have deleted data, destroyed computers, and in some cases paralysed organisations’ most basic functions.”
Right now, as Russian tanks try to navigate Ukrainian roads, where locals have removed street signs, there are also cyberattacks on digital infrastructure. Ukrainian government websites have been taken offline, as has one of the country’s banks.
Last October, Microsoft said 58% of the state-sponsored cyberattacks it tracked came from Russia. These hacker gangs are often given a free pass by the country’s authorities because their criminal interests align with the government’s aims to destabilise its enemies. They are also, apparently, a source of revenue for Moscow.
By far Russia’s most damaging cyberattack on its old Cold War adversary, the US, was uncovered in December 2020, when the US government discovered widespread security breaches at many of its agencies. This unprecedented espionage hack — through a service provider called SolarWinds — was directly blamed on Russia’s notorious military intelligence service, the GRU.
Meanwhile, hacker group Anonymous has declared itself “officially in cyberwar against the Russian government”. It has hacked the Russian ministry of defence database and website, state-owned broadcaster Russia Today and the
Kremlin website.
Internationally, Russia is not the only one using cyberconflict to advance its aims. China and North Korea have allegedly launched innumerable attacks on the US — often using spying software, as opposed to ransomware. Pyongyang is suspected of being behind the hacking of Sony Pictures in 2014, an apparent attempt to stop the release of The Interview, a comedy that poked fun at North Korean leader Kim Jong-un.
In 2018, a hacker with links to North Korea was charged by the US for both this and the WannaCry ransomware attack.
“Chinese espionage and, more broadly, Chinese cyberbehaviour are very, very disturbing and should not be allowed to
stand,” Michael Hayden, a former director of the CIA and National Security Agency, said in 2013.
But it was the Stuxnet worm, allegedly designed by the US and Israel to sabotage Iran’s nuclear programme, that drew Hayden’s most withering criticism.
In a reference to Hiroshima, he said: “This has the whiff of August 1945. Someone, probably a nation state, just used a cyberweapon in a time of peace … to destroy what another nation could only describe as their critical infrastructure.
“That’s a big deal. That’s never happened before.”
As Greenberg observed: “NotPetya reminds us, distance is no defence. Every barbarian is already at every gate. And the network of entanglements in that ether, which have unified and elevated the world for the past 25 years, can, over a few hours on a summer day, bring it to a crashing halt.”