Guerrilla Cyberwar Can Have Unintended Consequences

In the digital domain, the soldiers are hackers who may never have fired a gun.

March 3, 2022
A man holds a laptop as cyber code is projected on him in this illustration photo taken on May 13, 2017. (Kacper Pempel/REUTERS)

With the eyes of the world on Russia’s air, land and sea attacks on Ukraine, and the latter’s determined resistance, another front is opening up in the war — one poised to grow in both sophistication and strategic importance as the conflict unfolds: cyberwarfare.

In the cyber domain, the troops are hackers who may have never fired a gun. Although the attacks are virtual, their effects are anything but. And while the prospect of cyberattacks and warnings of “cyber doom” have been rightly criticized as exaggerated, it would be a mistake to underestimate the very real risks of damage from cyberattacks by and in response to Russia. This is especially true as more hacker groups seek to “take up digital arms.”

Russian cyberattacks, which have been a factor in this crisis for several months, featured modestly in the lead-up to the invasion and have not been as prominent as had been expected. A distributed denial-of-service (DDoS) attack against Ukrainian government websites was somewhat successfully countered after a temporary service disruption. In response, it appears that major Russian websites also came under a DDoS attack, including those of the military and the Kremlin. While it is not clear who was behind the counterattack on Russian websites, it seems plausible that it was a retaliatory attack by the Ukrainians.

At the same time, cyberattacks are continuing. Russia is believed to be behind the HermeticWiper, a new data-wiping malware that had likely been in preparation for months, infecting hundreds of computers and not just in Ukraine. The scale of the HermeticWiper is certainly not comparable to previous attacks attributed to Russia. Still, this malware, targeting organizations in defence, aviation and information technology, among other sectors, did spread to computers in Latvia and Lithuania. Both countries are members of the North Atlantic Treaty Organization (NATO).

The spread of attacks to those NATO members appears to be intentional and targeted. But there is also the prospect that some cyberattacks may have unintended consequences and cause collateral damage, leading to inadvertent escalation. As some countries such as the United Kingdom make the case for offensive cyberattacks against Russia, a number of experts are concerned that this approach could impact even more countries. As with previous major cyberattacks, the effects can be global and sometimes result in blowback, that is, damage to the attacker’s own infrastructure, those of allies or globally valuable services.

Nonetheless, NATO members, including Canada, are assisting Ukraine with cyber support and have bolstered Ukrainian capabilities.

At the same time, NATO leaders have agreed that crippling cyberattacks on a NATO member could trigger the treaty’s article 5, allowing for an armed response. When asked about this possibility, White House Press Secretary Jen Psaki affirmed as much. Yet there is little clarity regarding the exact threshold. Malware and DDoS attacks so far have apparently not met that threshold.

Beyond direct government involvement, cyberattacks are often carried out by non-state proxies, ranging from cyber criminals to opportunistic hackers, to patriotic individuals and collectives. At times, states, and notably Russia, recruit such groups to carry out particular attacks or parts of attacks in order to ensure “plausible deniability.” Another benefit of this tactic is that proxies allow a state to avoid revealing its cyber capabilities to potential adversaries.

But Russia is not alone in engaging non-state actors. The Ukrainian government has called on underground hackers to help protect its critical infrastructure as well as to conduct cyber espionage against Russian troops. The minister for digital transformation of Ukraine, Mykhailo Fedorov, announced the creation of an “IT Army of Ukraine,” appealing for help from global digital talent. And the global hacker collective Anonymous has claimed responsibility for taking down the Russia Today state news website, and has stated on Twitter that it is officially in a “cyber war” against the Russian state. An array of hackers and collectives are involved in various activities on both sides.

The complexity and sheer number of cyber combatants may lead to unintended impacts. Potential misperceptions, confusion and disinformation will not just remain virtual. Most concerning are potential attacks on critical infrastructure, or a part of globally critical infrastructure that affects everything from global banking and travel to international trade.

Even in wartime, states would be wise to rein in non-state actors and exercise restraint in their cyber operations. Doing otherwise has the potential to be tremendously destabilizing for the global digital commons and, indeed, the international community. Consider an attack that disrupts critical health infrastructure. This scenario is not a mere hypothetical: in 2017, hospitals in the United Kingdom were crippled by the WannaCry ransomware attack.

While the deployment of “cyber guerillas” in the Ukraine resistance may have some appeal, given the lack of accountability they confer, the possible impacts and indirect and direct costs need to be clearly understood. As Ciaran Martin notes, there is “no cyber silver bullet” to winning the war in Ukraine. Conflict in cyberspace is still, to a large degree, uncharted territory, in which caution is wise.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.

About the Author

Branka Marijan is a CIGI senior fellow and a senior researcher at Project Ploughshares.