Technology Related Observations on the Ukraine-Russia Conflict
I have been doing a lot of reading on how of the war in Ukraine affects technology and trade both in Eastern Europe and across the globe. I’d like to share a few things with you.
- The Splinternet
Russian citizens have been increasingly shut off from online services like Facebook, Twitter, Instagram, global news, and streaming. This is due to both the West shutting off service and Russia blocking access to internet sites. Regardless of the origin of the restrictions, it seemingly plays into the Russian government’s plan.
The plan? Russia seeks to create a “sovereign internet” that will fundamentally change the way Russians connect and access information from the rest of the globe. Under this “Russian Internet” the Kremlin has the ability to allow and restrict what it deems acceptable,
The website, Techspot, is reporting that “over the past few years, Russia has been exploring ways to build what it calls a sovereign Internet, where authorities can block VPN traffic at the network level, censor the internal Internet, and even cut it off from the outside world. Recently, the Russian state created its own domestic analog of a trusted TLS certificate authority to aid its efforts to intercept encrypted web traffic.”
While this sovereign internet may take years, due to the massive amount of work needed to enable such a plan, the current conflict in Ukraine and resulting consequences have only accelerated the project to get Russia on its “own internet”.
While some may say that’s the price they pay for an incursion, it will further isolate the Russian citizens from the reality in the world. Regardless, the idea of a “Russian internet” is a fool’s errand, as it will be increasingly difficult to isolate from the internet since access is becoming more divergent and harder to control. Which brings us to the next item:
- Starlink
Elon Musk is a lot of things, billionaire, tech entrepreneur, visionary, hype man and opportunist (and fighter? Musk is apparently ready to go mano e mano with Putin). When Ukraine’s vice prime minister pleaded to Musk for help, Musk moved his satellite internet service (Starlink) over the Ukraine, activated the service and shipped Starlink terminals to the war-torn country. Last Wednesday, 48 more Starlink satellites were launched
The Mercury News, reports that “if Russia destroys Ukraine’s internet networks or tries to muzzle its digital communication, Musk’s expanding system of satellite-based internet service can help maintain the nation’s link to the outside world, say experts.
In repressive nations, “it’s a game-changer, because you now have a way of bypassing any centralized control over what citizens can receive,” said Herbert Lin, a senior research scholar for cyber policy and security at Stanford University’s Center for International Security and Cooperation. “Government censorship over the internet no longer works.”
“When the cost and size drop, and Starlink is fully deployed, the geopolitical implications are potentially quite profound,” according to Lin.
Essentially, this means that the “Splinternet” will never come to fruition. Although the Russian military could detect and identify citizens by their satellite communications, Musk Tweeted strategic advice instructing Ukrainian users to “place light camouflage over antenna to avoid visual detection” and “turn on Starlink only when needed and place antenna away (sic) as far away from people as possible.”
Regardless of the danger posed by using Starlink, Forbes reports that Starlink is the most popular app in the Ukraine:
- “Sensor Tower, a firm that provides App Store and Google Play data, told the Wall Street Journal the app was downloaded 21,000 times globally Sunday across the two stores—the most global installs in a single day, with most of the downloads coming from Ukraine.”
- “The app has been downloaded nearly 100,000 times in Ukraine according to Sensor Tower, with global downloads more than tripling in the last two weeks.”
- Technology Infrastructure
Russia’s problems with technology are twofold- physical and mental. Let’s start with the physical. I’ve read credible reports that Russia’s economy is extremely fragile and is critically dependent on two things:
- Export of natural resources (oil, gas, minerals)
- Importation of technology
This is a very big problem because Cisco networking equipment is widely used in Russian industry. Cisco is a US company, and it has stopped operations in Russia, ceased maintaining equipment and is now blocking the use of its equipment in Russia. Internal Russian documents reveal that alarm bells are ringing.
Up until now, Russia was reliant on export of natural goods to the West and on technological imports from the West. However, at this point, Russia realizes that technological imports will be like black-market goods: very hard to obtain, expensive, and vulnerable to seizure.
On the mental front, there is the “brain drain”, the loss mental resources. Many people in Russia understand how terrifying the future looks and these people are leaving en-masse wherever they can. Apparently, all flights are booked to almost every nearby destination.
Who is leaving? Well besides the dissidents and people that disagree with what’s happening, there are the people with easily transferable and marketable skills. Techs, IT engineers, scientists, etc. can find employment internationally. Putin has realized this and has responded by declaring IT specialists are exempt from the military draft. That’s the carrot.
Of course, Putin has a stick. If the carrot wasn’t a good enough reason to stick around, border guards are now being instructed to deny IT specialists from leaving the country.
Keeping the techs from leaving Russia won’t help Putin’s situation. By severing technological exports to Russia, the West is hurting Russian technology on all levels. Consider this: imports of heavy machinery to build equipment has stopped, Russia has no domestic semiconductor chip manufacturing, and the remaining digital and hardware infrastructure is now being blocked from service. This is a devastating shock to the system.
There is always the specter of Russia developing a deeper trade channel with China, a trade partner that can supply the needed technology, chips, and heavy machinery. That relationship, however, is fraught with many logistical, political, and economic dependencies that cannot be resolved any time soon.
- Unintended Consequences
Many in the security community had predicted that the Ukrainian conflict would unleash a massive torrent of ransomware on Western companies, however it seems that just isn’t the case….yet.
Reuters is reporting that there is disarray within the ransomware criminal groups and insurance policies have become an unintended deterrent.
“Conti, one of the most notorious Russia-based cybercrime groups known for using ransomware to extort millions of dollars from U.S. and European companies, announced its “full support” for the government of President Vladimir Putin last week – a position it later walked back as they themselves became victims of a leak”, Reuters said.
Later Conti posted on their website “”We do not ally with any government and we condemn the ongoing war.”
Late in February, another notorious ransomware group, Lockbit, (who has members in Russia, according to many cybersecurity experts), made it clear in a statement that they will remain neutral in the conflict with Ukraine.
Lockbit posted on their website: “For us it is just business and we are all apolitical. We are only interested in money for our harmless and useful work. We will never, under any circumstances, take part in cyber-attacks on critical infrastructures of any country in the world or engage in any international conflicts.”
Meanwhile Accenture’s cybersecurity group, Accenture Cyber Threat Intelligence (ACTI) warned that pro-Kremlin criminal groups are looking to attack Western infrastructure in a hacktivist manner. ACTI’s report said “this targeted intent has led some actors to exclusively sell their services, such as network accesses, to pro-Russian actors; it has led other actors to extend discounts to pro-Russian actors interested in buying their accesses but has also caused those same actors to refrain from selling accesses associated with Russian entities”.
This seems in conflict with what the ransomware groups are saying, however the report went on to say “Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors and are increasingly attempting to target Russian entities in support of Ukraine,”
One question I have not figured out yet, why do ransomware gangs have websites?
While ironic, it would seem that these criminals may have some morals and don’t want to take sides in the war.
Or maybe………..it’s just all business.
- Insurance
I’ve been talking about cyber insurance for some time now. Insurance companies are tired of paying huge sums of money to the insured for remediation and ransomware payments. The average remediation cost of a ransomware attack in 2021 was $1.85mm. According to The State of Ransomware 2021 global survey from Sophos, found that the number of organizations that paid a ransom increased from 26 percent in 2020 to 32 percent in 2021; however, less than 10 percent got all their data back.
Companies must now demonstrate that they have met all cybersecurity requirements in the underwriting, prior to any coverage/payout.
Ransomware groups are very aware of how insurance works and how it benefits them monetarily. They are also aware that insurance policies usually have exclusions for a “force majeure event”, like an act of war. They are extremely focused on making money and know there are consequences for being seen as enemy combatants.
If these groups align with Russia and attack a company with coverage, an interesting scenario could play out when the compromised company calls in a ransomware claim. It’s not hard to imagine that the insurers would claim it’s a “force majeure” or warfare and not cover the claim. This would effectively dry up a major source of revenue for the ransomware groups, since many companies that get attacked rely on insurance to pay for the ransom.
For now, whether due to lack of operating infrastructure or the threat of lost cash flow, we may see a temporary reduction in ransomware. This could change on a dime as the economic situation in Russia worsens, so it’s vital to keep your systems up to date, have good backups of all critical systems and most of all, be very careful with email. TechNoir Solutions has a variety of methods to protect client computers, servers, cloud services and applications, if you have any questions on whether your business is prepared we can schedule a cyber security audit.
The conflict in the Ukraine has created some interesting alliances and has put a spotlight on how interdependent we all are on technology and trade. I’m sure there will be more technological collateral fallout from this war in Eastern Europe, in fact we may only be in the first act. As this conflict drags out and there becomes no clear way to win, Putin, in all likelihood, may resort to extreme means. This is starting to occur now, as the Russians shell the city of Mariupol into dust. If the West is dragged into the conflict, it would be hard to imagine a scenario where cyber-attacks on critical infrastructure do not occur. How effective they might be is up for debate.