The Washington PostDemocracy Dies in Darkness

Opinion How Russia’s vaunted cyber capabilities were frustrated in Ukraine

Columnist|
June 21, 2022 at 6:48 p.m. EDT
The Microsoft logo is pictured at the International Cybersecurity Forum in France on June 8. (Denis Charlet/AFP/Getty Images)
5 min

A quiet partnership of the world’s biggest technology companies, U.S. and NATO intelligence agencies, and Ukraine’s own nimble army of hackers has pulled off one of the surprises of the war with Russia, largely foiling the Kremlin’s brazen internet hacking operations.

Russia’s cyber-reversals haven’t resulted from lack of trying. Microsoft counts nearly 40 Russian destructive attacks between Feb. 23 and April 8, and Rob Joyce, the National Security Agency’s cybersecurity director, said the Russians had attempted an “enormous” cyber offensive. The Russians sabotaged a satellite communications network called Viasat in the opening days of the war, for example, with the damage spilling over into other European countries.

But Ukraine, working with private tech companies, Western intelligence and its own expert software engineers, has quickly fixed most of the damage. “The Ukrainians have gotten really good at repairing networks,” says Dmitri Alperovitch, a Russian-born cybersecurity expert who co-founded CrowdStrike. “When a network gets wiped, they rebuild it in several hours.”

The close partnerships that have emerged between U.S. technology companies and Western cybersecurity agencies is one of the unheralded stories of the war. The public-private rift in the tech world that followed Edward Snowden’s revelations in 2013 appears largely to be over — because of the backlash against Russia’s attacks on the 2016 and 2020 U.S. presidential elections and, now, its unprovoked invasion of Ukraine.

“Cyber responses must rely on greater public and private collaboration,” argues Brad Smith, Microsoft’s president, in a new study to be published Wednesday on Microsoft’s “lessons learned” from cyber conflict in Ukraine.

A White House cyber official explains the new cooperative approach this way: “Where companies see destructive attacks, that has driven partnerships with the intelligence community and other government agencies to see how best we can share information to protect infrastructure around the world.”

The tech world’s sympathies lie with the underdog, Ukraine. That applies to giant firms such as Microsoft and Google. It even extends to a Ukrainian hacker inside the Russian ransomware gang known as “Conti,” who leaked a “massive” amount of source code and other malware information, according to the White House official.

Ukraine’s cybersecurity defense benefited from an early start. U.S. Cyber Command experts went to Ukraine months before the war started, according to its commander, Gen. Paul Nakasone. Microsoft and Google became involved even earlier.

Microsoft began monitoring Russian phishing attacks against Ukrainian military networks in early 2021, and through the rest of last year observed increasingly aggressive hacks by six different attackers linked to Russia’s three intelligence services, the GRU, SVR and FSB, according to a Microsoft report released in April. Microsoft has spent a total of $239 million on financial and technical assistance to Ukraine, a company official said.

“Microsoft security teams have worked closely with Ukrainian government officials … to identify and remediate threat activity against Ukrainian networks,” the April report noted, adding: “We have kept the U.S. government advised of relevant information and have established communications with NATO and E.U. cyber officials to communicate any evidence of threat actor activity spreading beyond Ukraine.”

An example of this cooperation came the night before Russia’s Feb. 24 invasion, according to the White House cyber official. Microsoft detected a Russian “wiper” software designed to destroy all data on government disks. It quickly developed a patch and also notified the U.S. government, so that the threat warning could be shared as quickly as possible, the official said.

Google, a part of Alphabet, has also helped Ukraine fend off threats. Back in 2014, prompted by Russia’s use of DDOS (“distributed denial-of-service”) malware in its seizure of Crimea and eastern Ukraine, Google began what it called “Project Shield.” Software protected news sites, human rights groups and election sites against crippling DDOS floods of junk internet messages. Today, Project Shield is used by 200 sites in Ukraine and 2,300 others in 140 countries around the world, according to Jared Cohen, the chief executive of Google’s Jigsaw unit.

Open communications channels are one of the most effective weapons against closed societies such as Russia, and here, again, private companies are playing a key role. Google is sharing software known as “Outline,” which allows Russians and others to create private cloud servers that provide the equivalent of virtual private networks. Elon Musk’s SpaceX has provided satellite internet connections to Ukraine via its “Starlink” network.

Ukraine’s own internet expertise might be the X-factor. The country was a notorious center for hackers two decades ago, with some of the early credit-card fraudsters (known as “carders”) operating there. That digital savvy has morphed into a powerful part of Ukraine’s defense against Russia. Ukraine also benefits, perversely, from the experience it has gained in eight years of war against Russia and its proxies.

Here’s a paradoxical benefit of this terrible war: Given Russia’s dependence on Western technology, even for its cyberattacks, Ukraine could backfire on the Kremlin in ways that persist for years. The longer the conflict lasts, the less effective Russia’s vaunted cyber capability will likely become.