Russia Is Taking Over Ukraine’s Internet

Credit to Author: Matt Burgess| Date: Wed, 15 Jun 2022 11:00:00 +0000

To revist this article, visit My Profile, then View saved stories.

To revist this article, visit My Profile, then View saved stories.

Web pages in the city of Kherson in south Ukraine stopped loading on people’s devices at 2:43 pm on May 30. For the next 59 minutes, anyone connecting to the internet with KhersonTelecom, known locally as SkyNet, couldn’t call loved ones, find out the latest news, or upload images to Instagram. They were stuck in a communications blackout. When web pages started stuttering back to life at 3:42 pm, everything appeared to be normal. But behind the scenes everything had changed: Now all internet traffic was passing through a Russian provider and Vladimir Putin’s powerful online censorship machine.

Since the end of May, the 280,000 people living in the occupied port city and its surrounding areas have faced constant online disruptions as internet service providers are forced to reroute their connections through Russian infrastructure. Multiple Ukrainian ISPs are now forced to switch their services to Russian providers and expose their customers to the country’s vast surveillance and censorship network, according to senior Ukrainian officials and technical analysis viewed by WIRED.

The internet companies have been told to reroute connections under the watchful eye of Russian occupying forces or shut down their connections entirely, officials say. In addition, new unbranded mobile phone SIM cards using Russian numbers are being circulated in the region, further pushing people towards Russian networks. Grabbing control of the servers, cables, and cell phone towers—all classed as critical infrastructure—which allow people to freely access the web is considered one of the first steps in the “Russification” of occupied areas.

“We understand this is a gross violation of human rights,” Victor Zohora, the deputy head of Ukraine’s cybersecurity agency, known as the State Services for Special Communication and Information Protection (SSSCIP), tells WIRED. “Since all traffic will be controlled by Russian special services, it will be monitored, and Russian invaders will restrict the access to information resources that share true information.”

KhersonTelecom first switched its internet traffic to a Russian network on April 30, before flipping back to Ukrainian connections for the majority of May. However, things appear to have shifted permanently since May 30. All of KhersonTelecom’s traffic is now being routed through Miranda Media, a Crimea-based company that’s itself connected to Russian national telecom provider Rostelecom. (Miranda Media was set up after Putin annexed Crimea in 2014). The day after KhersonTelecom made its latest switch, state-controlled Russian media outlet RIA Novosti claimed the Kherson and Zaporizhzhia areas were officially being moved to Russian internet connections—days earlier, the outlet said the regions were also going to start using the Russian telephone code +7.

Zohora says that across occupied regions of Ukraine—including Kherson, Luhansk, Donetsk, and Zaporizhzhia—there is a patchwork of around 1,200 different ISPs. “We understand that most of them are forced to connect to Russian telecom infrastructure and reroute traffic,” Zohora tells WIRED. “Unfortunately, there are cases of massive routing of traffic of Ukrainian operators across Russian channels,” says Liliia Malon, the commissioner of Ukraine’s telecom regulator, the National Commission for the State Regulation of Electronic Communications. “Ukrainian networks are partially blocked or completely disconnected.”

Technical analysis confirms that the connections are switching. Internet monitoring company Cloudflare has observed KhersonTelecom’s traffic passing through Miranda Media for more than two weeks in June. Doug Madory, director of internet analysis at monitoring firm Kentik, has observed around half a dozen networks in Kherson connecting to the provider. “It's not a one-time thing,” Madory says. “Every couple of days, there's another company getting switched over to Russian transit from Ukraine.”

Since the start of Putin’s war in February, disrupting or disabling internet infrastructure has been a common tactic—controlling the flow of information is a powerful weapon. Russian missiles have destroyed TV towers, a cyberattack against a satellite system had knock-on impacts across Europe, and disinformation has tried to break Ukrainian spirits. Despite frequent internet blackouts, Ukraine’s rich ecosystem of internet companies has rallied to keep people online. While Ukrainian troops are successfully launching counterattacks against Russian occupation in the south of the country, Kherson remains controlled by invading forces. (In March, it became the first major city to fall into Russian hands, and its residents have lived under occupation for around 100 days, reporting numerous incidents of torture.)

“It's one thing to take over a city and to control the supply lines into the city, the flow of food or fuel,” says David Belson, head of data insight at Cloudflare, who has written about internet control in Kherson. But, he says, “controlling internet access and being able to manipulate the internet access into an occupied area” is a “new front” in the conflict.

There are multiple ways Russian forces are taking over internet systems. First, there is physical access—troops are seizing equipment. Spokespeople for two of Ukraine’s biggest internet providers, Kyivstar and Lifecell, say their equipment in Kherson was switched off by Russian occupying forces, and they don’t have any access to restore or repair equipment. (Throughout the war, internet engineers have been working amid shelling and attacks to repair damaged equipment). The SSSCIP says 20 percent of telecommunications infrastructure across the whole of Ukraine has been damaged or destroyed, and tens of thousands of kilometers of fiber networks are not functioning.

Once Russian forces have control of the equipment, they tell Ukrainian staff to reconfigure the networks to Miranda Media, Zohora says. “In case the local employees of these ISPs are not willing to help them with the reconfiguration, they are able to do it by themselves,” Zohora says. The SSSCIP, he adds, has advised staff not to risk their own lives or the lives of their families. “We hope that we are able to liberate these lands soon and this temporary period of blackmailing of these operators will pass off,” Zohora says, adding it is unlikely that communications in the region can be restored before the areas are liberated.

For the time being, at the very least, this means connections will be routed through Russia. When Gudz Dmitry Alexandrovich, the owner of KhersonTelecom, switched his connection to Miranda Media for the first time at the start of May, he claims some customers thanked him because he was getting people online, while others chastised him for connecting to the Russian service. “On May 30 again, like on April 30, everything absolutely everything fell and only Miranda's channels work,” Alexandrovich says in a translated online chat. In a long Facebook post published on the company’s page at the start of May, he claimed he wanted to help people and shared photos of crowds gathering outside KhersonTelecom’s office to connect to the Wi-Fi.

Russia is also trying to control mobile connections. In recent weeks, a mysterious new mobile company has popped up in Kherson. Images show blank SIM cards—totally white with no branding—being sold. Little is known about the SIM cards; however, the mobile network appears to use the Russian +7 prefix at the start of a number. Videos reportedly show crowds of citizens gathering to collect the SIM cards. “The Russian forces realize they're at a disadvantage if they keep using Ukrainian mobile networks,” says Cathal Mc Daid, the chief technology officer at mobile security company AdaptiveMobile. The company has seen two separatist mobile operators in Donetsk and Luhansk expanding the territory they are covering to newly occupied areas.

Who controls the internet matters. While most countries place only limited restrictions on the websites people can view, a handful of authoritarian nations—including China, North Korea, and Russia, severely limit what people can access.

Russia has a vast system of internet censorship and surveillance, which has been growing in recent years as the country tries to implement a sovereign internet project that cuts it off from the rest of the world. The country’s System for Operative Investigative Activities, or SORM, can be used to read people’s emails, intercept text messages, and surveil other communications.

“Russian networks are fully controlled by the Russian authorities,” Malon, the Ukrainian telecom regulator, says. The rerouting of the internet in occupied Ukrainian areas, Malon says, has the goal of spreading “Kremlin propaganda” and making people believe Ukrainian forces have abandoned them. “They are afraid that the news about the progress of the Ukrainian army will encourage resistance in the Kherson region and facilitate real activities,” Zohora says.

At the heart of the rerouting is Miranda Media, the operator in Crimea that appeared following the region’s annexation in 2014. Among “partners” listed on its website are the Russian security service known as the FSB and the Russian Ministry of Defense. The company did not respond to a request for comment.

In many ways, Crimea may act as an example of what happens next in newly occupied areas. “Only in 2017, Crimea was completely disconnected from Ukrainian traffic. And now, as far as I know, it's only Russian traffic there,” says Ksenia Ermoshina, an assistant research professor at the Center for Internet and Society and an affiliated researcher at the Citizen Lab. In January last year, Ermoshina and colleagues published research on how Russia has taken control of Crimea’s internet infrastructure.

After it annexed Crimea in 2014, Russian authorities created two new internet cables running along the Kerch Strait, where they connect with Russia. This process took three years to complete—something Ermoshina calls a “soft substitution model,” with connections transferring slowly over time. Since then, Russia has developed more advanced internet control systems. “The power of the Russian censorship machine changed in between [2014 and 2022],” Ermoshina says. “What I'm afraid of is the strength of Russian propaganda.”

It’s likely that rerouting the internet in Kherson and the surrounding areas is seen by Russian authorities as a key step in trying to legitimize the occupation, says Olena Lennon, a Ukrainian political science and national security adjunct professor at the University of New Haven. The moves could also be a blueprint for future conflicts.

Alongside internet rerouting in Kherson and other regions, Russian officials have started handing out Russian passports. Officials claim a Russian bank will soon open in Kherson. And the region has been moved to Moscow’s time zone by occupying forces. Many of the steps echo what previously happened in Crimea, Donetsk, and Luhansk. “Russia is making it clear that they're there for a long haul,” Lennon says, and controlling the internet is core to that. “They're making plans for a long-term occupation.”

https://www.wired.com/category/security/feed/

Leave a Reply