How Ukraine’s Internet Can Fend Off Russian Attacks
Credit to Author: Gian M. Volpicelli| Date: Tue, 01 Mar 2022 12:00:00 +0000
To revist this article, visit My Profile, then View saved stories.
To revist this article, visit My Profile, then View saved stories.
As Russian tanks rolled into Ukraine on the morning of February 24, the internet shuddered—and for some, stopped completely. Major Ukrainian internet service provider Triolan had been temporarily knocked out, in a blackout that mostly affected the northeastern Kharkiv region—a target of the Russian invasion. Even as the network came back online the following day, smaller disruptions plagued it throughout the week, according to data from the Internet Outage Detection and Analysis (IODA), an internet connectivity observatory affiliated with Georgia Tech. The Russian-occupied regions of Donetsk and Luhansk also experienced drops in connectivity.
Since the beginning of the conflict, there have been concerns that Russia-backed hackers might attempt to disconnect Ukraine’s internet, in the same way they took down the country’s power grid in 2015. Since February 23, Russia’s cyber army has been carrying out repeated distributed denial of service (DDoS) attacks against government websites, overwhelming them with spurious traffic in order to take them offline. (Ukraine’s own cyber warriors have been retaliating in kind.) But despite what happened to Triolan, Russia’s chances of carrying out a full-fledged internet shutdown against Ukraine are low.
Internet shutdowns, as a rule, are enacted by governments with the ability to order internet service providers (ISPs) to disconnect, throttle, or restrict access to the internet. Staging a shutdown as an external attacker is much harder to pull off. Russia could try aiming its DDoS or other cyberattacks at the border routers that connect an ISP’s network to the global internet, says Doug Madory, director of internet analysis at internet measurement company Kentik, but an attack that could take down a website might have a harder time knocking out internet infrastructure. “It wouldn't be really practical to take the whole country offline with a DDoS attack,” Madory says. “Those routers are pretty robust. And probably, if it was easy, they would have done it by now.”
It is not impossible in the abstract: After all, earlier this year an American hacker orchestrated a DDoS attack to take down North Korea’s servers. But Ukraine has been battle-hardened by its past brushes with Russia’s cyberattacks, and its preparedness and sophistication are much higher than North Korea’s. More important, however, is the fact that any attacker would be presented with a vast number of targets rather than a single vulnerable bullseye. Ukraine’s size and geographic position mean that it is deeply interconnected with Europe’s internet backbone. A spokesperson for the Ukrainian Internet Association says the country boasted over 4,900 ISPs as of December 2021; some of them have been making preparations ahead of the crisis, establishing fail-safe links with each other and setting up new backup network centers, according to The New York Times.
Ukraine’s internet has developed in a decentralized fashion due to market dynamics, but that has served it well in the past few years, says Tanya Lokot, a professor in digital media and society at Dublin City University. “There was a realization that it's a natural, healthy way to organize the network. When you have a variety of traffic exchange points, you have a variety of internet service providers across the country, a variety of mobile phone operators; it just leads to a more reliable system overall,” Lokot says. She contrasts that model with Russia’s own internet, which is dominated by a few state-controlled operators and which the government is working to separate from the global internet through a kill switch. “They [Russia] are trying to centralize control, and in terms of resilience of the system, that is damaging because it's much easier to target,” Lokot says.
Ukraine’s resilience, however, extends beyond the sheer number of providers. If cyberattacks do not work to take down an ISP, a Russian military determined to disconnect Ukraine might decide to just strike the connectivity infrastructure by bombing server rooms or cutting off fiber optics cables. As a matter of fact, a possible—if unconfirmed—explanation for Thursday’s outage is that Russian bombs damaged Triolan’s infrastructure in Kharkiv. But it is unclear if a more methodical targeting of network equipment would result in a total internet blackout. In Ukraine’s crowded ISP market, all providers have adapted to be fleet-footed and address even the smallest technical snag swiftly and effectively, according to Vadym Hudyma, a researcher at digital rights advocacy group Digital Security Lab Ukraine.
“Partially because of this fierce competition—sometimes accidentally, sometimes not really accidentally—providers can cut their competitors’ network. They would just ‘accidentally’ cut the cables, for example, while trying to cut their own,” he says. “So in order to survive in these chaotic scenarios, where sometimes a few meters of your cable can be cut out in the middle of the night, each provider has to be really, really flexible and be able to redirect network flows on the fly.”
That does not necessarily mean that the country’s current internet infrastructure would be able to withstand a concerted Russian effort to destroy it. That consideration might have led the Ukrainian government to request—and obtain—support from SpaceX CEO Elon Musk to activate his Starlink satellite internet service in the country. But one wonders whether Russia even wants to fully take down the internet in a country it has been pelting with disinformation.
“The Ukrainian government has zero interest in shutting down the internet, obviously,” says Hudyma. “But the same can be said for the Russians: They are trying to push their propaganda and influence operations on the Ukrainian populations. It is useful for them to have this communication network online.”