Just before Christmas 2015, power went out in parts of western Ukraine. To most, this looks like a normal power outage at first. However, it quickly becomes clear to the technicians from the attacked energy companies: they are dealing with a cyberattack. And a cyberattack that has never happened before. Alleged attacker: Russia.
Fear of such cyber attacks is also growing here in the West. But what exactly can they look like? How likely are they?
When we talk about cyber attacks, we should first define the framework. Roughly speaking, there are three different types of cyber attacks.
On the one hand, it is Cyber espionage, i.e. intrusion into third party computers and networks to steal sensitive data. As in the German Bundestag in 2015.
ARD spokeswoman: “Hackers attacked the Bundestag’s data network. The perpetrators tried to smuggle software, possibly a Trojan. ‘
There are also cyber attacks that are part of disinformation campaigns are. For example, when websites or known social media accounts are hacked to spread false information – this is what happened to various known Twitter users in 2020.
CNN spokesman: “A fake tweet from Bill Gates reads:” In the next 30 minutes, I will double all payments sent to my bitcoin address. You send me $ 1000, I’ll send you $ 2000 back. “
And last but not least, there is an act cybersabotage, that is, hacker attacks aimed at paralyzing individual computers or entire networks. This can start with minor ransomware attacks, where individual computers are encrypted by malware and decrypted again only after paying a ransom.
It can also turn into attacks on critical infrastructure, for example when hackers paralyze an entire telecommunications, energy or water region.
It is also the type of attack of greatest concern. Because they can endanger human life. And secret services in various Western countries are now warning against just such attacks.
US President Joe Biden: “According to the latest findings, Russia may be planning a cyber attack on us.”
Fortunately, we’ve seen several cyber-sabotage attacks of this magnitude so far. But what it’s like to become a victim of it – one country in particular has experienced it in recent years: Ukraine.
It is December 23, 2015 in the Ivano-Frankivsk region of West Ukraine. In the control center of an energy company, employees watch in amazement as someone remotely takes control of their computers. The cursors on the screens move as if by magic and begin shutting down some sixty substations in the region.
As a result, almost a quarter of a million people in Ukraine are without electricity.
When employees want to intervene, they are logged out of their own systems. Log in again? It does not work! The remote attackers changed their passwords. At the same time, they remove large amounts of data from computers and flood businesses with phones to overload telephone systems. Finally, they interrupt the emergency power supply so that even the workers themselves are literally wandering in the dark in the dark.
It is quickly becoming clear to Ukraine who is behind this cyber attack: Russia. Strictly speaking, the attack is believed to be the work of the Russian Military Intelligence Unit 74455. This unit is also known as Sandworm. American security researchers gave it this name because they discovered references to the Dune novel series in the code.
In 2015, Sandworm launched the first successful cyberattack on powering the country. Over the years, the group has repeatedly attacked Ukraine with cyber attacks on banks, airports and telecommunications companies. Of particular concern is that the methods become more sophisticated with each attack – and so does the likelihood of damage being done.
So technically, Russia has proven capable of cyber-sabotaging attacks on critical infrastructure. From Russia’s point of view, cyber attacks have one key advantage: they can be easily denied. Because it is often difficult to prove the originator unequivocally.
At the same time, there are also reasons that speak against cyber attacks. For example, large-scale sabotage attacks can quickly get out of hand in the network world.
Moreover, large Russian cyberattacks on local targets would be significant escalation in conflict with the West. The big question is whether Russia is really ready for such an escalation.
Last but not least, it should also be said that the physical damage caused by such cyber-sabotage attacks has been rather manageable so far. Especially compared to conventional warfare. The economic losses were enormous in some cases, but so far such attacks have mainly served one purpose: chaos and uncertainty give