A “real” cyberwar means loss of control

Russia is considered a country that does not prosecute cybercrime and the fact that several cybercriminals have been arrested here since January came as a surprise at first. Politically, however, we are walking on a minefield. A comment by Richard Werner, Business Consultant at Trend Micro.

Because: The arrests can – as a sign of good will – contribute to easing the Ukraine crisis. However, if the crisis worsens, they can also serve as a preparation for state-supported piracy and economic warfare.

In mid-January, some protagonists of the REvil ransomware group were arrested by Moscow. Security researchers noted with satisfaction that this led to fear and confusion within the cybercriminal scene. Many feared losing a safe haven with Russia. But ransomware actors, like the buccaneers of the sea, are only a pawn in politics. The fact that REvil was specified in particular should be taken as a clear sign. The group was behind the attack on the US Colonial Pipeline at the time – the only attack on a critical infrastructure that triggered a more than clear political reaction. In doing so, Moscow is giving potential copycats a sign that Western observers also took as a concession. In an escalating conflict with Ukraine, such as the one we are currently observing, it would be inconvenient for Russia for various reasons if cyber criminals attacked critical infrastructure (KRITIS) in the West and thus automatically restricted their own political room for manoeuvre.

Two types of cyber warfare

Forms of cyber warfare, such as cyber espionage, disinformation campaigns or disruptive attacks on a country’s critical infrastructure or server systems can only be understood by those who deal with the nature of cyber weapons. Smaller actions can have a limited impact – we’ve seen this for over a decade. Because it is not possible to unequivocally identify the originator and his motivation, these are political weapons that work as long as they are able to frighten people. Larger incidents that target a country’s critical infrastructure or entire IT systems, on the other hand, are extremely difficult for state perpetrators to control – and are therefore actually unsuitable as a weapon of war. NotPetya from 2017 serves as an example. This attack very likely turned out to be a disguised state cyber attack because the technology of the distribution and the damage inflicted were enormously advanced.

Quite in contrast to the ransomware part, which was so underdeveloped that a diversionary maneuver can be assumed as opposed to a monetary motive. Ukraine was considered the main victim, but European, American and Russian companies were also affected by NotPetya. Because similar to nuclear, biological and chemical weapons, digital weapons cannot be restricted in their effectiveness. In a connected world, they meet everyone. Anyone who uses them as a weapon in a conflict must expect to also hit non-participating nations and, sooner or later, themselves. If, on the other hand, the perpetrator tries to use the weapon in a controlled manner, one needs personnel to “supervise” it in its effectiveness. This requires specialists to ensure success for each company targeted. The number of possible victims is automatically limited by this high expenditure of resources.

De-escalation instead of hackback

Previous incidents such as Stuxnet, an effective computer worm discovered in 2010, or NotPetya have proven that it is possible to cause enormous damage with targeted actions. A war opponent could use weapons like these to cause massive problems in another nation in an escalating conflict – with consequences for other states. Because just like the use of a nuclear bomb, an uncontrolled digital escalation of the crisis between Russia and Ukraine would also affect Germany, Europe and the whole world.

However, since the consequences are much milder than those of a nuclear threat, this scenario could be less of a deterrent for military “hawks”. It is all the more important to prioritize diplomatic conflict resolution. In fact, it can be assumed that today every country has the means not only to react defensively. The federal government is at least in possession of the necessary technology for a hackback in order to be able to fight back in the event of an attack. Cyber ​​warfare is now firmly established in some nations and attacks are used strategically as a result. As a rule, however, state perpetrators are more interested in using cyber attacks to manipulate public perception or stage diversionary maneuvers than to cause permanent, far-reaching disruptions – for example to critical infrastructures. The psychological effect predominates at this point. Really successful cyber attacks only produce selective damage that is difficult to assess, which at best paves the way for a conventional strike, but does not replace it.