Ukraine and Russia seems to be at the moments on both traditional and cyber war. We could call that hybrid warfare. We are at a cyber war. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar. On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. Russia started to conduct attacks to Ukraine on February 24. Before physical attacks Russia did several cyber attacks towards IT systems in Ukraine.
Here are links to some material on the cyber side of this war:
How the Eastern Europe Conflict Has Polarized Cyberspace
https://blog.checkpoint.com/2022/02/27/how-the-eastern-europe-conflict-polarized-cyberspace/
The war between Russia and Ukraine is advancing. People everywhere are deciding who they will support. The same dynamic happens in the cyberspace. Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices. Historically, Russia has had superiority over Ukraine in the cyberspace. And last week, Ukraine was attacked by destructive wiping malware. However, the situation is starting to change, as most of the non-nation cyber state actors are taking the side of Ukraine. To defend itself, the Ukrainian government has created an international IT army of hacktivists.
As war escalates in Europe, it’s ‘shields up’ for the cybersecurity industry
https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/
Ukraine: Cyberwar creates chaos, ‘it won’t win the war’
https://www.dw.com/en/ukraine-cyberwar-creates-chaos-it-wont-win-the-war/a-60999197
There have been at least 150 cyberattacks in Ukraine since Russia’s invasion. Their effect is mainly psychological, and experts say they won’t decide the war.
Russia’s invasion of Ukraine has been a hybrid war from the start, a mix of conventional military strategy — traditional “boots on the ground” — and a slightly more unconventional, digital or cyberwar.
The global technology company Microsoft has said its Threat Intelligence Center (MSTIC) detected “destructive cyberattacks directed against Ukraine’s digital infrastructure” hours before the first launch of missiles or movement of tanks on February 24.
Those attacks, which Microsoft dubbed FoxBlade, included so-called wipers — malicious software or malware — that make their way inside computer networks and literally wipe the data from all connected devices.
Cybersecurity experts in Germany have said there have been over a hundred cyberattacks, in various forms, since then. But their effect has mainly been psychological.
Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
https://time.com/6153902/russia-major-cyber-attacks-invasion-ukraine/
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components.
But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks.
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations.
Crowd-sourced attacks present new risk of crisis escalation
https://blog.talosintelligence.com/2022/03/ukraine-update.html
An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques.
Customers who are typically focused on top-tier, state-sponsored attacks should remain aware of these highly motivated threat actors, as well. Misattribution of these actors carries the risk of nations escalating an already dangerous conflict in Ukraine. Based on data from our fellow researchers at Cisco Kenna, customers should be most concerned about threat actors exploiting several recently disclosed vulnerabilities, highlighting the importance of consistently updating software and related systems.
Russia, Ukraine and the Danger of a Global Cyberwar
https://www.securityweek.com/russia-ukraine-and-danger-global-cyberwar
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a “special military operation” by Russian President Vladamir Putin.
Russia has been waging its own cyberwar against Ukraine for many years.
Since the beginning of 2022, however, it seems that Russian cyber activity against Ukraine has increased. This includes evidence that wiper malware has again disrupted some Ukrainian government networks, and attacks from the FSB-linked Gamaredon have targeted around 5,000 entities, including critical infrastructure and government departments. So far, however, there has not been the same scale of disruption as occurred in 2015, 2016 and 2017.
The purpose of such cyber activity is to weaken critical infrastructure, damage government’s ability to respond to any aggression, and to demoralize the population.
The U.S. has been warning the rest of the world against a potential widening scope of Russian cyber activity, and that cyber defenses generally should be tightened.
“Part of the worry,” said Willett, “is that cyberattacks against Ukraine might bleed over, like NotPetya, to affect other countries and cause wider damage unintentionally. There is some concern that the Russians may intentionally do stuff more widely, but that would probably be in retaliation for something that the U.S. or NATO might do.
This raises the whole question of ‘attribution’. The received belief is it is impossible to do accurate cyber attribution. ““It would be a mistake for any one nation to think it could attack another without being known,” said Willett.That is absolutely wrong,” said Willett.
But accidents happen. The two iconic cyberweapons have been Stuxnet and NotPetya. It is assumed that the U.S. developed Stuxnet (although this has never been admitted). NotPetya has been confidently attributed to the Russian government. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tension.
On the morning of February 24, 2022, Russian troops invaded Ukraine. This was accompanied by a further increase in cyber activity.
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Russia Blocks Access to Facebook Over War
https://www.securityweek.com/russia-blocks-access-facebook-over-war
Russia’s state communications watchdog has ordered to completely block access to Facebook in Russia amid the tensions over the war in Ukraine.
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law.
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture.
Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations.
Just over a month ago, soon after the destructive WhisperGate attacks on multiple government, IT, and non-profit organizations in Ukraine, threat actors started to advertise on the dark web access to both breached networks and databases that allegedly contained personally identifiable information (PII).
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
High Above Ukraine, Satellites Get Embroiled in the War
https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine https://www.cisa.gov/uscert/ncas/current-activity/2022/02/26/cisa-releases-advisory-destructive-malware-targeting-organizations
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Alert: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
US firms should be wary of destructive malware unleashed on Ukraine, FBI and CISA warn – CNNPolitics
https://www.cnn.com/2022/02/26/politics/ukraine-malware-warning-cybersecurity-fbi-cisa/index.html
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
https://www.bankinfosecurity.com/eu-activates-cyber-rapid-response-team-amid-ukraine-crisis-a-18584
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine’s plan to join the military alliance NATO, the world’s network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
UK alludes to retaliatory cyber-attacks on Russia
https://therecord.media/uk-alludes-to-retaliatory-cyber-attacks-on-russia/
The UK government alluded yesterday that it might launch offensive cyber operations against Russia if the Kremlin attacks UK computer systems after an invasion of Ukraine.
Amazon: Charities, aid orgs in Ukraine attacked with malware
https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Ransomware Used as Decoy in Destructive Cyberattacks on Ukraine
https://www.securityweek.com/ransomware-used-decoy-destructive-cyberattacks-ukraine
Destructive ‘HermeticWiper’ Malware Targets Computers in Ukraine
https://www.securityweek.com/destructive-hermeticwiper-malware-targets-computers-ukraine
Just as Russia was preparing to launch an invasion of Ukraine, Ukrainian government websites were disrupted by DDoS attacks and cybersecurity firms reported seeing what appeared to be a new piece of malware on hundreds of devices in the country.
The new malware, dubbed “HermeticWiper” by the cybersecurity community, is designed to erase infected Windows devices. The name references a digital certificate used to sign a malware sample — the certificate was issued to a Cyprus-based company called Hermetica Digital.
“At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” explained endpoint security firm SentinelOne, whose researchers have been analyzing the new malware.
The malware has also been analyzed by researchers at ESET and Symantec. Each of the companies has shared indicators of compromise (IoCs) associated with HermeticWiper.
ESET first spotted HermeticWiper on Wednesday afternoon (Ukraine time) and the company said hundreds of computers in Ukraine had been compromised.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations. Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure. This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organizations to stay protected from this attack. This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available. Also:
https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
In Ukraine, Online Gig Workers Keep Coding Through the War
https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Leaving Russia? Experts Say Wipe Your Phone Before You Go
https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine on Monday asked ICANN to revoke Russian top-level domains such as .ru, .рф, and .su; to “contribute to the revoking for SSL certificates” of those domains; and to shut down DNS root servers in Russia. Fedorov argued that the requested “measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.”
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
1,839 Comments
Tomi Engdahl says:
https://www.mtvuutiset.fi/artikkeli/ukrainassa-taistellaan-maan-lisaksi-vedesta-ukraina-esti-elintarkean-veden-virtaamisen-krimille-venaja-rajaytti-padon-ensitoikseen/8450014#gs.3t4qo2
Tomi Engdahl says:
https://warontherocks.com/2022/06/not-built-for-purpose-the-russian-militarys-ill-fated-force-design/
Tomi Engdahl says:
Venäjä ja Valko-Venäjä siirtyivät tietotekniikassa kivikaudelle – Taiwan asetti rajaksi 25 megahertsin kellotaajuuden ja myös nastarajoituksen
https://muropaketti.com/tietotekniikka/tietotekniikkauutiset/venaja-ja-valko-venaja-siirtyivat-tietotekniikassa-kivikaudelle-taiwan-asetti-rajaksi-25-megahertsin-kellotaajuuden-ja-myos-nastarajoituksen/
Venäjä hyökkäsi Ukrainaan helmikuussa, jonka myötä maata vastaan on asetettu massiivisia pakotteita. Esimerkki pakotteista on piirien vientirajoitukset.
Piirejä tarvitaan nykypäivänä vähän kaikkialla, ja niitä tarvitsee kipeästi Venäjän sotateollisuuskin. Pakotteiden vuoksi Venäjälle kuitenkin toimitetaan joko enää vain todella surkeita siruja, tai vaihtoehtoisesti niitä ei toimiteta enää lainkaan.
Taiwanista siruja vielä toimitetaan, mutta ne ovat antiikkista laatua. Tällä hetkellä Venäjä ja Valko-Venäjä saavat piirivalmistuksen mekasta Taiwanista vain maksimissaan 25 megahertsin kellotaajuudella toimivia piirejä, joiden laskentateho saa olla maksimissaan 0,005 TFLOPSia. Se on nykymaailmassa hyvin vähän.
Tomi Engdahl says:
Venäjän hyökkäys sai tapahtumajärjestäjät varautumaan hybridiuhkiin todennäköisyys ei ole suuri, mutta uhka on mahdollinen https://yle.fi/uutiset/3-12499327?origin=rss
Tapahtumajärjestäjät ovat entistä kiinnostuneempia tapahtumiin kohdistuvista hybridiuhista. Hybridivaikuttamiseen varautuminen on noussut erityisesti esiin Venäjän aloitettua hyökkäyssodan Ukrainassa.
Tapahtumateollisuus ry:n varapuheenjohtaja Kalle Marttinen kertoo, että tapahtumajärjestäjille on tarjolla koulutusta hybridivaikuttamisesta ja sen ennaltaehkäisystä.
Venäjän hyökkäys sai tapahtumajärjestäjät varautumaan hybridiuhkiin – todennäköisyys ei ole suuri, mutta uhka on mahdollinen
https://yle.fi/uutiset/3-12499327?origin=rss
Tapahtumajärjestäjille on tarjolla koulutusta hybridivaikuttamisesta ja sen ennaltaehkäisystä. Varautuminen on tärkeää, vaikkei uhka olisikaan kovin suuri.
Tapahtumajärjestäjät ovat entistä kiinnostuneempia tapahtumiin kohdistuvista hybridiuhista.
Hybridivaikuttamiseen varautuminen on noussut erityisesti esiin Venäjän aloitettua hyökkäyssodan Ukrainassa.
Tapahtumateollisuus ry:n varapuheenjohtaja Kalle Marttinen kertoo, että tapahtumajärjestäjille on tarjolla koulutusta hybridivaikuttamisesta ja sen ennaltaehkäisystä.
– Aina on varauduttu siihen, että esimerkiksi nettiyhteydet katkeaisivat, mutta hybridiuhkiin varautuminen on noussut pinnalle nyt kevään aikana maailmanpoliittisen tilanteen takia. On järkevää varautua, jotta ollaan valmiimpia, jos jotain tapahtuu.
Marttinen tietää yhden tapauksen, jossa virtuaalitapahtuman osallistujille oli alettu levittää venäjämielisiä tekstejä.
Muita vastaavia tapauksia hänen tiedossaan ei Suomessa ole. Maailman mittakaavassa erilaiset vaikuttamisyritykset ovat kuitenkin tavallisempia ja niihin on varauduttu jo pitkään.
Tietoturvaa ja suunnittelua
Livetapahtumien järjestäjät ovat aina varautuneet ukkoseen tai rankkasateeseen, mutta nyt varaudutaan myös toisenlaisiin asioihin.
– Virtuaalitapahtumissa lähetystä yritetään todennäköisesti häiritä tai kaapata. Isoissa massatapahtumissa häirintä voi olla maksuliikenteen häiritsemistä, tai voidaan vaikka laittaa omia viestejä isolle screenille stadionille, Kalle Marttinen kertoo.
Tärkeintä varautumista on hyvän tietoturvan ylläpito, ja sitä kaikki tekevät nyt normaalia tiukemmin.
Toinen asia on, että jos jotain käy, pitää pystyä reagoimaan. Jos jalkapallo-ottelun screenille aletaan syöttää viestejä, on tiedettävä, miten homma keskeytetään.
– On tiedettävä, mistä niin sanotusti töpseli otetaan irti, jos hallintalaitteet on kaapattu.
Marttinen ei pidä tapahtumiin kohdistuvaa hybridiuhkaa kovin todennäköisenä, muttei myöskään mahdottomana. Hänen mukaansa suomalaiset tapahtumat ovat kuitenkin turvallisia.
– Ja jos joku vaikka kaappaa näyttötaulun, ovat suomalaiset valveutuneita ja ymmärtävät, mistä on kysymys. Se ei aiheuta muuta turvallisuusuhkaa.
Tomi Engdahl says:
Jessikka Aro oli vuosia Venäjän infosodan kohteena, mutta selvisi – nyt hän neuvoo, miten itseään voi suojata harmaan ajan vaaroilta
https://yle.fi/uutiset/3-12441012
Suomen Nato-jäsenyyteen liittyvä harmaa aika voi olla osalle raskas koettelemus. Kysyimme kolmelta oman alansa asiantuntijalta, miten resilienssiään eli henkistä sietokykyään kannattaa uudessa tilanteessa suojata.
– On tuntunut voimattomalta. On ahdistanut ja pelottanut. On tuntunut, että tämä ei lopu koskaan. Tai jos loppuu, loppu on ikävän näköinen minulle.
Näin kokemuksiaan kuvailee toimittaja ja tietokirjailija Jessikka Aro. Hän tietää, millaista on olla Venäjän ja sen propagandan levittäjien vaikutusyritysten kohteena.
Noista kokemuksista voi ottaa nyt laajemminkin opiksi.
Ylelle työskentelevä Aro alkoi tutkia Venäjän harjoittamaa informaatiovaikuttamista, niin sanottua trolliarmeijaa, noin kahdeksan vuotta sitten, vuonna 2014.
Aro kertoo, että Venäjän mediassa hänen väitettiin olevan “Suomen pahin vainoaja” ja työskentelevän yhteistyössä Yhdysvaltojen, puolustusliitto Naton sekä Baltian maiden tiedustelupalvelujen kanssa.
Suomalaisilla valeuutissivustoilla häntä maalitettiin jatkuvasti, mikä aiheutti vihaviestien ja uhkausten tulvan.
Muunkinlaisia seurauksia oli. Jopa jotkut Aron entisistä ystävistä alkoivat uskoa artikkeleita.
Hän kuvaa kokemaansa tyypilliseksi Venäjän informaatiosodankäynnin muodoksi.
– Levitetään salaliittoteorioita yhdestä henkilöstä tarpeeksi monta kertaa, ja siten pyritään lakkauttamaan tämän henkilön työ. Minun tapauksessani Venäjän trolleista uutisointi.
Aro ei lopulta antanut periksi pelottelulle. Eikä muidenkaan suomalaisten kannata antaa, mikäli Venäjän ennakoitua ilkeilyä kohtaa arjessaan, hän sanoo.
Sillä juuri se on vaikutusyritysten tavoite. Pelon ja ahdistuksen luominen.
Aikaa on luonnehdittu muun muassa turvallisuuden kannalta epävarmaksi ja Venäjän on arvioitu voivan kohdistaa Suomeen erilaisia hybridi-iskuja.
Laajamittaiseen huoleen ei kuitenkaan ole syytä, sanoo hybridiuhkiin erikoistuneen Hybridikeskuksen johtaja Teija Tiilikainen. Vaikutusyritykset ovat suomalaisille ennestään tuttu ilmiö, ja se itsessään antaa suojaa.
– Ei pidä ajatella, että nyt alkaa joku uusi kausi ja nähdään ihmeellisiä asioita, Tiilikainen toteaa.
– Olemme nähneet viime vuosina erilaisia hybridiuhkaoperaatioita. Monenlaista epätavanomaista vaikuttamista toisen valtion politiikkaan, kansalaisyhteiskuntaan, poliittiseen keskusteluun, kansalaisten luottamukseen valtaapitäviä kohtaan.
Vaikutusyrityksiä ovat pelkästään sellaisetkin puheet, että jos Suomi liittyy Natoon, siitä seuraa vasta-askelia (siirryt toiseen palveluun).
Vaikka ilmiö olisikin tuttu, voi epävarmuudessa eläminen koetella ainakin osan resilienssiä (siirryt toiseen palveluun) eli eräänlaista henkistä sietokykyä.
Sitäkin voi kuitenkin suojata.
Tärkein neuvo: tiedosta tilanne
Parasta varautumista harmaassa ajassa on Teija Tiilikaisen mukaan tilannetietoisuus. Se tarkoittaa, että ymmärtää, että vaikutusyrityksiä voi olla nähtävissä kiihtyvissä määrin, ja tiedostaa, minne juuret johtavat.
– Jos alkaa tulla jotain aivan kummallista informaatiota Suomea ja suomalaisia olosuhteita koskien, kannattaa miettiä kaksi kertaa ennen kuin siihen uskoo.
Tiilikainen kehottaa varautumaan myös erilaisiin arjen katkoksiin ja häiriötiloihin, mutta ennen kaikkea hän kiinnittäisi huomiota juuri informaatioympäristöön ja sen manipulointiin.
– Tämä on herkkä ja varsin käyttökelpoinen väline toisen valtion sisäisten olosuhteiden horjuttamiseksi. Kannattaa aina muistaa tilannetietoisuus, lähdekriittisyys ja outojen tietojen alkuperän ja totuusarvon tarkistaminen.
Tilanteen tiedostaminen auttoi myös vaikutusyritysten kohteeksi henkilökohtaisesti joutunutta Jessikka Aroa.
– Ymmärsin, että pelon ja ahdistuksen aiheuttaminen on informaatiosodankäynnin arkkitehtien nimenomainen tarkoitus. He haluaisivat ikään kuin kauko-ohjata minua ja saada minut perääntymään omasta ammatistani. Aiheuttaa näitä kielteisiä tunteita.
Elämme historiallista aikaa – ja se on raskasta
Osalle uusi yhteiskunnallinen tilanne voi olla raskas koettelemus, vaikka vaikutusyrityksiin osaisikin varautua.
Tätä mieltä on tutkimusprofessori Anna-Maria Teperi Työterveyslaitokselta. Hänen tutkimusaluettaan ovat inhimilliset tekijät turvallisuudessa, mukaan lukien resilienssi.
Takana on kaksi poikkeuksellista koronavuotta. Nykytilanne tulee tuon päälle, Teperi summaa.
– Tässä tapahtuu valtavia liikkeitä. Elämme historiallista aikaa, ja se on mielenkiintoista mutta samalla myös raskasta. Näistä vuosista tullaan kirjoittamaan historiankirjoissa. Olemme todella erikoisessa ajassa, ja kaikenlainen voimavarojen, toimivien puolien ja ratkaisujen etsiminen on tärkeää, jotta jaksamme tämän läpi.
Epävarmuuden keskellä tutkimusprofessori kannustaa huolehtimaan hyvinvoinnin peruspilareista: levosta, ravinnosta ja liikunnasta sekä palautumisesta.
Resilienssiä vahvistaa myös se, että kertoo ajatuksistaan ja mahdollisesti huolistaan muille.
Tomi Engdahl says:
Venäläiset ladanneet miljoonia VPN-yhteyksiä USA:n tukemilla palveluilla halutaan tehdä reikäjuustoa Kremlin informaatiokuplasta, sanoo tutkija https://yle.fi/uutiset/3-12496714?origin=rss
Yhdysvaltain hallinto on lisännyt tuntuvasti rahoitustaan ainakin kolmelle amerikkalaiselle teknologiayhtiölle, jotka auttavat venäläisiä kiertämään maansa verkkosensuuria VPN-palvelujen avulla.
Asiasta kertoo uutistoimisto Reuters(siirryt toiseen palveluun).
VPN-palvelujen kysyntä on kasvanut Venäjällä räjähdysmäisesti sen jälkeen, kun maa hyökkäsi Ukrainaan helmikuun lopussa. Arvioiden mukaan Venäjällä on ladattu hyökkäyksen jälkeen kuusi miljoonaa VPN-palvelua. Alkup.
https://www.reuters.com/world/exclusive-us-targets-russia-with-tech-evade-censorship-ukraine-news-2022-06-15/
Tomi Engdahl says:
Elon Muskin Starlinkistä tuli Ukrainan käsissä mahtava ase “Avainteknologioita sodan voittamisessa”
https://www.is.fi/digitoday/art-2000008887300.html
SpaceX-yhtiön Starlink-satelliittiyhteydet ovat osoittautuneet erittäin tärkeäksi sodan runtelemalle Ukrainalle. Teknologian kanssa työskentelevä Valeri Jakovenko kertoo, miten Ukraina hyödyntää sitä.
Tomi Engdahl says:
Ei räjähdys vaan poksahdus – venäläinen propaganda antaa ikäville asioille uudet nimet, tällaisia ne ovat
Kielitieteilijän mukaan mikään yhteiskunta ei ole immuuni kielen tahalliselle vääristelylle. Vladimir Putinin Venäjällä kielenkäyttöä määrittelee pyrkimys palata neuvostoajan käsitteisiin.
https://yle.fi/uutiset/3-12497964
Tomi Engdahl says:
https://www.tekniikkatalous.fi/uutiset/alasammuttu-venalaispilotti-minulla-oli-ohjaamossa-garminin-gps-ja-alypuhelimessa-ilmailuharrastajien-applikaatio/c6fafeca-c827-45ef-8a22-18e96a33125f?ref=facebook%3A559a
Tomi Engdahl says:
Windows 10 ja Windows 11 katosivat Venäjällä https://www.is.fi/digitoday/art-2000008898532.html
WINDOWS 10 ja viime lokakuussa julkaistu Windows 11 -käyttöjärjestelmä eivät ole enää ladattavissa Venäjällä, uutistoimisto Tass kertoi.
Tilannetta kartoittaa Bleeping Computer -uutispalvelu. Viikonloppuna ilmennyt ongelma tarkoittaa, että yritykset ladata käyttöjärjestelmien asennustyökaluja tai näköistiedostoja (ISO) päättyvät virheilmoitukseen. Kuitenkin jos ihmiset käyttävät vpn-palvelua väärentääkseen sijaintinsa Venäjän ulkopuolelle, Windowsit voi ladata normaalisti. Ei ole selvää, onko kyseessä virhe vai Microsoftin tahallinen päätös. Yhtiö on rajoittanut liiketoimintaansa laajasti Venäjällä maan hyökättyä Ukrainaan helmikuussa, mutta on sanonut jatkavansa olemassa olevia sopimuksiaan venäläisten asiakkaidensa kanssa. Alkup.
https://www.bleepingcomputer.com/news/microsoft/windows-10-and-windows-11-downloads-blocked-in-russia/
Tomi Engdahl says:
Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government. The group is known to have targeted US politicians, and US organizations, including US nuclear facilities. On June 20, 2022, Malwarebytes Threat Intelligence identified a document that had been weaponized with the Follina (CVE-2022-30190) exploit to download and execute a new.Net stealer first reported by Google. The discovery was also made independently by CERT-UA. The maldoc’s filename, Nuclear Terrorism A Very Real Threat.rtf, attempts to get victims to open it by preying on their fears that the invasion of Ukraine will escalate into a nuclear conflict.
Tomi Engdahl says:
Microsoft: Russia stepped up cyberattacks against Ukraine’s allies https://www.bleepingcomputer.com/news/securithttps://thehackernews.com/2022/06/newly-discovered-magecart.htmly/microsoft-russia-stepped-up-cyberattacks-against-ukraine-s-allies/
Microsoft said today that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after Russia’s invasion. “MSTIC has detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine, ” said Microsoft’s President and Vice-Chair Brad Smith. “These represent a range of strategic espionage targets likely to be involved in direct or indirect support of Ukraine’s defense, 49 percent of which have been government agencies.”. The vast majority of these attacks are, as expected, primarily focused on obtaining sensitive information from government agencies in countries currently playing crucial roles in NATO’s and the West’s response to Russia’s war.
Tomi Engdahl says:
Zach Schonfeld / The Hill:
Microsoft report details Russian cyberattacks across 42 countries beyond Ukraine since the war began, with a 29% success rate and mainly targeting NATO allies — Russia has levied dozens of cyber espionage campaigns in 42 countries since it invaded Ukraine in February, according to a new Microsoft report.
Russia launched cyber espionage campaigns against Ukraine allies: Microsoft
https://thehill.com/policy/cybersecurity/3532928-russia-launched-cyber-espionage-campaigns-against-ukraine-allies-microsoft/
Russia has levied dozens of cyber espionage campaigns in 42 countries since it invaded Ukraine in February, according to a new Microsoft report.
The report says those efforts have targeted entities across six continents and primarily focused on NATO allies and groups supporting Ukraine.
“The Russian invasion relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine and cyber influence operations targeting people around the world,” Microsoft President Brad Smith said in the report. The tech giant previously detailed Russian cyber operations against Ukraine itself during the invasion in April.
Sixty-three percent of the observed Russian activity in the 42 countries beyond Ukraine targeted NATO members, according to the new report. The United States has been Russia’s top target, but the company also noted a large amount of activity in Poland — which borders Ukraine and has provided significant military and humanitarian assistance to the country — as well as the Baltic states.
Microsoft also highlighted an increase in targeting against networks in countries such as Finland and Sweden, which have recently applied for NATO membership, and Turkey, which has raised opposition to those bids.
Nearly half of the observed activity targeted governments, and another 12 percent focused on nongovernmental organization advising Ukraine on foreign policy or those providing humanitarian aid.
Defending Ukraine: Early Lessons from the Cyber War
https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
The recorded history of every war typically includes an account of the first shots fired and who witnessed them. Each account provides a glimpse not just into the start of a war, but the nature of the era in which people lived.
Historians who discuss the first shots in America’s Civil War in 1861 typically describe guns, cannons, and sailing ships around a fort near Charleston, South Carolina.
Events spiraled toward the launch of World War I in 1914 when terrorists in plain view on a city street in Sarajevo used grenades and a pistol to assassinate the archduke of the Austrian-Hungarian Empire.
It would take until the Nuremberg war trials to fully understand what happened near the Polish border 25 years later. In 1939, Nazi SS troops dressed in Polish uniforms and staged an attack against a German radio station. Adolf Hitler cited such attacks to justify a blitzkrieg invasion that combined tanks, planes, and troops to overrun Polish cities and civilians.
Each of these incidents also provides an account of the technology of the time — technology that would play a role in the war that ensued and the lives of the people who lived through it.
The war in Ukraine follows this pattern. The Russian military poured across the Ukrainian border on February 24, 2022, with a combination of troops, tanks, aircraft, and cruise missiles. But the first shots were in fact fired hours before when the calendar still said February 23. They involved a cyberweapon called “Foxblade” that was launched against computers in Ukraine. Reflecting the technology of our time, those among the first to observe the attack were half a world away, working in the United States in Redmond, Washington.
As much as anything, this captures the importance of stepping back and taking stock of the first several months of the war in Ukraine, which has been devastating for the country in terms of destruction and loss of life, including innocent civilians.
While no one can predict how long this war will last, it’s already apparent that it reflects a trend witnessed in other major conflicts over the past two centuries. Countries wage wars using the latest technology, and the wars themselves accelerate technological change. It’s therefore important to continually assess the impact of the war on the development and use of technology.
The Russian invasion relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world. This report provides an update and analysis on each of these areas and the coordination among them. It also offers ideas about how to better counter these threats in this war and beyond, with new opportunities for governments and the private sector to work better together.
This report offers five conclusions that come from the war’s first four months:
First, defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries. Russia not surprisingly targeted Ukraine’s governmental data center in an early cruise missile attack, and other “on premise” servers similarly were vulnerable to attacks by conventional weapons. Russia also targeted its destructive “wiper” attacks at on-premises computer networks. But Ukraine’s government has successfully sustained its civil and military operations by acting quickly to disburse its digital infrastructure into the public cloud, where it has been hosted in data centers across Europe.
This has involved urgent and extraordinary steps from across the tech sector, including by Microsoft. While the tech sector’s work has been vital, it’s also important to think about the longer-lasting lessons that come from these efforts.
Second, recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks. Because cyber activities are invisible to the naked eye, they are more difficult for journalists and even many military analysts to track. Microsoft has seen the Russian military launch multiple waves of destructive cyberattacks against 48 distinct Ukrainian agencies and enterprises. These have sought to penetrate network domains by initially comprising hundreds of computers and then spreading malware designed to destroy the software and data on thousands of others.
Russian cyber tactics in the war have differed from those deployed in the NotPetya attack against Ukraine in 2017. That attack used “wormable” destructive malware that could jump from one computer domain to another and hence cross borders into other countries. Russia has been careful in 2022 to confine destructive “wiper software” to specific network domains inside Ukraine itself. But the recent and ongoing destructive attacks themselves have been sophisticated and more widespread than many reports recognize. And the Russian army is continuing to adapt these destructive attacks to changing war needs, including by coupling cyberattacks with the use of conventional weapons.
Third, as a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine. At Microsoft we’ve detected Russian network intrusion efforts on 128 organizations in 42 countries outside Ukraine. While the United States has been Russia’s number one target, this activity has also prioritized Poland, where much of the logistical delivery of military and humanitarian assistance is being coordinated. Russian activities have also targeted Baltic countries, and during the past two months there has been an increase in similar activity targeting computer networks in Denmark, Norway, Finland, Sweden, and Turkey. We have also seen an increase in similar activity targeting the foreign ministries of other NATO countries.
Russian targeting has prioritized governments, especially among NATO members. But the list of targets has also included think tanks, humanitarian organizations, IT companies, and energy and other critical infrastructure suppliers. Since the start of the war, the Russian targeting we’ve identified has been successful 29 percent of the time. A quarter of these successful intrusions has led to confirmed exfiltration of an organization’s data, although as explained in the report, this likely understates the degree of Russian success.
Fourth, in coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts. These combine tactics developed by the KGB over several decades with new digital technologies and the internet to give foreign influence operations a broader geographic reach, higher volume, more precise targeting, and greater speed and agility. Unfortunately, with sufficient planning and sophistication, these cyber-influence operations are well positioned to take advantage of the longstanding openness of democratic societies and the public polarization that is characteristic of current times.
As the war in Ukraine has progressed, Russian agencies are focusing their cyber-influence operations on four distinct audiences. They are targeting the Russian population with the goal of sustaining support for the war effort. They are targeting the Ukrainian population with the goal of undermining confidence in the country’s willingness and ability to withstand Russian attacks. They are targeting American and European populations with the goal of undermining Western unity and deflecting criticism of Russian military war crimes. And they are starting to target populations in nonaligned countries, potentially in part to sustain their support at the United Nations and in other venues.
Russian cyber-influence operations are building on and are connected to tactics developed for other cyber activities. Like the APT teams that work within Russian intelligence services, Advance Persistent Manipulator (APM) teams associated with Russian government agencies act through social media and digital platforms.
Finally, the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations. As the war in Ukraine illustrates, while there are differences among these threats, the Russian Government does not pursue them as separate efforts and we should not put them in separate analytical silos. In addition, defensive strategies must consider the coordination of these cyber operations with kinetic military operations, as witnessed in Ukraine.
New advances to thwart these cyber threats are needed, and they will depend on four common tenets and — at least at a high level — a common strategy. The first defensive tenet should recognize that Russian cyber threats are being advanced by a common set of actors inside and outside the Russian Government and rely on similar digital tactics. As a result, advances in digital technology, AI, and data will be needed to counter them. Reflecting this, a second tenet should recognize that unlike the traditional threats of the past, cyber responses must rely on greater public and private collaboration. A third tenet should embrace the need for close and common multilateral collaboration among governments to protect open and democratic societies. And a fourth and final defensive tenet should uphold free expression and avoid censorship in democratic societies, even as new steps are needed to address the full range of cyber threats that include cyber influence operations.
An effective response must build on these tenets with four strategic pillars. These should increase collective capabilities to better (1) detect, (2) defend against, (3) disrupt, and (4) deter foreign cyber threats. This approach is already reflected in many collective efforts to address destructive cyberattacks and cyber-based espionage. They also apply to the critical and ongoing work needed to address ransomware attacks. We now need a similar and comprehensive approach with new capabilities and defenses to combat Russian cyber influence operations.
Tomi Engdahl says:
David Ignatius / Washington Post:
How a quiet partnership between Microsoft, Google, US and NATO intelligence agencies, and Ukrainian hackers helped foil Russia’s internet hacking operations
How Russia’s vaunted cyber capabilities were frustrated in Ukraine
https://www.washingtonpost.com/opinions/2022/06/21/russia-ukraine-cyberwar-intelligence-agencies-tech-companies/
A quiet partnership of the world’s biggest technology companies, U.S. and NATO intelligence agencies, and Ukraine’s own nimble army of hackers has pulled off one of the surprises of the war with Russia, largely foiling the Kremlin’s brazen internet hacking operations.
Russia’s cyber-reversals haven’t resulted from lack of trying. Microsoft counts nearly 40 Russian destructive attacks between Feb. 23 and April 8, and Rob Joyce, the National Security Agency’s cybersecurity director, said the Russians had attempted an “enormous” cyber offensive. The Russians sabotaged a satellite communications network called Viasat in the opening days of the war, for example, with the damage spilling over into other European countries.
But Ukraine, working with private tech companies, Western intelligence and its own expert software engineers, has quickly fixed most of the damage. “The Ukrainians have gotten really good at repairing networks,” says Dmitri Alperovitch, a Russian-born cybersecurity expert who co-founded CrowdStrike. “When a network gets wiped, they rebuild it in several hours.”
The close partnerships that have emerged between U.S. technology companies and Western cybersecurity agencies is one of the unheralded stories of the war. The public-private rift in the tech world that followed Edward Snowden’s revelations in 2013 appears largely to be over — because of the backlash against Russia’s attacks on the 2016 and 2020 U.S. presidential elections and, now, its unprovoked invasion of Ukraine.
“Cyber responses must rely on greater public and private collaboration,”
A White House cyber official explains the new cooperative approach this way: “Where companies see destructive attacks, that has driven partnerships with the intelligence community and other government agencies to see how best we can share information to protect infrastructure around the world.”
The tech world’s sympathies lie with the underdog, Ukraine. That applies to giant firms such as Microsoft and Google. It even extends to a Ukrainian hacker inside the Russian ransomware gang known as “Conti,” who leaked a “massive” amount of source code and other malware information, according to the White House official.
Ukraine’s cybersecurity defense benefited from an early start. U.S. Cyber Command experts went to Ukraine months before the war started, according to its commander, Gen. Paul Nakasone. Microsoft and Google became involved even earlier.
Microsoft began monitoring Russian phishing attacks against Ukrainian military networks in early 2021, and through the rest of last year observed increasingly aggressive hacks by six different attackers linked to Russia’s three intelligence services, the GRU, SVR and FSB, according to a Microsoft report released in April. Microsoft has spent a total of $239 million on financial and technical assistance to Ukraine, a company official said.
“Microsoft security teams have worked closely with Ukrainian government officials … to identify and remediate threat activity against Ukrainian networks,” the April report noted, adding: “We have kept the U.S. government advised of relevant information and have established communications with NATO and E.U. cyber officials to communicate any evidence of threat actor activity spreading beyond Ukraine.”
An example of this cooperation came the night before Russia’s Feb. 24 invasion, according to the White House cyber official. Microsoft detected a Russian “wiper” software designed to destroy all data on government disks. It quickly developed a patch and also notified the U.S. government, so that the threat warning could be shared as quickly as possible, the official said.
Google, a part of Alphabet, has also helped Ukraine fend off threats. Back in 2014, prompted by Russia’s use of DDOS (“distributed denial-of-service”) malware in its seizure of Crimea and eastern Ukraine, Google began what it called “Project Shield.” Software protected news sites, human rights groups and election sites against crippling DDOS floods of junk internet messages. Today, Project Shield is used by 200 sites in Ukraine and 2,300 others in 140 countries around the world, according to Jared Cohen, the chief executive of Google’s Jigsaw unit.
Open communications channels are one of the most effective weapons against closed societies such as Russia, and here, again, private companies are playing a key role. Google is sharing software known as “Outline,” which allows Russians and others to create private cloud servers that provide the equivalent of virtual private networks. Elon Musk’s SpaceX has provided satellite internet connections to Ukraine via its “Starlink” network.
Ukraine’s own internet expertise might be the X-factor. The country was a notorious center for hackers two decades ago, with some of the early credit-card fraudsters (known as “carders”) operating there. That digital savvy has morphed into a powerful part of Ukraine’s defense against Russia. Ukraine also benefits, perversely, from the experience it has gained in eight years of war against Russia and its proxies.
Here’s a paradoxical benefit of this terrible war: Given Russia’s dependence on Western technology, even for its cyberattacks, Ukraine could backfire on the Kremlin in ways that persist for years. The longer the conflict lasts, the less effective Russia’s vaunted cyber capability will likely become.
Tomi Engdahl says:
Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies
https://www.securityweek.com/microsoft-russian-cyber-spying-targets-42-ukraine-allies
Tomi Engdahl says:
Microsoft: Myös Suomi joutunut Venäjän kyberhyökkäysten kohteeksi
Teknologiayhtiön tietojen mukaan hyökkäykset eivät ole kohdistuneet pelkästään Ukrainaan.
Lukuisat hakkerointiyritykset ovat epäonnistuneet, sillä vain 29 prosenttia on päässyt suojauksen läpi.
https://www.iltalehti.fi/digiuutiset/a/58cffbb6-8101-4afe-913b-120b58bcfd3f
Tomi Engdahl says:
”Kyberspetznaz” hyökkää Liettuaan – laajoja kostoiskuja verkossa https://www.is.fi/digitoday/tietoturva/art-2000008904089.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/windows-10-and-windows-11-downloads-blocked-in-russia/#.YrX_yw08R9w.facebook
Tomi Engdahl says:
https://techcrunch.com/2022/06/21/ukraine-sirens-gallery-nft-ai-war-art/
Tomi Engdahl says:
https://time.com/6171277/volodymyr-zelensky-interview-ukraine-war/
Tomi Engdahl says:
10 tapaa, joilla Putinin sota on muuttanut maailmaa jo nyt https://www.iltalehti.fi/ulkomaat/a/ce02b5d6-e4ca-4a7d-83cd-ae33170ef5c1
Tomi Engdahl says:
Defending Ukraine: Early Lessons from the Cyber War https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
The recorded history of every war typically includes an account of the first shots fired and who witnessed them. Each account provides a glimpse not just into the start of a war, but the nature of the era in which people lived.
Tomi Engdahl says:
”Kyberspetznaz” hyökkää Liettuaan – laajoja kostoiskuja verkossa
Kyberhyökkäyksen taustalla vaikuttavat Liettuan Kaliningradin rautatieliikenteelle asettamat rajoitukset. Todellinen tavoite saattaa olla psykologinen vaikuttaminen.
https://www.is.fi/digitoday/tietoturva/art-2000008904089.html
Lithuania warns of rise in DDoS attacks against government sites
https://www.bleepingcomputer.com/news/security/lithuania-warns-of-rise-in-ddos-attacks-against-government-sites/
NKSC fiksuoja iaugus paslaug trikdymo kibernetini atak skaii Lietuvoje https://www.nksc.lt/naujienos/nksc_fiksuoja_isaugusi_paslaugu_trikdymo_kiberneti.html
Nacionalinis kibernetinio saugumo centras prie Krato apsaugos ministerijos (NKSC) fiksuoja iaugus paskirstyt paslaug trikdymo kibernetini atak (angl. Distributed Denial of Service, DDoS) skaii.
Lisäksi:
https://www.bleepingcomputer.com/news/security/lithuania-warns-of-rise-in-ddos-attacks-against-government-sites/.
Lisäksi: https://www.is.fi/digitoday/tietoturva/art-2000008904089.html
Tomi Engdahl says:
Kommentti: Texasilaisessa kaasulaitoksessa räjähti ja nyt asiat menevät juuri kuten Putin haluaa https://www.is.fi/digitoday/tietoturva/art-2000008908945.html
Kun onnettomuuksia tapahtuu, syytä haetaan helposti Venäjältä. Juuri tätä hybridivaikuttamisella haetaan, kirjoittaa Ilta-Sanomien digitoimittaja Henrik Kärkkäinen.
AMERIKKALAISESSA nestemäisen maakaasun eli lng:n tuotantolaitoksessa alkukuusta tapahtuneen räjähdyksen ympärillä on alkanut velloa epäilyksiä venäläisten hakkerien tekemästä iskusta. Kesäkuun 8. päivä Texasin Quintana Islandilla tapahtui tuotantoa rampauttava räjähdys laitoksessa, joka tuottaa noin viidenneksen Yhdysvaltain valmistamasta nestemäisestä kaasusta.
Vuoden loppuun asti kestävällä tuotantokatkolla uskotaan olevan vaikutuksia kaasun saatavuuteen myös Euroopassa, kirjoitti esimerkiksi The Guardian. Tämä johti kaasun hinnan pomppaamiseen.
Tuotantolaitoksen omistaja Freeport LNG:n alustavan selvityksen mukaan räjähdyksen syynä oli kaasuputkessa ollut ylipaine ja repeämä. Lausunto on suhteellisen ylimalkainen.
Explosion at US natural gas plant raises risk of shortages in Europe
Freeport LNG to shut down for at least three weeks after incident at Texas Gulf coast facility
https://www.theguardian.com/us-news/2022/jun/09/us-natural-gas-plant-explosion-freeport-lng-shortages-europe
Tomi Engdahl says:
Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas
June 26, 2022 By Pierluigi Paganini
https://securityaffairs.co/wordpress/132608/security/liquefied-natural-gas-plant-texas-explosion.html
Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8.
Tomi Engdahl says:
8 erilaista kyberiskua – näin Suomea vastaan voidaan hyökätä https://www.is.fi/digitoday/tietoturva/art-2000008819316.html
Tomi Engdahl says:
Russia’s Killnet hacker group says it attacked Lithuania https://www.reuters.com/technology/russias-killnet-hacker-group-says-it-attacked-lithuania-2022-06-27/
Russian hacker group Killnet claimed responsibility on Monday for a DDOS cyber attack on Lithuania, saying it was in response to Vilnius’s decision to block the transit of goods sanctioned by the European Union to the Russian exclave of Kaliningrad.
Tomi Engdahl says:
Kommentti: Tätäkö halusit, Vladimir Putin? Suomi kutsutaan tänään Natoon – ja se menee myös
https://www.is.fi/politiikka/art-2000008913676.html
Keskiviikko 29. kesäkuuta jää Suomen tasavallan historiallisten päivien joukkoon, kun Suomi ja Ruotsi kutsutaan Naton jäseneksi, kirjoittaa politiikan erikoistoimittaja Timo Haapala.
Tomi Engdahl says:
Venäläishakkerit ottivat nyt kohteekseen Norjan – tällainen on Killnet https://www.is.fi/digitoday/tietoturva/art-2000008916628.html
Tomi Engdahl says:
Venäläishakkerit ottivat nyt kohteekseen Norjan tällainen on Killnet https://www.is.fi/digitoday/tietoturva/art-2000008916628.html
Venäläinen hakkeriryhmä teki keskiviikkona laajan iskun Norjaan.
Palvelunestohyökkäys kaatoi maan pankkien tunnistautumispalvelu BankID:n sekä Arbeitstilsynetin eli työturvallisuusviraston verkkosivut. Hyökkäyksen kohteeksi joutuivat myös julkishallinnon palveluportaali Altinn, Norjan poliisi sekä norjalaiset lehdet VG, Aftenposten ja Stavanger Aftenblad. Tekijäksi ilmoittautui venäläinen hakkeriryhmä Killnet, joka on tiettävästi usean Ukrainan sotaan liittyvän kyberhyökkäyksen takana. Viestipalvelu Telegramissa ryhmä uhkaili Naton norjalaista pääsihteeriä Jens Stoltenbergiä.
Tomi Engdahl says:
Ukraine targeted by almost 800 cyberattacks since the war started https://www.bleepingcomputer.com/news/security/ukraine-targeted-by-almost-800-cyberattacks-since-the-war-started/
Ukrainian government and private sector organizations have been the target of 796 cyberattacks since the start of the war on February 24, 2022, when Russia invaded Ukraine. According to Ukraine’s cybersecurity defense and security agency SSSCIP (short for State Service of Special Communications and Information Protection), the country’s networks have been under a constant barrage of hacking attempts since the war started. The country’s government and local authorities, as well as its defense organizations, are the key sectors that have been targeted the most during the first months of the war, in a total of 281 attacks.
Tomi Engdahl says:
Osat vaihtuivat: USA:n ja EU:n piti pakotteilla musertaa Venäjä, nyt Putin panee vastustajia polvilleen kaasulla ja yhä enemmän vehnällä
https://www.maaseuduntulevaisuus.fi/uutiset/85f83945-f39c-4f6b-91fb-1beb9d2acb1a
EU:n juhannushuippukokousta suitsutettiin, koska se avasi EU-oven Venäjän moukaroimalle Ukrainalle. Symbolinen päätös on kuitenkin laiha lohtu. Sodan aiheuttamille nopeasti kärjistyville ongelmille unioni ei pystynyt tekemään mitään.
Tomi Engdahl says:
Entire industries in Germany could collapse due to Russian natural-gas supply cuts: union head
https://www.businessinsider.com/germany-faces-entire-industries-collapse-russia-natural-gas-supply-cuts-2022-7?utm_source=facebook.com&utm_campaign=sf-bi-main&utm_medium=social&r=US&IR=T
Entire industries in Germany could collapse due to natural-gas supply cuts from Russia, said Yasmin Fahimi, the country’s top union official.
“Entire industries are in danger of collapsing permanently because of the gas bottlenecks: aluminum, glass, the chemical industry,” Fahimi, the head of the German Federation of Trade Unions, told Bild am Sonntag. “Such a collapse would have massive consequences for the entire economy and jobs in Germany.”
Tomi Engdahl says:
Huoltovarmuuskeskuksen johtaja TE:ssä: Ensi talvena kuin energiakriisissä https://www.is.fi/taloussanomat/art-2000008926137.html
Tomi Engdahl says:
Preparing for the long haul: the cyber threat from Russia https://www.ncsc.gov.uk/blog-post/preparing-the-long-haul-the-cyber-threat-from-russia
Although the UK has not experienced severe cyber attacks in relation to Russia’s invasion of Ukraine, now is not the time for complacency.
In the five months since that guidance was published, we have seen significant cyber activity in Ukraine, with sustained intent from Russia to destroy or disrupt Ukrainian government and military systems. This has had effects beyond Ukraine’s borders; the UK government stated Russia was behind a cyber attack on a global communications company, on the eve of the invasion, which affected windfarms and internet users in central Europe.
Tomi Engdahl says:
Russia crashes West’s chip infrastructure by turning off Helium and Neon supplies
https://tfiglobalnews.com/2022/06/03/russia-crashes-wests-chip-infrastructure-by-turning-off-helium-and-neon-supplies/
With the West and Russia against each other, the Russia-Ukraine conflict is resulting in a new trade war every day. First, the Western world chose to impose an oil and gas embargo on Russia. Then, the West decided to stop supplying Russia with semi-conductors. Semi-conductors/chips are employed in the production of everything. They are found in all electrical gadgets, from defence systems to mobile phones. Everything requires extremely improved semiconductor devices, from the internet of things (IoT) to wireless communications (5G) to Artificial Intelligence (AI). In any case, Russia has now imposed restrictions on gas exports in retaliation (Helium, Neon, etc)
Tomi Engdahl says:
Putin’s Lies Have Kremlin TV Flailing and Fighting On-Air
https://www.thedailybeast.com/vladimir-putins-ukraine-lies-have-russian-state-tv-flailing-and-fighting-on-air?ref=author
While Russian troops slowly advance in Eastern Ukraine, questions loom as to how far President Vladimir Putin is planning to take his invasion of Ukraine. During a recent press conference, Putin claimed that nothing has changed and everything is going according to the plan: “I have formulated the overall goal, which is to liberate Donbas, protect its people and create conditions that will guarantee the security of Russia itself. That is all.” His deliberately vague responses implied that Russian attacks in other parts of Ukraine were meant “to distract” the Ukrainian leadership.
Some military experts are convinced that fierce Ukrainian resistance may be insurmountable, as long as it continues to be aided by the ongoing Western support. Appearing on the state TV show The Evening With Vladimir Solovyov last Friday, Andrey Gurulyov, State Duma deputy and a former deputy commander of Russia’s southern military district, stressed that the West will continue to supply Ukraine with every conceivable type of weapons, “up to a nuclear bomb—just not to let us win.” He proposed re-creating the Cuban Missile Crisis, but this time with hypersonic weapons, in order to reach an eventual détente with the United States: “Our hypersonic weapons… should be brought to the near vicinity of the United States, with a flight time of no more than five minutes.”
Gurulyov candidly admitted: “That is the only scenario for us to be able to denazify and demilitarize Ukraine. Only a direct threat to the U.S. and the UK… will force all of them to the negotiating table… all of this is part of a greater plan of conducting not only a special operation, but World War III, which is for us the second Great Patriotic War.”
Host Vladimir Solovyov opined: “Thanks to the idiocy of NATO countries, the world can anticipate hunger and a big war.”
Alexey Leonkov appeared on Solovyov’s show on July 4 proposing that Russia should declare the U.S. and its allies “state sponsors of terrorism” for helping Ukraine deter Russian aggression. The host enthusiastically agreed and threatened that Russia would start shooting down American satellites, which would lead to a direct confrontation with the United States. Solovyov added, “I don’t know why we haven’t already declared them to be terrorists.”
Tomi Engdahl says:
Ilmankos uho pahenee: https://www.suomenmaa.fi/uutiset/medvedev-viittaa-ydinsodan-mahdollisuuteen-jos-sotarikostuomioistuin-ryhtyy-rankaisemaan-venajaa/
Tomi Engdahl says:
Raivostunut Medvedev varoitti ”uhasta ihmiskunnan olemassaololle” https://www.is.fi/ulkomaat/art-2000008743320.html
Tomi Engdahl says:
Is an Infrastructure War on the Horizon?
https://www.securityweek.com/infrastructure-war-horizon
On February 24, Russia launched its full-scale assault on Ukraine. The invader’s weapons included tanks, heavy artillery… and software. On April 8, attackers armed with Industroyer2, a species of malware designed to incapacitate power stations and plunge whole cities into darkness, managed to briefly penetrate Ukrainian defenses, putting two million homes at risk. The attack was successfully repelled, but it communicated a chilling message to the world: The era of cyberwarfare has begun.
As newscaster Ted Koppel detailed in his 2016 best-seller, Lights Out, America’s infrastructure is all too vulnerable. Since then, things have only gotten worse. According to a recent IBM report, the manufacturing sector is now the number one target for ransomware, accounting for 23 percent of all attacks. The top vectors for these attacks were vulnerabilities that organizations hadn’t or couldn’t patch (47%) and, no surprise, phishing (43%).
The typical targets of attack within a manufacturing organization are the Industrial Control Systems (ICS), which control the operation of everything from turbines and values to robotic welding stations. Because an ICS manages physical machinery, successful exploits by bad actors can have extremely serious consequences, including enormous economic damage and even loss of human life. And because the same types of systems manage municipal water supplies and regional power generation, the potential for a real catastrophe exists. The problem of defending critical infrastructure has both technical and governmental aspects.
The Technical Perspective: Defend the Perimeters
On the technical side, the rapid growth of IoT technology, for all its promise, has clearly increased the possibilities of successful exploits. The leading ICS systems at the turn of the century were SCADA systems (Supervisory Control and Data Acquisition), which combined hardware and software to automate industrial processes. Importantly, SCADA systems were not connected to the internet. In fact, they were often “air-gapped,” with no connection to the outside world whatsoever.
IoT technology became a factor in the manufacturing sector around 2010 and has quickly gained serious traction. Its total world market was roughly $389 billion in 2020 and is forecast to reach $1 trillion by 2030. IoT applications are often implemented on top of existing SCADA systems but may slowly replace them over time. The adoption of IoT technology used to connect SCADA systems to the internet either directly or indirectly dramatically increases the risk of a successful exploit.
It has become extremely important for manufacturers, utilities and other infrastructure targets to make sure that their core systems such as ERP are appropriately updated. Intrusion and prevention systems should be in place to detect and respond to anomalies so that the damage that intrusions cause is minimized.
The second technical takeaway here is that perimeter defense is more important than ever. Since phishing continues to be a top attack vector, organizations need to focus on preventing malicious URLs from reaching the network, even when employees make the mistake of clicking on an unknown link – which they do. Fortunately, endpoint technology is now available that can evaluate mouse click events and block malicious URLs before malware ever reaches the network, at which point it’s often too late.
The Government’s Role: Partnering for Protection
Tomi Engdahl says:
Chinese hackers targeting Russian government, telecoms: report https://therecord.media/chinese-hackers-targeting-russian-government-telecoms-report/
Chinese hacking groups are targeting the Russian government and organizations in the telecommunications industry, according to a new report from cybersecurity company SentinelOne. The report found that there has been a noticeable increase in Russian targeting by suspected Chinese threat actors. Tom Hegel, senior threat researcher at SentinelOne, attributed the targeting to state-sponsored espionage groups deploying a decade-old Remote Access Trojan (RAT) called Bisonal. The RAT has long been associated with Chinese hackers who have previously been seen targeting organizations in Russia, Japan, South Korea and others. In the latest campaign, SentinelOne found Microsoft Office documents and phishing emails spoofing RU-CERT the country’s cybersecurity incident response center as well as Russian government bodies regulating the telecoms industry. The report:
https://www.sentinelone.com/labs/targets-of-interest-russian-organizations-increasingly-under-attack-by-chinese-apts/
Tomi Engdahl says:
Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine https://securityintelligence.com/posts/trickbot-group-systematically-attacking-ukraine/
Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion an unprecedented shift as the group had not previously targeted Ukraine. Between mid-April and mid-June of 2022 the Trickbot group, tracked by X-Force as ITG23 and also known as Wizard Spider, DEV-0193, and the Conti group, has conducted at least six campaigns two of which have been discovered by X-Force against Ukraine, during which they deployed IcedID, CobaltStrike, AnchorMail, and Meterpreter. Prior to the Russian invasion, ITG23 had not been known to target Ukraine, and much of the group’s malware was even configured to not execute on systems if the Ukrainian language was detected.
Tomi Engdahl says:
Voices: Russia is about to play its most dangerous cards – and the west is not ready
https://sg.news.yahoo.com/voices-russia-play-most-dangerous-100441130.html?guccounter=1&guce_referrer=aHR0cDovL20uZmFjZWJvb2suY29tLw&guce_referrer_sig=AQAAAFG7_LxTqHj-NuyF_lIJwNTGkUuIsYCmE5nWWzx1JU8J7cBClGryYWmFw4ir17WLnP2ThwNMHvRRokjAEjc55uJV0Ah1n8-OEX6kmYiBI63U2BC8DQisb6eLMJxiP_68BV1n1K4BGAMmGqhFQv1Jnk1eY7BGfxdoU5KjDTE4XyXk
A few weeks ago, the US bank JP Morgan offered an apocalyptic warning that barely made a ripple outside the financial press. It said that if Russia completely halted oil exports, the shock to the world economy could be so large it would instantly quadruple the price of oil to nearly $400 a barrel. Right now, it’s hovering at around $100 a barrel.
But there’s more. This week, Russia also turned off most of its natural gas supplies to Europe, via the Nordstream 1 pipeline as part of planned routine maintenance. It is supposed to be just for a short period, but the German government is seriously worried that Russia could turn off the tap completely. Putin has already begun to cut gas shipments to Europe over the last few months, driving prices continuously higher. It’s not difficult to see how this could play out and why the impact would be catastrophic.
Russia has earned billions of dollars in extra oil and gas payments – thanks to higher prices – since it invaded Ukraine. The prices of oil and gas are set internationally, and in that market Russia is a dominant player. Since world supplies are already stretched to their limits, a ban from Russia would instantly drive up prices to what JP Morgan called “stratospheric” levels.
While the United States has plentiful supplies for itself, Europe is still deeply dependent on Russia. German and Italian industry in particular would be crippled by higher energy costs and thousands of companies would simply go bust. Millions of people would become jobless and their energy bills would skyrocket to unsustainable levels. Millions would be unable to afford to cook food or drive cars.
By abruptly shutting off supplies, Putin would deliver a colossal shock to our oil and gas-dependent economies. Stockmarkets would plunge and thousands of companies would go bankrupt from being unable to afford energy supplies. Millions of people would lose their jobs and the West would instantly lose the political will to send money to Ukraine. Putin would win.
But it doesn’t have to be this way. Here’s what we could have done – and still can do. Western governments could issue emergency decrees to develop solar and wind supplies at industrial scale. They could clear the way for new solar and wind farms to be deployed quickly, especially on land. Clean energy farms can be built quickly and cheaply – the longest time is spent on getting permissions and clearance.
Tomi Engdahl says:
https://euranetplus-inside.eu/theres-security-in-solidarity/
Tomi Engdahl says:
Venäjä käytti Ukrainan tukijoita hyväkseen kybersodassa – itänaapuriin iskevä sovellus olikin Kreml-hakkereiden käsialaa
Samuli Leppälä20.7.202220:30HAITTAOHJELMATUKRAINAN KRIISIKAASU
On käynyt ilmi, että Venäjä on yrittänyt varsin ovelaa keinoa haittaohjelman levittämiseksi Ukrainan sodan keskellä.
https://www.tekniikkatalous.fi/uutiset/venaja-kaytti-ukrainan-tukijoita-hyvakseen-kybersodassa-itanaapuriin-iskeva-sovellus-olikin-kreml-hakkereiden-kasialaa/75ea2a3c-f4a2-43f2-879e-bd41ac3c17fb
Tomi Engdahl says:
Sotatieteiden tohtorilta kylmä Venäjä-arvio: ”Viimeisetkin sinisilmäisyyden rippeet ovat toivottavasti karisseet”
https://www.uusisuomi.fi/uutiset/us/52ecdff9-031e-469f-9559-7b88c8401a65?ref=ampparit:3700
Jarno Limnéll ei anna hyvää arvosanaa länsimaiden toiminnalle: ”Historia toistaa itseään. Tarvittava poliittinen päättäväisyys puuttuu, ja muun muassa Venäjän ydinasepelote näyttää käytännössä toimivan. Hintana on valtava inhimillinen kärsimys.”
Sotatieteiden tohtori, kyberturvallisuuden työelämäprofessori Jarno Limnéll arvioi Puheenvuoron blogissaan suorin sanoin sitä, mitä Venäjältä on seuraavaksi odotettavissa.
”Kun Venäjä on epäonnistunut tavoitteissaan Ukrainassa, on sen keksittävä uusia keinoja olla pelätty”, hän kirjoittaa.
Limnéll ennakoi, että Venäjä pyrkii nyt todennäköisesti tuhoamaan Ukrainaa ja toteuttamaan ukrainalaisiin kohdistuvia julmuuksia yhä voimakkaammin. Lisäksi hän odottaa lisää uhkailuja vastatoimista lännen suuntaan. Limnéll arvioi, että Venäjä todennäköisesti hakee myös uusia liittolaisia idästä ja etelästä.
Kohta puoli vuotta tuhoamissotaa Ukrainassa – mitä pitää oppia?
https://puheenvuoro.uusisuomi.fi/jarno-limnell/puoli-vuotta-tuhoamissotaa-ukrainassa-mita-pitaa-oppia/?_ga=2.52775208.1882171928.1658690974-1657589788.1658146498
Venäjän laajamittaista brutaalia hyökkäyssotaa Ukrainassa on tänään koettu viisi kuukautta, unohtamatta 2014 Krimiltä alkanutta uutta aikakautta. Pitkä sota on vielä edessä. Moni asia on peruuttamattomasti muuttunut – ja muuttuu. Muutamia huomioita ja pohdintoja sodasta Ukrainassa tähän hetkeen.
1. Sota. Sota ei ole hävinnyt mihinkään, vaan on todellisuutta. Myös fyysinen tuhoamissota. Sota on jatkossakin osa valtioiden politiikan keinovalikoimaa. Jopa suurvaltojen välinen sota on mahdollinen, joskaan ei tällä hetkellä todennäköinen,
Ei ole kauaa, kun Suomessakin oli äänenpainoja, ettei sotaa enää koskaan voisi Euroopassa tapahtua. Useissa maissa heikennettiin asevoimia ja leikattiin puolustusbudjettia, koska sota oli ”vanhentunut.” Näyttää siltä, että tarvitaan sota ennen kuin voimme todella iloita rauhasta.
2. Taistelutahto: Putinin arvio puolustustahdottomasta vastustajasta osoittautui täysin vääräksi. Fyysisen voiman vertailussa Venäjä vahvempi, mutta yhtälöstä puuttui tahto. Kuten Napoleon aikanaan totesi, ”Moraalin merkitys on moninkertainen fyysiseen voimaan verrattuna.”
Keskeisin syy Ukrainan menestykseen on ollut tahto – tahto puolustaa omaa maata, koteja ja perheitä. Vastapuolella ei aina edes tiedetä missä taistellaan tai minkä asian puolesta. Henkinen ero on valtava.
3. Maantiede. Lukio-opettajani totesi aikanaan; kun miettii maailman tapahtumia niin kannattaa katsoa karttaa. Vaikka nykyisin puhumme globalisoituneesta rajattomasta maailmasta, niin geopolitiikalla on edelleen vahva merkitys valtioiden käyttäytymiseen ja turvallisuusarvioihin.
Vaikka johtajat vaihtuvat, maantiede ei. Maantiede (mm Ukrainan sijainti logistisena käytävänä) on yksi selittävä tekijä sodalle Ukrainassa.
4. Venäjä. On omaksunut Machiavellin periaatteen, jonka mukaan parempi olla pelätty kuin rakastettu (jos ei voi olla molempia). Kun venäjä on epäonnistunut tavoitteissaan Ukrainassa (mm huonon sotilaallisen suunnittelun takia), on sen keksittävä uusia keinoja olla pelätty.
Tämän takia Venäjä todennäköisesti: a) Tuhoaa Ukrainaa ja toteuttaa julmuuksia ukrainalaisiin yhä voimakkaammin b) Lisää uhkailuja vastatoimista lännen suuntaan ja valvoo tiiviimmin ”totuutta” omien kansalaistensa keskuudessa c) Hakee uusia liittolaisia idästä ja etelästä.
5. Johtajuus ja informaatiosota. Modernin sodan lopputulos ei riipu vain siitä kenen armeija voittaa, vaan myös kenen tarina voittaa. ”Sydämistä ja mielistä” on sodissa aina taisteltu, mutta nykyajan digiyhteydet ja -alustat nostavat informaatiosodan merkityksen yhä tärkeämmäksi.
Johtajuuden viestimisen merkitys on modernissa sodassa menestymisessä keskeistä. Se että länsi niin vahvasti tukee Ukrainaa johtuu osaksi siitä, että Zelensky on onnistunut sota-ajan väsymättömässä viestinnässään. ”The fight is here; I need ammunition, not a ride” jää historiaan.
Esimerkiksi meille suomalaisille on sota Ukrainassa mennyt tunteisiin – ymmärrettävästi. Informaation aikakaudella tunteiden johtaminen viestinnällä korostuu.
6. Maailmanpolitiikka. Vaikka lännen silmissä Venäjä on hylkiö, sotaa Ukrainassa ymmärrettävä laajempana kansainvälisten mannerlaattojen liikkumisena. Venäjä hakee kumppaneita idästä ja etelästä, ja maailman voimatasapaino on muuttumassa. Tähän sodan lopputuloksella iso merkitys.
Sota Ukrainassa merkitsee myös kansainvälisen järjestelmän vakauden olemista vaakalaudalla. Venäjä pyyhkii pöytää kansainvälisen sääntöperäisen järjestyksen -periaatteella, ja pyrkii voimakeinoin uudelleenkirjoittamaan Euroopan turvallisuusjärjestyksen. Panokset ovat korkeat.
Voitto Ukrainassa olisi luultavasti katalyytti imperialistisen Venäjän seuraaville tavoitteille. Se myös lähentäisi taustalla pysynyttä Kiinaa Venäjään ja rohkaisisi Kiinaa omissa tavoitteissaan Tyynenmeren alueella, etenkin jos läntinen rintama rakoilisi Ukrainan tukemisessa.
7. NATO ja Eurooppa. Yksi keskeinen opetus Ukrainasta on ollut Nato-maan ja ei-Nato-maan ero. Materiaalisesta ja taloudellisesta tuesta huolimatta ukrainalaiset käytännössä itse käyvät taistelua Venäjää vastaan. Koska se ei ole Nato-maa. Tässä keskeisin syy Suomen jäsenyydelle.
On moraalisesti kysyttävä, miten pitkään läntinen maailma katsoo sivusta julmuuksia – puuttumatta niihin. Historia toistaa itseään. Tarvittava poliittinen päättäväisyys puuttuu, ja mm Venäjän ydinasepelote näyttää käytännössä toimivan. Hintana on valtava inhimillinen kärsimys.
Lännen yhtenäisyys on ollut Venäjälle epämiellyttävä yllätys. Se ei ole itsestäänselvyys ja keskeinen asia jatkolle on miten yhtenäisenä länsimaat pysyvät. Etenkin kun sota pitkittyy ja kuluttajahinnat nousevat. Silloin mitataan yhteisrintaman vahvuus, jonka on oltava vahva.
8. Eteenpäin. Sota Ukrainassa tuo varmasti mukanaan yllätyksiä – ne kuuluvat sotaan. 1990-luvun optimismi on vaihtunut uuteen ”epävakauden aikakauteen”, jossa vaakalaudalla Ukrainan lisäksi laajempi maailmanpoliittinen tilanne. Mutta pärjäämme kyllä – kun toimimme päättäväisesti.
Tomi Engdahl says:
Upin tutkijalla Jussi Lassilalla saattaa olla selitys Venäjän propagandan äärimmäiselle typeryydelle
Sota yritetään tutkijan mukaan kääntää Venäjällä uudeksi normaaliksi.
https://www.iltalehti.fi/ulkomaat/a/9937139c-bd3e-4e1e-bb3b-e5bae8ebae65
Venäjän propagandan mukaisesti ajattelevia kansalaisia on Upin vanhemman tutkijan Jussi Lassilan mukaan suhteellisen vähän. Hiljainen enemmistö ei halua ajatella tai sitoutua sotaan millään tavalla.
”Suurin mahdollisen muutoksen aiheuttaja kansalaisasenteissa on taloustilanteen kurjistuminen, joka tulee tapahtumaan vähitellen. Syksy tulee varmasti olemaan merkittävä siinä suhteessa”, Lassila arvioi.
Lassila pitää epätodennäköisenä, että Venäjä toteuttaisi laajan liikekannallepanon.
Ulkopoliittisen instituutin vanhemman tutkijan Jussi Lassilan mukaan suurella osalla venäläisistä on realistinen kuva sodan todellisesta tilanteesta tai ainakin edellytykset oikean tiedon hankkimiseen.
Valtiollinen propaganda on tarjonnut toinen toistaan käsittämättömämpiä tarinoita julkisuuteen: poikansa menettänyt isä on onnellinen valtion tarjoamasta Lada-autosta. Kenraalikunnan entinen jäsen on uhannut Lontoota iskulla 3. maailmansodassa. Kirjailija Astrid Lindgreniä on väitetty natsiksi ja Muumipappaa Yhdysvaltojen ohjailemaksi propagandahahmoksi.
Virallisen propagandan mukaisesti ajattelevia on suhteellisen vähän. Hiljainen enemmistö ei halua ajatella tai sitoutua sotaan millään tavalla.
Venäjän tavoitteena onkin passivoida kansalaiset.
– Suurempi kysymys on oikeastaan siinä, että kansan enemmistö haluaa tietoisesti sulkea itsensä pois todellisuudesta niin kauan kuin siihen on mahdollisuuksia ja edellytyksiä, jotta muu arki ei häiriinny. Tämä on suurin ongelma, Lassila kertoo.
– Siihen valtion lainsäädäntökin tähtää, että pyritään pitämään kansalaiset hyvin passiivisena erilaisella lainsäädännöllä, jossa vähäisempikin kritiikki luo pelotteen, jossa kukaan ei uskalla asettua virallista tarinaa vastaan.
Mistään sotahurmoksesta ei siis voida asiantuntijan mukaan puhua.
– Kyllä kätkettyä kritiikkiä ja tyytymättömyyttä on vaikka kuinka paljon.
Sodan alussa Venäjän johto pyrki poistamaan sodan kuvan ihmisiltä ja se korosti hyökkäyssotaa erikoisoperaationa. Nyt sotatila yritetään Lassilan mukaan kääntää uudeksi normaaliksi.
Venäjällä ei ole tarjota taloudellisia kannusteita kansalle pitääkseen sen tyytyväisenä.
– Tässä on käynnissä kehitys, jossa tietynlainen yhteentörmäys yhteiskunnan ja hallinnon välillä tulee koko ajan vääjäämättömämmäksi, Lassila arvioi.
Läheisten menettäminen sotatantereelle on vaikuttanut Lassilan mukaan venäläisten mielipiteisiin sodasta vain paikallisesti. Hän arvioi, ettei sotilaiden menettämisellä ole sellaista vaikutusta, että se kääntäisi koko kansan vastustamaan sotaa.
Lassila pitää epätodennäköisenä, että Venäjä toteuttaisi laajan liikekannallepanon.
– Se on yksi tapa pitää balanssissa sisäistä yhteiskunnallista tilannetta, kun ei lähdetä mittavaan liikekannallepanoon.
Luotto televisioon vähenee
Televisio on ollut perinteisesti tehokas propagandan väline. Sillä ei kuitenkaan Lassilan mukaan ole yksistään vahvaa psykologista kykyä muovata ihmisten ajatuksia.
Valtion propaganda onnistuu kuitenkin kyynistämään kansalaisia.
– Televisiopropaganda on omiaan ajamaan pois isoa osaa kansalaisista poliittisesta ja yhteiskunnallisesta todellisuudesta.
Venäjän televisiopropagandan vastaanottoa on myös tutkittu.
– Se osa, joka täysin kritiikittä uskoo propagandan, on hyvin pieni.
Television kulutus ja luottamus siihen ovat tutkijan mukaan Venäjällä vähenemässä. Tähän ovat vaikuttaneet internet ja sukupolvien muutos.
Katkeruus projisoituu Ukrainaan
Putinin propagandaa aktiivisesti uskovat ovat Lassilan mukaan iäkkäämpää, köyhempää ja vähemmän koulutettua väestöä, jotka mobilisoituvat sotaan mielessään kotisohvilla, mutta eivät juuri konkreettisesti.
Tällä hetkellä kansalaisista tai johdosta ei löydy vastavoimia Putinille, koska muille ei anneta mitään toimintaedellytyksiä. Putin ylläpitää illuusiota kansan suosiosta.
– Ilman Putinia tuskin kukaan tällaista operaatiota olisi aloittanut.
Vääryys Neuvostoliiton romahtamisesta, 1990-luvusta ja lännen toimista projisoituu Ukrainaan monella tapaa. Ukraina on tutkijan mukaan henkisesti nähty Venäjälle alisteisena, köyhempänä ja tyhmempänä veljeskansana.
– Ajatus sen itsenäisyydestä ja flirttailusta lännen kanssa on sietämätöntä ja aktivoi katkeruutta, jota Venäjän yhteiskuntaan on jäänyt Neuvostoliiton romahduksesta.
Tomi Engdahl says:
Two former ad-tech entrepreneurs are leading the country’s information warfare charge. Outside experts think they’re winning.
Ukraine’s Propaganda Offensive, Led By Ad-Tech Entrepreneurs, Appears To Be Winning
https://www.forbes.com/sites/thomasbrewster/2022/03/01/ukraine-propaganda-machine-might-be-winning-against-russia/?utm_medium=social&utm_source=ForbesMainFacebook&utm_campaign=socialflowForbesMainFB&sh=616ca2d7536d
Tomi Engdahl says:
Hacktivist group Anonymous is using six top techniques to ‘embarrass’ Russia
https://www.cnbc.com/2022/07/28/how-is-anonymous-attacking-russia-the-top-six-ways-ranked-.html?utm_content=Main&utm_medium=Social&utm_source=Facebook#Echobox=1659055755
KEY POINTS
Anonymous uses many strategies in its digital fight against Russia, the most effective being hacking into databases and leaking the information online, according to cybersecurity specialist Jeremiah Fowler.
The size of the leaked data will take years to process.
The hacks have also exposed Russia’s cybersecurity defenses to be far weaker than previously believed, say cybersecurity researchers.
Ongoing efforts by the underground hacktivists known as Anonymous are “embarrassing” Russia and its cybersecurity technology.
That’s according to Jeremiah Fowler, co-founder of the cybersecurity company Security Discovery, who has been monitoring the hacker collective since it declared a “cyber war” on Russia for invading Ukraine.
“Anonymous has made Russia’s governmental and civilian cyber defenses appear weak,” he told CNBC. “The group has demystified Russia’s cyber capabilities and successfully embarrassed Russian companies, government agencies, energy companies and others.”
“The country may have been the ‘Iron Curtain,‘” he said, “but with the scale of these attacks by a hacker army online, it appears more to be a ‘paper curtain.’”
Tomi Engdahl says:
How effective is Anonymous?
“The methods Anonymous have used against Russia have not only been highly disruptive and effective, they have also rewritten the rules of how a crowdsourced modern cyberwar is conducted,” said Fowler.