A Blog by Jonathan Low


Sep 6, 2023

The Reason Ukraine's Cyber-Teams Increasingly Fight High-Tech War On Frontlines

Ukraine is placing more of its cyber-warriors on the front lines to shorten the distance both to prevent jamming and to more quickly distribute intelligence. 

The result has been better performance outcomes - as seen in the Ukrainian southern advance - but also greater risk for the cyber teams. JL 

Gordon Corera reports in the BBC:

Ukraine cyber-operators are being deployed on the front lines, dueling close-up with their Russian counterparts in a new high-tech battle. AI visual recognition systems analyse information gathered from aerial drones (alongside intelligence from human sources, satellites and other sources) to provide targets. Teams also hack  surveillance cameras on occupied territory to watch Russian troop movements. And they direct kamikaze drones to take out Russian cameras spying on Ukrainian movements. Cyber-teams counter hackers from Russia's services by penetrating their computers and phone calls. "The distance to the front line is shorter (as) our connection has to be stronger than the jamming."

Ukraine cyber-operators are being deployed on the front lines of the war, duelling close-up with their Russian counterparts in a new kind of high-tech battle.

"We have people who are directly involved in combat," says Illia Vitiuk, the head of the Ukrainian Security Service's (SBU) cyber department.

Speaking inside the heavily protected SBU headquarters, he explains how his teams mix the skills of hackers and special forces - getting inside Russian systems, working alongside snipers and deploying the latest technologies.

The department uses Artificial Intelligence (AI) visual recognition systems to analyse information gathered from aerial drones (alongside intelligence from human sources, satellites and other technical sources) to provide targets for the military.

"We understand which type of military weapons they are about to use and on what direction," Mr Vitiuk says.

His teams will also hack into surveillance cameras on occupied territory to watch Russian troop movements. And they direct kamikaze drones to take out Russian cameras spying on Ukrainian movements. Doing this often requires teams working undercover, close to the target.

Drones - sometimes used for surveillance and sometimes to act as weapons - have been at the leading edge of innovation in this conflict.

The SBU cyber-team flies its own drones and plays a cat and mouse game to disrupt those belonging to Russia. It deploys sensors to detect drones so operators cannot just jam them but try to take control, sending commands to make them land.

All of this frequently needs to be done at close quarters. This, in turn, carries risk to the team members. "You need to protect them there. So you also need to have security around them," explains Mr Vitiuk.

Just outside the capital, military operators are being trained on drones.

Anton, who learnt to fly them in a previous life as a high-end travel guide, says the most important lesson is not teaching operators how to fly drones but how to stay alive themselves by avoiding being detected.

In the early stages of the war, small drones were flown up to 10km (six miles) from the front. But now Ukrainian operators need to be much closer, to overcome Russian jamming signals.

"The distance to the front line is getting shorter right now," Anton explains, while watching a drone flying overhead. "Our connection has to be stronger than the jamming."

Russian intelligence services have also moved some of their cyber-teams close to the front lines, according to Mr Vitiuk.

This is to communicate faster with the military and to quickly provide direct access to captured Ukrainian devices or nearby communications. A captured device can then be used to gather more tactical intelligence before people realise it is in Russian hands.

The cyber-conflict was tightly bound with military operations even before the full-scale invasion of February 2022. A month earlier Russia tried to cause public panic by taking public websites offline.

"It was definitely a psychological operation," says Mr Vitiuk. Ukraine was able to recover most of the systems but hours before the invasion a new wave of cyber-attacks began. The most effective took down a US satellite provider used by Ukraine's military for communications for a few hours.

As Russia's plans for a quick victory were dashed and reports of atrocities emerged, the importance of controlling the information flow increased. That was highlighted on 1 March 2022 when a combined cyber and missile strike targeted a TV tower in Kyiv.

"They were trying to deprive Ukrainians of access to truthful information," Yurii Shchyhol, head of the state service that protects communications, explains, standing in front of the tower where black scars from the missile strike are still evident. Engineers scoured the city for replacement equipment and within hours, TV broadcasting was restored.

Missiles also struck a data centre at the same location - but vital data had been moved on to remote servers earlier in the year, with help from Western technology companies.

"The fact that Ukraine managed to withstand this war is the achievement of both our specialists who built the system and thanks to the help from our partners," says Mr Shchyhol.

Ukraine's own tech workers have also aided the war effort. In a cramped Kyiv office, young volunteers explain how they built a system called Griselda that scrapes data from social media and other sources to provide up-to-date situational intelligence. This helps the military and government answer questions on everything from where mines might be laid to what infrastructure requires repairing.

The missiles that hit the TV tower and data centre were also accompanied by cyber-attacks. And since then, cyber and missile attacks have often been used in tandem.

The cyber-onslaught remains relentless, explains Victor Zhora, who oversees the country's cyber-defence, as he gives a tour of Ukraine's incident response facility which runs 24/7. "This is where the heart of Ukrainian cyber-protection beats," he says. "It is always busy."

A screen on the wall shows peaks and troughs since the start of the war. The government is the top target. While we are at the office, young staffers are dealing with an attack on the National Office of Statistics which delays the release of inflation figures.

At the Security Service, Illia Vitiuk's cyber-team works to counter the elite hackers from Russia's spy services by getting his hackers to penetrate their computer systems and listen to their phone calls.

"I always say that Ukraine has debunked the myth about mighty Russian hackers," he says, comparing the struggle to two closely matched fighters who know each other well, slugging it out in a ring. It has not been easy, he adds, and there have been close calls.

But Ukraine, he argues, is digesting Russian cyber-attacks by working them through its system.

Moscow is throwing almost all of its cyber-expertise against Ukraine and that leaves it with little capacity to attack Western targets.

If Ukraine falls, Mr Vitiuk warns, then those attacks will be directed elsewhere.

But in battling their Russian adversary, Ukraine and other allies are also learning new ways in which technology can be integrated into the modern battlefield.


Post a Comment