Skip to main content

Rival hackers fighting proxy war over Crimea

By Jeffrey Carr, Special to CNN
March 25, 2014 -- Updated 1329 GMT (2129 HKT)
  • The Ukraine-Russia crisis is playing out in cyberwarfare, says Jeffrey Carr
  • Hackers have been causing service interruptions and breaching databases, he says
  • Carr says the attacks have similarities to the resistance movement in WWII Europe
  • He says the most powerful nations cannot reliably defend their infrastructure from attacks

Editor's note: Jeffrey Carr is the author of "Inside Cyber Warfare: Mapping the Cyber Underworld" and the founder of Suits and Spooks, an international security conference. He regularly speaks at conferences and seminars and consults on security matters for multinational corporations. He has addressed the U.S. Army War College, Air Force Institute of Technology, Chief of Naval Operations Strategic Study Group, the Defense Intelligence Agency, the CIA's Open Source Center. The views expressed in this commentary are solely his.

(CNN) -- Hackers have been busy causing service interruptions, breaching databases, and defacing hundreds of Ukrainian and Russian websites, as the crisis between the two countries plays out in cyberwarfare.

The attacks have similarities to the resistance movement that sprung up among German-occupied countries during World War II, which took many forms including sabotage, espionage, armed confrontation and counter-propaganda.

In addition to that list, today we can add digital or web-based actions including Distributed Denial of Service (DDoS) attacks, which shut down key websites, the defacement of government websites, and breaching government or key industry networks to access sensitive documents and release them to the world.

Services like Twitter and Instagram may be used to capture events in real-time, and YouTube may be used for recruitment, training and propaganda purposes.

Today we see a 'super-resistance' composed of elite hackers, for whom cracking a secure network is certainly equal to and in some cases superior to that of a militarized cyberwarfare unit.
Jeffrey Carr

The global networks that enable the incredible global communication and information-sharing applications we have all come to enjoy, all use insecure hardware and software. Just like there's no human cell that is immune to every virus, there's no piece of software that is immune from being exploited.

As a result, the most powerful nations in the world today cannot reliably defend their own information and communications infrastructure from targeted attacks, by even a single hacker.

To make matters worse, many of today's best hackers aren't employed by their respective governments.

While the resistance movement of World War II had fewer skills to bring to combat than members of the armed forces, today we see a "super-resistance" composed of elite hackers, for whom cracking a secure network is certainly equal to and in some cases superior to that of a militarized cyberwarfare unit.


Shortly after police cracked down on "Euromaidan" street protesters, who were calling for closer integration with the EU, in Kiev in November last year, Ukrainian security engineers began discussing the necessity of forming an all-volunteer cyberdefense force. By March 1, 2014, cyberattacks on both sides kicked into high gear.

OpRussia, a hacker group formed under the Anonymous umbrella, posted a warning to Russian President Putin that his aggression against Ukraine would not stand on March 1, 2014.

Since then, members of OpRussia have been attacking Russian business and government websites on a daily basis, including the website for the Russian Air Force, the website of the Kamchatka region, Russia's narcotics control service, and even a Russian escort service.

Russian CyberCommand is another group of hackers, some of whom are Russian, who oppose Putin's annexation of Crimea and have been relentless in their attacks against Russian businesses and agencies such as Rosoboronexport -- Russia's sole agency authorized to sell defense and dual-use products and technologies to foreign entities -- and -- a Russian IT security company that provides services to Gazprom, Skolkovo, and other important organizations.

Like OpRussia, Russian CyberCommand considers itself part of Anonymous.


While the name Anonymous is frequently associated with cyberoperations that support revolutionary movements, that wasn't the case with these next two groups: Anonymous Ukraine and CyberBerkut, both of whom are Pro-Russia groups.

Anonymous Ukraine attacked NATO websites on November 7 when Ukraine was considering establishing closer ties with the EU as well as NATO membership.

On March 15, CyberBerkut attacked NATO websites again, however those attacks were a small percentage of CyberBerkut's onslaught against several hundred Ukrainian government and commercial websites from March 3 up until the present.

The group's logo and name come directly from Ukraine's old special police unit "Berkut" and there are rumors that the group is composed of either Ukrainian or Russian former security services personnel.

As of March 18, Ukrainian Prime Minister Arseniy Yatsenyuk said that Ukraine would not be seeking NATO membership, a move designed to placate Russia as well as Ukraine's large Russian-speaking population.

Yatsenyuk also announced a willingness to maintain political ties with the EU but will delay signing any economic agreements for the time being.

'Russian Cyber Playbook'

Some Western pundits have drawn similarities between the current cyberattacks and those that happened during previous conflicts.

'Hacktivism' on the rise in the Mideast
John McAfee: "America has lost its way"
Is Iran behind new cyber war threats?
How cybersecurity issues affect us all

Most of the Georgian government's communications systems were shut down by Russian hackers during the conflict there in 2008. But in fact there's very little similarity, and no actual evidence linking the Russian government to the current wave of cyberattacks against Ukrainian websites.

This is not a page out of the "Russian Cyber Playbook" for several reasons:

Firstly, the Nashi, a government-financed Russian youth organization that was responsible for the attacks against Estonia in 2007 and Georgia in 2008 is no more.

And secondly, in 2008, Russian hacker forums were actively recruiting volunteers for attacks against Georgia. Not so today. In fact, many Russian hackers are angry with Putin and are supporting an independent Ukraine.

Time has not stood still since August 2008. In 2010, Russia published a new military doctrine which acknowledged the "intensification of the role of information warfare" and assigned as a task to "develop forces and resources for information warfare."

Russia and most other nations have been investing hundreds of millions of dollars to improve their capabilities to conduct electronic warfare, information warfare, and cyber warfare via increasingly sophisticated means; and by that I mean techniques that include compromising a nation's electrical grid or GPS navigation system from the canopy of a combat helicopter.

Russia, in particular, has spent the last few years developing dual-use technologies that will never be seen or defended against by its target -- for example, malware research that could be used to both defend against malware in peace time and use malware offensively as part of a military operation.

But there will always be highly-skilled civilians who can quickly organize online, distribute easy-to-use denial of service tools, and cause mayhem and embarrassment to the enemy, whoever he may be.

Read more: Cyberwar hits Ukraine

Read more: The gathering cyberstorm

Read more: Cyber arms control? Forget about it

The views expressed in this commentary are solely those of Jeffrey Carr.

Part of complete coverage on
November 20, 2014 -- Updated 1417 GMT (2217 HKT)
Donetsk's neediest line up for food handouts. There are long queues at the bus station as people try to leave town. There are no banks left open.
November 25, 2014 -- Updated 1025 GMT (1825 HKT)
Barking overwhelms the thud of artillery fire. An animal shelter is crammed with 1,000 dogs, many orphans of the conflict with owners who have fled or been killed.
October 3, 2014 -- Updated 0751 GMT (1551 HKT)
Reza Sayah looks into why thousands of Ukrainians have left their old lives to volunteer to fight.
October 14, 2014 -- Updated 2048 GMT (0448 HKT)
CNN's Ralitsa Vassileva speaks to The New Republic's Linda Kinstler about Putin's motives with Ukraine and China.
September 24, 2014 -- Updated 1436 GMT (2236 HKT)
President Barack Obama speaks at the 69th session of the United Nations General Assembly.
November 13, 2014 -- Updated 2258 GMT (0658 HKT)
The Commander of NATO forces in Europe says Russian tanks, Russian artillery, Russian air defense systems and Russian troops -- all heading into Ukraine.
September 9, 2014 -- Updated 1258 GMT (2058 HKT)
Malaysia Airlines Flight 17 broke apart in the air after it was hit by a burst of "high-energy objects" from outside, a preliminary report by Dutch aviation investigators said Tuesday.
September 3, 2014 -- Updated 1611 GMT (0011 HKT)
On a country road in eastern Ukraine, a scene of bucolic tranquility was suddenly interrupted by the aftermath of carnage.
September 2, 2014 -- Updated 2019 GMT (0419 HKT)
In the city of Donetsk, the devastation wrought by weeks of fighting between pro-Russia rebels and Ukrainian forces is all too apparent.
September 1, 2014 -- Updated 0000 GMT (0800 HKT)
CNN's Diana Magnay reports from the front lines in the Ukrainian conflict.
September 1, 2014 -- Updated 1126 GMT (1926 HKT)
A few miles south of the town of Starobeshevo in eastern Ukraine, a group of men in uniform is slumped under a tree.
August 23, 2014 -- Updated 1343 GMT (2143 HKT)
A shopkeeper's mutilated body, relatives' anguish, homes destroyed ... this is Donetsk.
August 19, 2014 -- Updated 1112 GMT (1912 HKT)
A 20-minute drive from Kiev takes you to a neighborhood that feels more like Beverly Hills than central Ukraine.
November 20, 2014 -- Updated 1412 GMT (2212 HKT)
Photos illustrate the ongoing crisis in Ukraine as fighting continues to flare in the region.
July 31, 2014 -- Updated 1631 GMT (0031 HKT)
Future imports, exports between the EU and Russia are now banned -- but existing contracts continue.
July 20, 2014 -- Updated 1540 GMT (2340 HKT)
Some contend that larger weapons have come into Ukraine from Russia.
July 23, 2014 -- Updated 0925 GMT (1725 HKT)
The downing Malaysia Airlines Flight 17 put the pro-Russia rebels operating in Ukraine's eastern region center stage.