Papers
Topics
Authors
Recent
Search
2000 character limit reached

Getting Bored of Cyberwar: Exploring the Role of Low-level Cybercrime Actors in the Russia-Ukraine Conflict

Published 22 Aug 2022 in cs.CR and cs.CY | (2208.10629v7)

Abstract: There has been substantial commentary on the role of cyberattacks carried out by low-level cybercrime actors in the Russia-Ukraine conflict. We analyse 358k website defacement attacks, 1.7M UDP amplification DDoS attacks, 1764 posts made by 372 users on Hack Forums mentioning the two countries, and 441 Telegram announcements (with 58k replies) of a volunteer hacking group for two months before and four months after the invasion. We find the conflict briefly but notably caught the attention of low-level cybercrime actors, with significant increases in online discussion and both types of attacks targeting Russia and Ukraine. However, there was little evidence of high-profile actions; the role of these players in the ongoing hybrid warfare is minor, and they should be separated from persistent and motivated 'hacktivists' in state-sponsored operations. Their involvement in the conflict appears to have been short-lived and fleeting, with a clear loss of interest in discussing the situation and carrying out both website defacement and DDoS attacks against either Russia or Ukraine after just a few weeks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (85)
  1. Netscout. 2022a. DDoS Threat Landscape – Russia.
  2. Netscout. 2022b. DDoS Threat Landscape – Ukraine.
  3. Silicon Den: Cybercrime Is Entrepreneurship. In Proceedings of the Workshop on the Economics of Information Security (WEIS). Springer, New York, NY, USA, 28 pages.
  4. Jason Andress and Steve Winterfeld. 2011. Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners. Elsevier, Amsterdam, The Netherlands.
  5. John Arquilla and David Ronfeldt. 1993. Cyberwar Is Coming! Comparative Strategy 12 (1993), 141–165.
  6. Atlantic Council. 2022. Vladimir Putin’s Ukraine Invasion Is the World’s First Full-Scale Cyberwar.
  7. Using Machine Learning to Examine Cyberattack Motivations on Web Defacement Data. Social Science Computer Review 40 (2022), 914–932.
  8. BBC. 2022. Ukraine: Spam Website Set Up to Reach Millions of Russians.
  9. Bleeping Computer. 2022. New Data-Wiping Malware Used in Destructive Attacks on Ukraine.
  10. British Society of Criminology. 2015. Statement of Ethics.
  11. Cybercrime Is (Often) Boring: Infrastructure and Alienation in a Deviant Subculture. The British Journal of Criminology 61 (2021), 1407–1423.
  12. Reliability of IP Geolocation Services for Assessing the Compliance of International Data Transfers. In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, New York, NY, USA, 181–185.
  13. Cybernews. 2022a. Ukraine’s Cyber Army Hits Russian Cinemas.
  14. Cybernews. 2022b. Anonymous Leaks Database of the Russian Ministry of Defence.
  15. Daily Mail. 2022. Anonymous Claims It Has Hacked Russian State TV Broadcasts to Show War Footage From Ukraine.
  16. Dorothy E. Denning. 2011. Cyber Conflict as an Emergent Social Phenomenon. In Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications. IGI Global, Hershey, PA, USA, 170–186.
  17. Bernard Everett. 2013. Optically Transparent: The Rise of Industrial Espionage and State-Sponsored Hacking. Computer Fraud & Security 2013 (2013), 13–16.
  18. Financial Times. 2022. Prospect of Russian Cyber War May Have Been ‘Overhyped’, Says UK Spy Chief.
  19. Forbes. 2022a. Moscow Exchange, Sberbank Websites Knocked Offline—Was Ukraine’s Cyber Army Responsible?
  20. Forbes. 2022b. ‘Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider.
  21. Foreign Policy. 2022. Don’t Underestimate Ukraine’s Volunteer Hackers.
  22. Forkast News. 2022. Ukraine Seizes Funds From Crypto Wallet Funding Russian Forces.
  23. How Putin’s Cyberwar Failed in Ukraine. Journal of Strategic Security 16 (2023), 96–121.
  24. Exploiting Innocuous Activity for Correlating Users Across Sites. In Proceedings of the ACM World Wide Web Conference (WWW). ACM, New York, NY, USA, 447–458.
  25. Google. 2023. Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape.
  26. IP Geolocation Database Stability and Implications for Network Research. In Proceedings of the Network Traffic Measurement and Analysis Conference (TMA). International Federation for Information Processing (IFIP), Laxenburg, Austria, 10 pages.
  27. Hackmageddon. 2015. Cyber Attacks Statistics, August 2014.
  28. HeadMind. 2022. Industroyer 2: The Russian Cyberattack on Ukraine Infrastructure.
  29. Frank G. Hoffman. 2007. Conflict in the 21st Century: The Rise of Hybrid Wars. Potomac Institute for Policy Studies, Arlington, VA, USA.
  30. Examining the Characteristics That Differentiate Jihadi-Associated Cyberattacks Using Routine Activities Theory. Social Science Computer Review 40 (2022), 1614–1630.
  31. Handling Internet Activism During the Russian Invasion of Ukraine: A Campus Network Perspective. Digital Threats: Research and Practice (DTRAP) 3 (2022), 1–5.
  32. Intricately Market Analysts. 2020. CDN Industry: Trends, Size, and Market Share.
  33. The Ukrainian Internet Under Attack: An NDT Perspective. In Proceedings of the ACM Internet Measurement Conference (IMC). ACM, New York, NY, USA, 166–178.
  34. Where. Ru? Assessing the Impact of Conflict on Russian Domain Infrastructure. In Proceedings of the ACM Internet Measurement Conference (IMC). ACM, New York, NY, USA, 159–165.
  35. Mohammad Karami and Damon McCoy. 2013. Rent to Pwn: Analyzing Commodity Booter DDoS Services. USENIX Login 38 (2013), 20–23.
  36. Nadiya Kostyuk and Erik Gartzke. 2022. Why Cyber Dogs Have Yet to Bark Loudly in Russia’s Invasion of Ukraine. Texas National Security Review 5 (2022), 113–126.
  37. AmpPot: Monitoring and Defending Against Amplification DDoS Attacks. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID). Springer, New York, NY, USA, 615–636.
  38. Linking Amplification DDoS Attacks to Booter Services. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID). Springer, New York, NY, USA, 427–449.
  39. Michael Kurzmeier. 2020. Towards a Concept for Archiving Hacked Websites. NPPSH Reflections 3 (2020), 35–58.
  40. Chiara Libiseller. 2023. ‘Hybrid Warfare’ as an Academic Fashion. Journal of Strategic Studies 46 (2023), 858–880.
  41. What’s in a Name?: An Unsupervised Approach to Link Users Across Communities. In Proceedings of the ACM International Conference on Web Search and Data Mining (WSDM). ACM, New York, NY, USA, 495–504.
  42. Mapping the Geography of Cybercrime: A Review of Indices of Digital Offending by Country. In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, New York, NY, USA, 448–453.
  43. Investigating Web Defacement Campaigns at Large. In Proceedings of the Asia Conference on Computer and Communications Security (ASIACCS). ACM, New York, NY, USA, 443–456.
  44. Margarita Jaitner. 2015. Russian Information Warfare: Lessons From Ukraine. In Cyber War in Perspective: Russian Aggression against Ukraine. NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), Tallinn, Estonia, 87–94.
  45. Lennart Maschmeyer and Myriam Dunn Cavelty. 2022. Goodbye Cyberwar: Ukraine as Reality Check. Technical Report. Center for Security Studies (CSS), ETH Zürich.
  46. Metro News. 2022. Anonymous Servers Down as Russian Killnet Hackers Strike Back.
  47. Microsoft. 2022. Defending Ukraine: Early Lessons From the Cyber War.
  48. Microsoft Threat Intelligence. 2023. Microsoft Digital Defense Report: Building and Improving Cyber Resilience.
  49. Jeremy Miles and Mark Shevlin. 2000. Applying Regression and Correlation: A Guide for Students and Researchers. Sage, London, UK.
  50. Reviewing War: Unconventional User Reviews as a Side Channel to Circumvent Information Controls. (2023). arXiv:2302.00598
  51. Mykhailo Fedorov. 2022. We Are Creating an IT Army.
  52. Nature News Explainer. 2022. Where Is Russia’s Cyberwar? Analysts Decipher Its Strategy.
  53. SoK: A Data-Driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, New York, NY, USA, 576–591.
  54. New York Times. 2022. Russia Uses Cyberattacks in Ukraine to Support Military Strikes, Report Finds.
  55. Characterizing Eve: Analysing Cybercrime Actors in a Large Underground Forum. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID). Springer, New York, NY, USA, 207–227.
  56. CrimeBB: Enabling Cybercrime Research on Underground Forums at Scale. In Proceedings of the ACM World Wide Web Conference (WWW). ACM, New York, NY, USA, 1845–1854.
  57. The Illicit Ecosystem of Hacking: A Longitudinal Network Analysis of Website Defacement Groups. Social Science Computer Review 0 (2022), 390–409.
  58. Byron Price. 1942. Governmental Censorship in War-Time. American Political Science Review 36 (1942), 837–849.
  59. Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom. In Proceedings of the USENIX Security Symposium (USENIX Security). USENIX Association, California, CA, USA, 2581–2598.
  60. Reuters. 2022. Russia Downed Satellite Internet in Ukraine - Western Officials.
  61. Thomas Rid. 2012. Cyber War Will Not Take Place. Journal of Strategic Studies 35 (2012), 5–32.
  62. Marco Romagna and Niek Jan van den Hout. 2017. Hacktivism and Website Defacement: Motivations, Capabilities and Potential Threats. In Virus Bulletin International Conference. Virus Bulletin, Abingdon, Oxfordshire, UK, 1–10.
  63. Dimitrios Serpanos and Theodoros Komninos. 2022. The Cyberwarfare in Ukraine. Computer 55 (2022), 88–91.
  64. Stefan Soesanto. 2022. The IT Army of Ukraine: Structure, Tasking, and Eco-System. Technical Report. Center for Security Studies (CSS), ETH Zürich.
  65. State Sites of Ukraine. 2022. Ukraine Has Suffered Over 3000 DDoS Attacks.
  66. Statista. 2022a. Number of Websites in Russia as of May 2022, by Domain Name.
  67. Statista. 2022b. Number of Web Domains Blocked in Russia Since the Start of the Ukraine Invasion on February 24, 2022 as of April 25, 2022, by Category.
  68. TASS Russian News Agency. 2022. Number of DDoS Attacks on Russia in 2022 Will Grow 30-Fold.
  69. TechCrunch. 2022. Web Scraping Is Legal, U.S. Appeals Court Reaffirms.
  70. The Economist. 2022. The Head of GCHQ Says Vladimir Putin Is Losing the Information War in Ukraine.
  71. The Guardian. 2022a. Anonymous: The Hacker Collective That Has Declared Cyberwar on Russia.
  72. The Guardian. 2022b. Ukraine Says Russia Targeting Civilians as Missiles Hit Kyiv TV Tower.
  73. The Guardian. 2022c. ‘It’s the Right Thing to Do’: The 300,000 Volunteer Hackers Coming Together to Fight Russia.
  74. The Hacker News. 2022. Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks.
  75. 1000 Days of UDP Amplification DDoS Attacks. In Proceedings of the APWG Symposium on Electronic Crime Research (eCrime). IEEE, New York, NY, USA, 79–84.
  76. Heterogeneity in Trajectories of Cybercriminals: A Longitudinal Analyses of Web Defacements. Computers in Human Behavior Reports 4 (2021), 100113.
  77. David Wall. 2007. Cybercrime: The Transformation of Crime in the Information Age. Wiley, Hoboken, NJ, USA.
  78. SoK: A Framework for Unifying at-Risk User Research. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE, New York, NY, USA, 2344–2360.
  79. How to Catch When Proxies Lie: Verifying the Physical Locations of Network Proxies With Active Geolocation. In Proceedings of the ACM Internet Measurement Conference (IMC). ACM, New York, NY, USA, 203–217.
  80. Marcus Willett. 2022. The Cyber Dimension of the Russia–Ukraine War. Survival 64 (2022), 7–26.
  81. Wired. 2022. Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory.
  82. Wired. 2023. Ukraine Suffered More Data-Wiping Malware Last Year Than Anywhere, Ever.
  83. Hackers: Militants or Merry Pranksters? A Content Analysis of Defaced Web Pages. Media Psychology 6 (2004), 63–82.
  84. Wordfence. 2022. Ukraine Universities Hacked as Russian Invasion Started.
  85. ZDNET. 2022. CaddyWiper: More Destructive Wiper Malware Strikes Ukraine.
Citations (1)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up

Tweets

Sign up for free to view the 3 tweets with 1 like about this paper.

Sign Up for Free