How Ukraine’s Internet Can Repel Russian Attacks

How Ukraine's Internet Can Repel Russian Attacks

Like Russian tanks entered Ukraine on the morning of February 24, the internet shuddered – and for some it stopped altogether. Ukraine’s main internet service provider Triolan was temporarily suspended in a power outage that mostly affected the northeastern region of Kharkiv, a target of the Russian invasion. Even when the network came back online the next day, smaller outages plagued it throughout the week, according to data from Internet Outage Detection and Analysis (IODA)internet connectivity observatory affiliated with Georgia Tech. The Russian-occupied regions of Donetsk and Luhansk also experienced a decline in connectivity.

Since the beginning of the conflict, there were concerns that Russian-backed hackers may try to disrupt Ukraine’s Internet connection in the same way they took down the country’s power grid in 2015. Since February 23, the Russian cyber army has been carrying out repeated distributed denial of service (DDoS) attacks against government websites, flooding them with fake traffic to take them offline. (Ukraine’s own cyber warriors have retaliated.) But despite what happened with Triolan, the chances of Russia carrying out a full internet shutdown against Ukraine are slim.

Internet shutdowns are typically enacted by governments with the ability to order Internet Service Providers (ISPs) to disconnect, throttle, or limit access to the Internet. Setting up a stop as an outside hitter is much more difficult to execute. Russia may try to direct its DDoS or other cyberattacks at the border routers that connect an ISP’s network to the global Internet, said Doug Madori, director of Internet analytics at Internet measurement company Kentik, but an attack that could take down a website could to have a more difficult time task, knocking out the Internet infrastructure. “It wouldn’t be very practical to shut down the entire country with a DDoS attack,” says Madery. “These routers are pretty tough. And probably if it was easy they would have done it by now.

Not impossible in the abstract: After all, earlier this year an American hacker staged a DDoS attack to take down North Korea’s servers. But Ukraine is battle-hardened from past encounters with Russia’s cyberattacks, and its readiness and sophistication are far greater than North Korea’s. More important, however, is the fact that each attacker will be presented with a huge number of targets, rather than a single vulnerable apple. Ukraine’s size and geographic location mean it is closely connected to Europe’s internet backbone. A spokesperson for the Ukrainian Internet Association says the country boasts over 4,900 ISPs as of December 2021; some of them are preparing before the crisis, establishing reliable connections with each other and creating new backup network centers, according to New York Times.

Ukraine’s internet has developed in a decentralized way due to market dynamics, but that has served it well in the past few years, says Tanya Lokot, professor of digital media and society at Dublin City University. “There was a realization that this was a natural, healthy way to organize the network. When you have different traffic exchange points, you have different ISPs across the country, different mobile phone carriers; it just makes for a more reliable system overall,” Lokot says. It contrasts this model with Russia’s own internet, which is dominated by a few state-controlled operators and which the government is working to separate from the global internet via a circuit breaker. “They [Russia] they’re trying to centralize control, and from a system resilience perspective, that’s harmful because it’s much easier to target,” Lokot says.

However, Ukraine’s resilience extends beyond the sheer number of suppliers. If cyberattacks fail to bring down an ISP, a Russian army determined to cut off the connection to Ukraine might decide to simply hit the connectivity infrastructure by bombing server rooms or severing fiber optic cables. In truth, a possible – though unconfirmed – explanation for Thursday’s outage is that Russian bombs damaged Triolan’s infrastructure in Kharkiv. But it’s unclear whether more methodical targeting of network equipment would bring the Internet to a complete shutdown. In the crowded market of ISPs in Ukraine, all providers have adapted to be fast and deal with even the smallest technical problem quickly and efficiently, according to Vadim Khudima, a researcher at the digital rights protection group Digital Security Lab Ukraine.

Leave a Reply

Your email address will not be published. Required fields are marked *