Cyberwarfare in Ukraine: Russia’s least worst option?


When it comes to predicting Russia’s digital movements, external kinetic factors must also be weighed. And while military funding for Ukraine may have stalled, the Kremlin’s own war machine is struggling too – even in the cyber-sphere, things aren’t looking too rosy, a threat intelligence analyst tells Cybernews.

That was the prelude to a surprisingly upbeat assessment from former military intelligence agent and current cybersecurity information security officer (CISO) for Cyjax Ian Thornton-Trump.

ADVERTISEMENT

As far as he is concerned, doubling down on cyberattacks over winter against Ukraine might be the least painful option for Russia, as both countries’ land forces appear deadlocked for the time being at least.

But even in that area, fiscal constraints and a resulting brain drain could hamstring the Kremlin’s attempts to strike decisive blows against Ukraine’s critical infrastructure.

And whilst the recent stalling in the US Congress and Brussels of funding for Ukraine’s military resistance might have many pundits fretting, Thornton-Trump doesn’t seem overly rattled.

“If you go by what's coming out of the press on a day-to-day basis, you would be revising your assessment on an hourly basis, depending on what's coming out of people's mouths,” he tells me.

Russia, he says, has its own funding crisis to mull as it looks to the ever-bleaker prospect of a prolonged struggle in Ukraine, which he believes is getting more bang for its buck when it comes to deploying high-tech military equipment in the field.

“They're building their own domestic capabilities in terms of equipment that are starting to show great promise at a ridiculously reduced price,” says Thornton-Trump. “Just the FPV drone program that they have, where they're taking out 150,000-plus [dollars’ worth of] ordnance with a $3,000 package. In terms of bleeding on the Russian finances, that’s super significant. Because at the end of the day, I think it’s money that will move the Russians forward. The Russians are quickly running out of that.”

From folk heroes to refuseniks

Another area where Thornton-Trump sees money talking quite loudly is in the cybercriminal sphere that has been integral to Russia’s war effort. Highly skilled digital actors who could expect to rake in a tidy sum tacitly serving the Kremlin’s interests before the escalation of hostilities in 2022 are increasingly becoming disillusioned with their terms and conditions.

ADVERTISEMENT

“Russian cybercriminals have been glamorized and adored as almost folk heroes in some cases, showing, I would say, a certain teenage segment of the wealth, spraying around the money,” he says. “But also that was wrapped up in that sort of patriotic zeal and support for [President Vladimir] Putin – the higher you go up on the food chain, the more your faith in the Russian leadership becomes important.”

Faith and money have clashed, he believes, as elite hackers who previously enjoyed a lucrative lifestyle thanks to free-rein ransomware attacks on non-Russian-aligned targets found themselves co-opted into the military intelligence agencies – at a drastically reduced rate of remuneration.

"Russian cybercriminals have been glamorized and adored as almost folk heroes in some cases [...] but also that was wrapped up in that sort of patriotic zeal and support for [President Vladimir] Putin."

Threat intelligence analyst Ian Thornton-Trump on where money, fame, and loyalty intersect in the world of Russian partisan hacking

“Recruiting from that teenage group and basically building your own little cyber army, I think this is a response to the economic constraints that Russia is feeling right now,” says Thornton-Trump. “Because when you hire mercenaries, be it Wagner as physical soldiers or Anonymous Sudan and other hacktivists, you’ve got to pay them. And in Russia right now, fiscally, the cupboard is bare.”

That, he suggests, is forcing the likes of the GRU and FSB to hire top talent at cut rates. The end result? An exodus of said talent, as the brightest and best seek to leave Russia rather than stay and be forced to use their skills for low wages.

“Things were great up until the first year of the Ukrainian war – if you were a cybercriminal living and working in Russia, because of the currency exchange, US dollars and Bitcoin, you were wealthy beyond the traditional imagination,” he says.

“And it was pretty blatant that the major leaders of Russian cybercrime had relationships to the government – when things went sideways with the invasion, that the government came and basically said, ‘You're now going to work for us.’ And some folks weren't on board with that because they realized: ‘Government salary, are you kidding me?’”

Stalinist ‘snitches’ and US bounty hunters

As for starting an internal dissenters’ movement, other Kremlin maneuvers in the cyberworld pretty much ruled that out as a viable option – presumably, very few super-smart hackers would be dumb enough to go up against what Thornton-Trump defines as a neo-Stalinist web of cyber snitches by protesting Putin’s regime.

ADVERTISEMENT

“The intelligence services in Russia right now are split between so many different missions,” he tells me. “And if you can take a segment that is just basically monitoring social media and reporting anything that appears to be not on the Putin program up through law enforcement, you essentially have built, we could call it, a country of snitches.”

While the benefits this network brings to the Kremlin are obvious – “you can take your more valuable intelligence assets and deploy them in offensive operations” – the move may have had a negative knock-on effect that has effectively nullified its original intention.

Not happy with the deal your government is giving you as a highly skilled hacker, but too afraid to protest because you don’t want to end up in a prison colony? Solution: flee the country. Only, this puts Russian hackers in the path of neighboring East European states, more than happy to turn them over to the US and collect a fat bounty in return.

"If you can take a segment that is just basically monitoring social media and reporting anything that appears to be not on the Putin program [...] you essentially have built, we could call it, a country of snitches."

Thornton-Trump believes the Kremlin's digitally enabled program of informants might backfire - by compelling talented but dissenting Russians to flee the country

“I think the psychology is: ‘Wow, okay, I wasn't immediately arrested and extradited back to the United States,’” Thornton-Trump says of Russian hackers who believe they have escaped and then let their guard down, only to be caught by a subsequent police investigation.

“I think living large in places like Budapest is a level of exposure,” he says. “We go back to that one famous hacker who got picked up because his girlfriend had posted a picture of them on Instagram with some recognizable fountain landmark in the background.”

Mark Sokolovsky – awkwardly enough for our narrative, a Ukrainian national – was arrested in the Netherlands in 2022 pending extradition to the US, where he was charged with computer and bank fraud. And if Western European countries are willing to comply with such requests to extradite Russian cybercriminals, their eastern neighbors will be doubly so, says Thornton-Trump.

“Some of these guys are worth five to ten million a pop,” he says. “That's a big chunk of change for an Eastern European country, a place like Hungary where a US dollar has a lot more buying power.”

High-tech war turned out to be a meat grinder

This adds up to a brain drain at Russia’s expense, as the high-level hacker recruits it needs for its cyberwar efforts ultimately end up in US custody – or, at the very least, not serving the Kremlin’s interests. And this drain isn’t necessarily restricted to the cyber-sphere either, he posits.

“Because of the meat grinder that the Ukrainians created on the front, and then every time you hear about how miserable it is to be in the middle of a freezing winter, getting attacked by drones, anyone that is somewhat intelligent – possibly has a university degree, not just necessarily an IT worker – will try and find a way to get across the border to go somewhere else.”

ADVERTISEMENT

He further believes that this is slowly feeding into a kind of invisible malaise in Russian society, one that most Western observers are likely oblivious to, but is nevertheless having an effect on the general populace.

“For every casualty you see on the battlefield, the rumors [...] the psyche gets eroded, and some people are no longer even on board at all with Putin,” he says. “And, because of the security apparatus, are choosing to leave rather than start a rebellion or insurrection within Russia.”

He adds: “I think we were all spoiled with the idea that modern warfare would be like the equivalent of the [1991] Gulf War. Where you just have a mass army that comes sweeping in, and resistance is pretty much not even an issue for your military goals. I think this was the psychology, if you will, where Russia went: ‘Well, you know, if America can do what America did, we should be able to take Ukraine with our special military operation in, what, a week?’

“Fast forward to where we are now – you have that intelligentsia, a major demographic shift going on in Russia with a lot more old people, wounded people coming back. This has been Afghanistan times ten in terms of what the Russians have suffered for direct losses.”

Meanwhile, relationships that were once quite cozy for Russia have begun to freeze over, with former client states like Kazakhstan recently refusing to supply the Kremlin with war-related high-tech exports.

In October, it was reported that the central Asian country’s Deputy Trade Minister Kairat Torebaev had announced a ban on the export to Russia of more than 100 articles, including drone components, electronics, and computer chips manufactured abroad in response to Western pressure.

Trump card no ace in the hole

However, as 2024 looms large on the electoral map, Vladimir Putin does have one, literal, Trump card to play. And, you guessed it, I’m not referring to my interviewee. Does he think the Kremlin will try to push a Trumpist agenda over social media and the wider web, as it is widely suspected of having done in the run-up to the 2016 election?

“It's a huge factor and part of an overall Russian, Chinese, North Korean, and Iranian objective, which is to destabilize Western governments,” he says. “[Former US president] Trump has been the greatest gift to any protagonist nation ever.”

ADVERTISEMENT

But again, he doesn’t seem all that rattled by the prospect of a second Trump administration pulling the plug on Ukraine and even US membership of NATO – even predicting that the indicted former leader of the free world could end up behind bars by the time American voters go to the polls to elect a new president.

“I think from a legal perspective it’s death by a thousand cuts,” he says. “They've got him right where they want him, with both state and federal charges along different lines. If I had to call it straight up, Trump is in jail before the 2024 election kicks off.”

"They've got him right where they want him, with both state and federal charges along different lines. If I had to call it straight up, Trump is in jail before the 2024 election kicks off."

Thornton-Trump doesn't believe covertly supporting the former US president on social media will avail the Kremlin much this time around

The bear will try to poke the West

Away from politics, Thornton-Trump believes Russia will engage in a game of brinkmanship when it comes to launching cyberattacks against the US and its Western allies. It will probably stop short of full-scale Solar Winds-style attacks that could risk serious escalation between antagonist nations, he reckons, but that won’t stop it being “as irritating as possible” with lesser salvos against critical infrastructure.

“And so when I look at the main tactics, Russia will want to try and turn off the lights, mess with national critical infrastructure to basically try and make the governments that they find unfavorable, like the UK government, look as inept as possible. That doesn’t take a lot to make them more inept-looking than they currently seem to be.”

But when it comes to full-on “destruction,” though Russia might continue to try to inflict that on Ukraine, it will probably not repeat the tactic elsewhere, preferring instead to try to make life as difficult for ordinary citizens and businesses across the West.

“Now, there's a very fine point here, because they don’t want to do something that will incur a kinetic response,” he says. “But they want to be as irritating as possible. Train-on-train crash directly attributable to a Russian cyberattack, that’s kind of over the line – but continuing to steal everybody’s personal information and spray it into the hands of a criminal element to hit you with phishing emails and fraud?”

To hear Thornton-Trump tell it, you could be forgiven for thinking of the Russian bear as a wounded animal: still dangerous and lashing out where it can, but with its strength slowly dwindling. Honestly, it’s hard to tell whether he’s really on to something, or just indulging in blue-skies thinking.

And in the meantime, whether or not his bold optimism proves well-founded, it looks as though the coming winter will be a bleak one on the ground in many parts of Ukraine.

ADVERTISEMENT

However, if there is one thing we’ve learned about Russia over the years, it’s to expect the unexpected – for better or for worse.