Cyberattacks against Ukraine have intensified in recent days
A MARTINEZ, HOST:
Ukraine under attack, blasts and the sounds of explosions rang out in several major cities after Russian President Vladimir Putin announced in a nationally televised address that his country would conduct a military operation in eastern Ukraine. Sirens jolted families awake.
(SOUNDBITE OF SIREN RINGING)
MARTINEZ: International reaction was near immediate. European Union leaders say Russia is grossly violating international law and undermining European and global security and stability. President Biden and leaders of the G7 will meet this morning to discuss the next steps. While this invasion is underway now, cyberattacks in Ukraine started much earlier. The Ukrainian government said many of its institutions had been hit by a massive cyberattack that began on February 15 and then intensified yesterday. Joining us to talk about the ongoing cyber-threat in Ukraine is Lauren Zabierek. She's the executive director of the Cyber Project at Harvard Kennedy School's Belfer Center. Lauren, what exactly is being targeted in Ukraine?
LAUREN ZABIEREK: Good morning. It's good to be here. So far, we've seen government sites and financial sites mostly targeted, starting with the distributed denial of service attack that you mentioned - so DDoS, where essentially, you have these other computers that send so much traffic to those servers, to those sites, so that people can't access those. And so especially where they're targeting government and financial sites, military sites, you know, trying to, you know, sort of create chaos and ensure that, you know, citizens can't get information, you know, from the government and potentially access their funds. And then yesterday, we saw new indications of a wiper malware being deployed in those same sorts of sites
MARTINEZ: And wiper malware, what does that do?
ZABIEREK: So essentially, this - when this particular malware is executed, when it's downloaded, it's going to delete all the data. And so, you know, people who had discovered this, again, yesterday, it was just coming out that it looked like it was created two months ago. It was discovered yesterday. Actually, it goes after a number of aspects within the operating system to just delete that information. And so, you know, it's targeting those sites again, so, you know, really trying to ensure that Ukrainians cannot access information, that the government cannot access information, you know, to communicate with their constituents, communicate, you know, across government and military.
MARTINEZ: And really quick - going back to the denial of service attacks, where people can't get into the things they need to, is this kind of where Russia just floods it so - where it's just too busy that it just doesn't work?
ZABIEREK: Exactly. Yes.
MARTINEZ: OK. Now what is the intended purpose behind these kinds of cyberattacks? What's the whole point of this for Russia?
ZABIEREK: So you know, there's a number of purposes. One, of course, is to sow chaos and, you know, undermine the ability of, you know, Ukrainian citizens to get that information to create panic. So that's one thing. Another thing is to ensure that the government can't, you know, coordinate across their services and their military to, you know, perhaps, execute any sort of movements or commands or, you know, services and things like that. So it's sort of twofold - right? - to create that panic, and also to stop the government and stop the military from doing what they need to do.
MARTINEZ: What other institutions could Russian hackers be targeting or, maybe, that's next on their list?
ZABIEREK: They could be targeting, you know, other essential services. So you know, we saw back in 2015 and 2016, for instance, where Russia targeted - you know, they did some reconnaissance long term. And then, at a time and place of their choosing, which was in the winter, they shut down Ukrainians' power grid for hours at a time. And, you know, the successive attack, the next attack, got even worse with the way they, you know, removed the ability to communicate with others and remediate the attack, you know, in a timely manner. So you know, there could be attacks planned against their critical infrastructure like we saw before. And so that's something that I'm watching out for.
MARTINEZ: You know, a couple of weeks ago, I was in Ukraine. And I spoke with their former infrastructure minister. And he said on things like power and water that they were able to quickly move to being manually controlled. Would that be something that, maybe, Russia doesn't try to do right away because of the option that Ukraine has to be able to take control of it right away?
ZABIEREK: Well, you know, they probably know that. They might, you know, be looking for other particular targets. Or maybe at this point, because, you know, the information aspect is so crucial - right? - they're just, you know, looking to, again, create that confusion and panic at this point. But it's...
MARTINEZ: How prepared - go ahead. I'm sorry. Go ahead.
ZABIEREK: No, no, no, no. Go ahead.
MARTINEZ: Well, I was going to ask, how prepared is Ukraine against major attacks on its infrastructure, especially when it comes to Russia mounting these cyberattacks, because they've been doing it, Lauren, for years now.
ZABIEREK: Exactly. Ukraine has really been their - Russia's testing ground for these major attacks. You know, again, we saw this with those 2015-2016 attacks. We saw it again in 2017 with the NotPetya malware that was targeted at this mom and pop tax-preparer shop and then, you know, just spread across the world, causing billions of damage - and then, you know, of course, you know, further attacks after that that, you know, might not have been as headline-grabbing. But certainly, because they've been such a target that I think their - you know, their resilience and their security and, you know, their awareness, I think, is probably much greater. And they are much more prepared to deal with this.
MARTINEZ: Yeah, because as you said, if that's been Russia's kind of training ground on this, I would imagine that Ukraine would use it as a training ground for themselves as well.
ZABIEREK: You would hope, yeah.
MARTINEZ: Yeah. So what kind of help, then, right now would be needed from international allies to help defend against cyberattacks?
ZABIEREK: Well, I mean, certainly, you know, we've seen a lot of joint advisories come out, especially with this new wiper malware. We've seen something come out recently - just yesterday on this new - it's actually not new. It's been, apparently, in the wild for a couple of years now, called Cyclops Blink, right? So doing these joint advisories, working across Europe, you know, for their cyber-organizations both, you know, government and really focused on law enforcement working together, and then, really, honestly, as director - CISA director Jen Easterly said, all organizations across the United States are at risk. So we need to be prepared.
MARTINEZ: Yeah. Lauren Zabierek, executive director of the Cyber Project at Harvard Kennedy School's Belfer Center. Lauren, thanks a lot.
ZABIEREK: Thank you.
(SOUNDBITE OF THIRD SON'S "EVERYTHING IN ITS RIGHT PLACE")
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.