Listen to Episode

Read Episode Transcript

Hello and welcome to Wednesday's episode of the Battleground Ukraine podcast with me Saul David and Patrick Bishop. Today we're talking to cyber expert and friend of the podcast David Alexander. David is an academic who has helped to develop national cyber policy and operational capability for both the UK government and the Ministry of Defence. We asked David to give us an update on the cyber front of the Ukraine war since we last spoke to him in early January. This is what he told us. David you last appeared on the podcast in January a couple of months ago. You gave us a great assessment of where we'd got to at that point but obviously quite a bit has been happening since then. Can you give us sort of summary of the cyber front in the Ukraine war since early January? Yes, there's a lot that's been happening in the background but there haven't really been any major notable events inside Ukraine itself which I think is fairly indicative of the fact that the Ukrainians have got their foot well and truly upon the neck of the Russian attack efforts. Both through their own sterling efforts and also information that they've been provided by Western Allies to help them. Part of that is that Ukraine has now been allowed to join the NATO Joint Centre for Advanced Technology for Cyber Defence which is our Cyber Defence Knowledge Hub and Training Centre and Research Centre and it should be stressed that the terms of reference that centre are that it is not limited to NATO members only so just because Ukraine has been allowed to join that does not mean that they're part of NATO before anybody gets the wrong idea. Also, there have been, though in the SSCIP, the Ukrainian Cyber Defence Organisation have said that there have been something like 2,100 incidents that they've detected and reacted to in that time within Ukraine but the fact that from a cyber point of view we've seen very little disruption, minimal efforts. There were some attempts to attack the Ukraine information, the news organisation but that was pretty much a failure. Other than that, nothing really, a report inside there. The Russians, however, have not fed so well. People like anonymous and other organisations have been attacking them. With some gusto and vigor, you may have seen reports that there have been fake air-rate warnings both on the radio and over the web and also only a day or so ago, a fake nuclear attack alert which has gone out. Now, the fact that three or four days have passed since the fake missile alert and the Russians are still unable to find and stop the compromise that's allowing anonymous to do this is rather embarrassing, certainly for the Russians. It shows that they are really not getting a grip of what's happening. We used to call them top three cyber capable nations but right now it doesn't look like it. I think a lot of that is to do with the fact that the organised crime gangs are no longer helping them. Just to look forward, David, to the possibility of a nuclear conflict, as something goes up and down this threat. Does this suggest that in the event of things moving to a very alarming higher level, the West would have the capability to actually preempt a nuclear strike from Russia? Is that a possibility, as you think, with our kind of overreach, our overmatch and cyber capability? I think it's probably unlikely. We could probably get some kind of warning that it was coming a reasonable length of time before it happened but anybody with any sense would keep the control systems that run these nuclear weapons completely separate from the rest of the world. Now, there are people who have put a lot of time and effort into compromising those fighter systems. It's not impossible. But I suspect that the systems that work on mobile launches in the field, you're never ever going to be able to stop. You might be able to slow things down, you might be able to limit it, but you're never going to be able to stop it. And although it's not my area of expertise, I'm one of those people who firmly believes that the prospect of things turning nuclear is very slim indeed. I really don't think it's a major threat personally. Going back to the anonymous hacking collective, David, you mentioned them before, of course, and they are an unofficial outfit that are working on behalf of the Ukrainians. What is their motivation, do you think, in these attacks against Russia, which must be incredibly embarrassing and also to be fair, to the ordinary civilian and the street pretty alarming to Russians, too? Yes, I should think they are. It's certainly for those people that are witnessing them because these radio broadcasts are going out in major cities, which are areas that Putin is probably very keen to keep isolated and insulated from this kind of knowledge, because these are the kind of areas where unrest really matters and where it really takes hold. The anonymous group, they are a bunch of hackers, and most of the time what they do is for kudos, it's for reputation. Hackers, their reputation is a major currency amongst themselves. The more successfully are, the more you can prove that you've been able to hack interesting things, the higher you're standing within that community. That's a large part of the motivation. Obviously, for the criminals, it's more about the money, although reputation, they quite like to be infamous. But anonymous, in this case, they're doing the right thing partly for reputation, but I think most of they're doing it for the right reasons in that the Russians are clearly in the wrong here. If there's something that anonymous can do, albeit technically outside the law, they're doing the right thing. And I suspect that law enforcement won't be looking too hard to try and find and stop them. David, you mentioned earlier that the criminal hackers were a big part of the Russian cyber capability, but that's no longer the case. What's happened there? Well, they're organized crime gangs. A lot of them were sitting inside Russia, and to be honest, in some cases, inside Ukraine as well, and they were allowed to operate with tacit agreement from the Russian government and plead law enforcement organizations on the grounds that they didn't target people within Russia itself. So they only went for foreigners. The quick pro quo was that in times of events like this, they then had to help the Russian state by using their efforts to attack and compromise whichever country was the target of Russian opposition. So they helped target Estonia back in 2007. They helped target Georgia before that invasion. And then, of course, they're involved to start with with Ukraine. Now, that model is fine if it's a short war because organized crime gangs are also motivated by money. And we saw quite quickly that A is successful in the calm and B is the war dragged on. The crime gangs fell away from the cyber effort against Ukraine because obviously it was affecting their cash flow quite badly. And we've watched the levels of cyber crime gradually going back up and up against a commercial targets target in the West. It's now back to about 60% of the kind of level it was at before. Now, we don't think that means that 40% of the resources are still helping the Russians. They're clearly not. We think that's actually to do with the fact that the sanctions have been put in place and making it much harder for the crime gangs to move money around and get it into Russia. And that is limiting their business model, which Odea Watershane. There was an announcement back in January of early February of seven Russian criminal cybercriminals who have been sanctioned by the British government. We believe that is because they were helping to launder money and move money around for the Russian government. That would be neither to get money into or out of Russia as part of the smuggling operation. They're trying to bring in supplies, food, luxuries, stuff that can be used to the war effort. The fact that they've been sanctioned, of course, means that their funds can be frozen, their assets can be seized. It makes their life very difficult, but also financially it means that any money they had in the system they were trying to move around, they've lost access to or they should have lost access to. Dave, you mentioned in your recent update to me that the Russians appeared to be trying to reduce the number of channels by which information, and I quote, not to the advantage of the state can be spread within Russia. And of course, it might also help to reduce the amount of open source intelligence available to those watching from Russia. So do you think these measures have had much success for the Russians? I think any attempt to do this is quite limited. I mean, the whole point of the internet is that it is resilient to attempts to disrupt and destroy it. It's not quite self-healing, however, it's got to the point where people will find ways to make things happen. They will use various channels, VPNs to try and contact the outside world to get information from the outside world. Russia conducted an exercise before the war started where they actually did look at cutting themselves off from the internet to see what would happen. And basically found it made business pretty much impossible to almost stop life. We are because of global entity. We're pretty much dependent upon it now to make most things happen. So you can't just shut the outside world off. You've got to allow certain amounts of information through. And whilst you might have put a bit of a speed break on what's getting through, it will still get through when it will then get spread through internal channels. Now there will be people internally who will take that information and they will pass on to others. You can monitor it and the Roscombe Nadsor, which is part of the Federal Service for Communications Information and Technology in Russia, they will be watching what's going on. But they themselves have been compromised. That's another thing, anonymous hack them and release the huge amount of their data to show what they're up to. So in many ways, they're on the back foot. They're trying to play catch up, but they're not being very successful. You mentioned Roscombe Nadsor, the internet watchdog agency, David. Recently, you also mentioned this to me. They announced new laws banning the use of most of the private messaging applications in the Russian government state agencies. So that's trying to control what people within the state system are actually doing. And presumably this is partly to do with the telegram messages that are going around, some of which are perceived to be sort of at least critical of the war effort. Again, as this had much success, do you think? I doubt it. I mean, human nature is such that if there's a channel available, people will use it as a shortcut to transmit information to communicate with their friends either officially or unofficially. And those channels, of course, can be monitored. A lot of nations have sigint capabilities, which include cyber. So those kind, that kind of information will be hoovered up and analyzed, and you can get a lot of information from it. I've talked in the past about, no, we have listened into chatter. And chatter is a term we use for a little bit of this kind of background chatter literally that goes on across these channels. People talk to each other, not necessarily officially. And what Russia is trying to do is it's trying to stop some of those leaks, it's trying to stop ways in which the information may be leaked to the West, but also can be leaked to people like anonymous or even their own members of the Russian public. By closing down the more insecure channels, what they're trying to do is limit the damage. Again, will people pay attention to it? Will people stop doing it? You can put laws in place. It doesn't mean that people are actually going to listen to it and actually going to do it. And I suspect it will just carry on. Do you know what level of access David? People have to VPNs in Russia. These for people who don't know what that is, is a virtual private network, which means you can bypass the kind of controls of the criminalists is seeking to impose. Do we know how easy that is to do? Anybody can do it. It's a question of knowing that they exist and knowing how to find the right tool and make it happen. Now a lot of effort has been going in to educating the Russians in how to do that. There is a file sharing service called BitTorrent, which is used for pirating movies and CDs and things like this. And what people have been doing is they've been adding an additional file on the BitTorrent streams going into Russia, which contains information on how to download and install a VPN and be what sites tend to look at to get accurate and truthful information about what's happening in the war and what's happening inside Russia. And that of course is being spread. So we are doing our best to try and improve the ways that the VPNs can be used to provide the increased access to them. And of course, over time, they eventually reach a critical mass. Enough people know about it. If one person tells two people who then tells four people and so on, very quickly it grows. And the main thing of course is you've got to have a computer and you've got to have access to the internet. So in Russia, a lot of this will be in the more built up areas. Some of the more remote areas access is much more difficult, much more sketchy. People don't necessarily have access to kit in their own homes. And it's really being able to use this kit in your own home and privacy that makes it possible. You don't want to be sitting in some way as public library looking up this kind of information with somebody can be shoulder surfing and seeing that you're looking at stuff you really shouldn't be. David, we've been assuming for many months that there will be cyber attacks from Russia. You've already pointed out that actually they've been relatively ineffective. But they have been one or two moments like for example, when a certain number of German airports, their systems presumably, their sort of air control systems were down for a while. Are we right to assume that's probably the Russians or could it be something else? It's one of those if it looks like a duck and it wobbles like a duck moment where Germans had a problem where they lost a network connectivity because no, classic thing, but somebody working on digging a road up put a backhoe through a data cable and Luftwaffe and various other airlines had to very quickly find an alternative route to get themselves back to allow their services to be available to the public once more. Now the way they did this wasn't necessarily as secure as it would normally be. And so the temporary clunch that they worked, they put in place to make it work was able to be hacked. Now this incident happened just after the Germans had announced that they yes, they were going to make lep of tanks available to Ukraine. And there were a couple of organizations in Russia, there's what they call the non-Emas Russia and another group who basically claimed that they were the ones that actually did this hack and caused this disruption. Now it didn't last very long and it was much more embarrassment value than actually doing any real damage. But in terms of who else would stand to gain from actually doing that kind of attack, no, it's Russia is obviously the prime candidate. There's a policeman say they're the ones with the method and the motivation to do so. But the fact that that's the best kind of attack they can do, embarrassment value only shows that they're really not being very effective. I think the state is trying to focus its efforts on Ukraine, although they are looking elsewhere. There was a formal warning issued by the UK's National Cybersecurity Centre of an intelligence campaign that had been launched by Russia and another one by Iran, where they're looking to compromise people like journalists and politicians and other people working on looking at Ukraine and Russia and the cyber aspects. And that's just another general sanctions and warfare scenario. So the Russians do have some capability, but the fact that the world's focus is turned upon them and the cyber, no protective monitoring capability as we call it, is also turned upon them means that the chances of actually achieving any I think major disruption in terms of cyber outside of Russia is pretty low. Welcome back. Well, the next thing we wanted to know was what David thought about the overall air situation. This is what he told us. David, can we move on to something that's of great interest to our listeners? We get lots of questions about the role of conventional air power on this conflict or on the absence of conventional air power. We don't see many fast jets in the air, helicopters have really kind of faded from the kind of general battlefield picture. You are a former fast jet pilot yourself. Can you give us an idea of what has been happening there? Why we're not seeing this sort of conventional air power being used in the way one well have expected to at the beginning? And another thing that's fascinating, so our listeners is drones. The way the drones have moved the forefront of the battle and whether they are indeed the future, whether we won't actually see fast jets in the picture in wars to come. Yes, I think a lot of the the fact that we haven't seen much coming out of Russia is partly to do with the state of their their maintenance, their state of their readiness of their aircraft, how long they spend in the air. When certainly in my day the briefings we got were that the kind of avionics and the engines are Russian's we're using had very short lives. They need to replace in far more quickly than the kind of engines that we develop and use in the West. Their pilots don't get flying hours, don't get the level of training, therefore they're not as skilled as they would like to be. And certainly they're when you're as skilled as we are. And to that, the fact that we rapidly supplied some fairly good man-pad systems, the man-portable air defense systems, they've should have launched surface-to-air missiles. Russians took some fairly high casualties both of helicopters and of some of the fast jets, the ground attack aircraft, especially that were in the wrong place at the at the wrong time. And they suffered some quite heavy losses. And if you look at the number of aircraft they loved it, it's quite significant. And that's made it very difficult for anything that flies to live in the forward edge, no near the forward edge of the battle area. The Ukrainians, they've got older technology, they've really braved, they've had some great training from the West, their pilots are quite skilled and they do what they can. However, the kind of radar's and air defense missiles that they have on those aircraft aren't necessarily the right kind of technology you need to identify and engage Russian targets at longer ranges. So that has meant that, obviously, they've been trying to reserve their, keep their aircraft preserved them, make sure that they've got them for if they do need them. But because the Russians haven't been flying much into Ukrainian air space, there hasn't been much need for the Ukrainians to have big combat air patrols that are sat there waiting for something to appear. A lot of it has been, as we've seen, these amazing clips of helicopter flying, virtually touching the ground, they're napping earth flying, flying a lot of roads and such like, in such position where they are protected and it's much harder to shoot them down. So I think that's why we haven't seen much in the way of air activity because both sides have made it very difficult to stay alive. When the Russians have got the S-300 system, which is meant to be a very good defense system, however, the number of missiles that we know is an issue. In terms of the drones question, when you had a question the other day from a listener talking about why use F-16s when you could use drones instead? And there are things we know that drones can do very well. They've been used in a lot of places, they're great for taking out those individual vehicles, we've even seen them used to take out Taliban leader on his balcony in Afghanistan. However, they don't have the situational awareness that a pilot sitting in a seek flying along does. They don't spot things the way he does, they cannot make the rapid decisions that he does. There is a reason why modern air forces still have more ground attack aircraft with seats in them than they have drones. We haven't yet reached point where a drone is that capable. And also, you don't see any drones that are currently being used for any air defense role. So drones don't have those advanced radar systems, those advanced missile systems that we get on fighter aircraft. So I think there are some demonstrators flying the states now that are showing great promise, but they are just demonstrators. They're probably 10 years away from drones being used in an air defense role. You're still going to have a person sat in a seat flying something with a loud lever that's going to be doing air defense until that point. So yeah, drones have a great rolling in ground attack, but they don't yet have a role in air defense. And that's the S16 that people have been talking about. It can do both jobs, you can do air defense or it can do the ground attack role. So it will fulfill a role that drones just can't, but it will also give you a better capability to launch no terminal guided munitions, either laser designated or J-DAM weapons using GPS to try and engage targets. So I think it's something that the Ukrainians do need to have personally because achieving air superiority whereby you can guarantee safety via aircraft in the skies is something that's going to be very important. And the Russians, as we've seen more and more of their ground-based air defense systems are being destroyed. The AFVs that have got cannon and guided missile systems on them, they've been taken out. In fact, those in some ways could make those a priority target. That would be great. Back in my day, we used to, the Russians had a really formidable air defense capability that was tracked and wealded and could move forward with the troops that were attacking. And the idea was that helicopter gunships would actually go in and take out the air defense systems, then leaving your fixed wing aircraft to go in and take out the armour with a much lower risk of being shot down by those air defense systems because the helicopters already killed them. So there is a tactic there that you need to use where you neutralise the air threat and then you go in with your own ground attack aircraft and start attritting his ground forces. Going back to Saiba for a second, David and two, like in the mood possibly, you kind of hinted in one of your earlier messages to me that we, that is you and I and Patrick, might all be potential targets for a bit of Saiba disruption. What form could that take? I don't think necessarily disruption. In the case of RC, it would be a case of trying to eavesdrop on our communications to find out what we know and who's telling us. Where are we getting our information from? So doing some traffic pattern analysis to try and figure out who's connected to whom, who's telling people what, that's probably what they're more interested in. They might try and set up fake social media accounts to discredit us possibly. One of the reasons why I don't have a social media presence is so that that can't be done and I can't be hacked. But I think you'll find it, it's not so much likely that you're going to be attacked and have your systems wiped. It's more a case of they'll just try and co-vertly find out what you know and how you found it out. Okay. Patrick, any last questions? I mean one thing we'd both like to know, David, is you've already talked about this kind of dwindling capability that the Russians seem to have to disrupt in their cyber sense? Do they have any arrows left in their quiver? Do they have anything that they can pull out that might surprise us, do you think? It's possible they still have some stuff that they haven't used. The danger is that cyber attacks have a way of spreading unlike a conventional kinetic weapon system where you can fairly precisely target it and say this shell is going there. Once you put an attack out on the internet, it can spread much faster than you think. A classic example would be the old-stuck Stuxnet worm which was designed to attack. Now one particular Iranian enrichment plant that ended up spreading right the way around the world pretty quickly. And the trouble is if Russia launches a cyber attack of real power, there is a risk that it could end up inadvertently spreading into NATO systems or system systems in NATO countries. And if they do that, they risk triggering Article 5. We have, though, Article 5 is the one that says an attack on one NATO country is a attack on all. And NATO has publicly declared that a cyber attack counts as an Article 5 item. And it's covered in things like the Talen manual which is the manual that looks at the rules of cyber warfare. So like you have the Geneva Convention or the Samarimo Manual on War at Sea, the Talen manual covered cyber war. And that could potentially give NATO the justification to say, right, this is now a war that we can get involved in. Whether they want to or not is another question, but it's a bit of an issue of brinkmanship. Is Russia prepared to take that risk and cross that line? And so far, the fact that they haven't done so shows us that right now the answer is no. So potentially they possibly could. Will they probably not? Okay, David. Once again, that was absolutely brilliant. We're really grateful for your contributions and they really do add massive value to the podcast. Thanks so much. Yeah, you're welcome. I said, I genuinely listen to every show and it's nice to be able to give something back. Well, I have to say Patrick, at the end of a discussion with David, it does fill you with a little bit more confidence in some aspects of this war. It's great to hear, frankly, that this braunted capability that the Russians were supposed to have in cyber warfare has been overestimated. You could say the same thing about their conventional forces and they've obviously tried to attack both the Ukrainians and its Western partners with little success. And we've got to the stage where we can relax relatively speaking at least as far as cyber attacks are concerned. Yeah, I'm just good to hear him say that we've got the upper hand in this very important department of modern warfare. He really brought that home to me how important it is in our, just, you know, the business of living these days, the internet, generally, he said, he made it sound like, you know, it's like an organ of the body. It's like your heart, who your lungs are something, if you don't have it, if it's not functioning, then the state can't live. So I think the fact that we're actually in this enviable position of serious overmatch is something to give everyone hope. It's also encouraging to hear, frankly, that whatever the Russians try in terms of controlling information both within the state and also the population generally, that actually it's almost impossible, as you say, to, you know, to cut off this kind of living breathing organism that is the internet and if people want to get information, they are going to get it. And I think in the long term, both you and I feel that the more sort of, you know, genuine information the Russians get, the more likely they are to turn against support for this war. Yeah, so it's an interesting question, isn't it? I mean, part of one thinks that any information coming from outside Russia is probably going to be treated with suspicion. But historically speaking, people do thirst for information if they're under the boot of an oppressive pattern. I'm thinking about France during the occupation period, 1940 to 1944, where the most listened to radio program was not radio Paris, but the BBC broadcasting from London played an incredibly important role. So I've rather had this image, we were talking about VPNs of this being the kind of 21st century equivalent of huddling around the wireless, you know, in 1943 or something, and you know, fiddling with a novel and hearing London calling. Let's hope that is the case. Yeah, you asked me an interesting question about air power and it did set a straight a little bit, didn't it? I mean, we talked about this a little bit on the last podcast, but it's interesting to think that yes drones have their place, but actually fighters with people in them are so much more than just attack weapons. Their air defense too, they have this, you know, this extraordinary radar capability, but they also have someone sitting in them, a human who can make those instant decisions. And of course, a drone will have a camera and the operator's got a, but is it, you know, he's not a fully trained pilot, is it, is it, is it what we've seen from the Ukrainians? They've got a lot of guys, you know, who just, who just become drone operators, but they're not sort of skilled in all the vital elements of air power. So making it pretty clear to us, you know, the, the most cogent argument I've heard for the fact that the Ukrainians really do need F-60s. This is a sort of pen knife that can do everything it can attack and defend. It's got extraordinary capabilities, and given that it's what 40 years old, that Patrick, it's amazing, isn't it? Some of the kit that we've built. And also his point that even in the days when he was flying Russian pilots were never as well trained, their kit wasn't as good, their engines burnt out too quickly, and you suspect not a lot to change since then. Yeah, I mean, it does again underline the, you know, the fundamental inefficiency of the Russian military at every level. You'd think that something like, you know, fast jets, having them, having the men to fly them, the training, the maintenance, all the rest of it would be absolutely at the top of your priority list. If you'll be a serious military power, but like everything in Russia, it's easiest to be, you know, extremely badly managed, probably riddled with corruption as well. So, yeah, once again, grounds for hope. And final fascinating point made by him about, you know, did, does Russia have anything left in its locker? Well, it might have something left said, David, but is it going to use it, you know, a serious attack on NATO computer systems with the threat that if it does that, it could actually bring NATO into the conflict. And, you know, and David said, well, you know, he suspects they wouldn't do that. So going back to my original point, I think we can rest fairly easily in our beds, as far as the cyber warfare is concerned. Of course, it's just a question of defeating Russia militarily now for the Ukrainians. Okay, well, that's all from us. Do join us next Friday for another episode of news analysis and comment. And then the following Wednesday for our weekly interview for the star guest. Goodbye.