Disrupting cyberwar with open source intelligence
For better or for worse, warfare drives technology innovation. World War I turned the airplane from a rickety contraption into an essential force in battlefield dominance; World War II brought us jet planes, radar, and atom bombs. Today, attacks come through the Internet, not from the sky—and so do the responses.
The cyberattack offensive that Russia launched in Ukraine in 2014 introduced a new doctrine, hybrid warfare, that blends special-forces military action, sophisticated propaganda, social media manipulation, and hacking. And the resistance is coming from volunteers who work together.
Little green men
The bitter cold of February 2014 did little to discourage the huge crowds of democracy-minded Ukrainians that thronged the streets of Kiev, Ukraine, to protest the pro-Kremlin policies of autocrat Viktor Yanukovych. After the crowd occupied the city’s central square, riot police moved in. Scores died in the pitched battles that ensued. Public indignation was inflamed, and on Feb. 22, Yanukovych fled to Russia. Jubilant street parties erupted as the opposition took control of the nation.
But Ukraine’s struggles were just beginning. Yanukovych’s patron, Russian President Vladimir Putin, was in no mood to let a country he viewed as a client state drift away from the Kremlin fold. He was prepared to act—swiftly, decisively, and in a way that few in the West anticipated.
Shortly after Yanukovych’s ouster, a journalist living in Crimea, Roman Burko, got a call from a friend serving in the Ukraine armed forces. “He said that they were being attacked by ‘little green men,’” Burko recalls. These soldiers, who wore no insignia, were supposedly locals who had spontaneously organized themselves into militias. Yet they seemed suspiciously well-organized and -equipped.
As the mysterious troops seized the local parliament building and other key strategic sites across the peninsula, Burko ran out to film what was happening and uploaded his video to YouTube. One viewer, a soldier who had served in Georgia’s conflict with Russia, identified the troops’ equipment as belonging uniquely to Russian special forces. The truth was out: The spontaneous local uprising was really an invasion. Soon, a similar uprising was underway in Eastern Ukraine, and the country was embroiled in a burgeoning civil war.
Amid a swirl of conflicting stories, however, it was hard to tell what was really going on. Russian-backed media circulated stories of horrors that it said had taken place at the hands of the Ukrainian Army, but in many cases, the accompanying photos had been taken in Syria and other war-torn countries. Other reports, such as one claiming that Ukrainian soldiers had crucified a 3-year-old boy, were fabricated from whole cloth.
It quickly became clear that Ukraine was under a uniquely 21st century kind of attack: so-called hybrid warfare that combines traditional tanks-and-guns military action with information-space aggression that combines propaganda, hacking, and disinformation. NATO’s top military commander, Gen. Philip Breedlove, called Russia’s attack “the most amazing information warfare blitzkrieg we have ever seen in the history of information warfare.”
“We came to understand,” Burko says, “that information has power and strength.”
Technologists step up
At the time, Ukraine had virtually no functioning government and an army that was in a state of disarray. But as politicians dithered, an army of youthful Internet-savvy volunteers—ethical hackers, investigative journalists, data analysts, and overseas activists—banded together to fight back.
One of the first to respond was Yevhen Fedchenko, director of the Mohyla School of Journalism in Kiev. “I heard what the Russian media was saying, and I was amazed how they twisted the narrative around,” he says. At the time, there were more than 80 Kremlin-linked media outlets in the country taking part in a coordinated effort to sow disinformation. Fedchenko realized that if someone didn’t do something, all could be lost. “If they can make people believe a narrative, it becomes true,” he explains.
Together with student volunteers, Fedchenko founded StopFake, a group that used old-fashioned reporting techniques like phone calls and shoe-leather investigation to sort out the fake news from the real. Despite having scant resources at its disposal, StopFake got its findings out to the public over the Internet.
As of today, the group has debunked more than 2,000 false news items on its website and is recognized as the most reputable fact-checking site in Ukraine. Recalling the early days, Fedchenko says the urge to do something was overwhelming: “There was no room for doubt. It was us, or it was nothing.”
Inventing open source intelligence
Other like-minded Ukrainians launched their own parallel efforts. Following his YouTube success, Burko founded a group called InformNapalm to conduct its own investigations. InformNapalm volunteers pioneered a technique called open source intelligence (OSINT) that involves painstakingly culling clues from social media websites and other online sources.
For instance, when Russian intelligence promulgated multiple false narratives blaming Ukraine for the shootdown of Malaysian airliner MH17, InformNapalm pieced together dash-cam clips and Facebook postings demonstrating that the missile launcher used in the attack had been sent in from Russia the night before. Ultimately, they identified the specific Russian Army unit it came from and even sourced photos of the unit’s officers. InformNapalm’s research is the foundation of an international criminal prosecution now being prepared in the Netherlands.
InformNapalm sometimes teams up with other groups that bring their own particular investigative skills to the table. One is the hacker collective Ukrainian Cyber Alliance, or UCA, which formed after Russia launched a wave of hacking attacks against Ukrainian infrastructure. “We knew our security services could not track all the threats, so we formed a hacking group consisting of computer security professionals,” says the group’s spokesman, who goes by the nom de guerre Sean Townsend. “We could not sit calmly at home while other guys were fighting in the trenches to keep us safe, so we decided to do what we do best.”
In one particularly brilliant stroke, the group broke into the email account of Vladislav Surkov, the Kremlin advisor who oversaw the invasion of Eastern Ukraine. Among the documents they recovered were details of food supplies delivered to two Russian Army units deployed into Ukraine. Russia claimed that the stolen data was fraudulent, but UCA turned the material over to InformNapalm, which used OSINT to not only confirm the veracity of the emails but also identify 60 individual Russian Army soldiers from the units in question.
Fighting the information war
Today, nearly five years after Russia seized Crimea and invaded Eastern Ukraine, the ground war is at a stalemate. But the information war remains fluid, with each side constantly maneuvering for advantage. The stakes couldn’t be higher. “It’s not just disinformation per se,” says Alya Shandra, co-founder of the pro-democracy media group Euromaidan Press. “It’s part of a larger strategy to undermine society and bring it down.”
Many in Ukraine feel that Russian hybrid warfare is a phenomenon to which their counterparts in the West should pay more attention. Ukraine is a poor country by European standards, and its economy continues to be ravaged by war and corruption. But at least the country recognizes the nature of the threat.
Meanwhile, the public in the United States and Great Britain seem curiously disengaged from the fact that they, too, are on the receiving end of hybrid warfare, despite compelling evidence that Russian intelligence subverted the 2016 US election, helped pass Brexit, and is promoting anti-democratic political parties across Europe. “One reason Russia has been able to operate as they have,” says Fedchenko, “is that no one understands the level that they are operating at.”
For Ukrainians, Fedchenko adds, it’s been painful to watch Russia reuse the tactics it tested in Ukraine in its attacks on the larger world. “It’s been frustrating for us,” he says. “We feel like we tried to warn you.”
Responding to cyberattacks: Lessons for leaders
- Since 2014, the concept of cyberwarfare has gone from a metaphor to an actual lynchpin of bombs-and-bullets conflict.
- The threat doesn’t just come from malicious hacking, but also from subtler forms of manipulation like flooding social media with malicious disinformation.
- There are no easy answers, but one effective counterstrategy is to empower motivated volunteers to cooperate in online investigations of dubious information.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.