Russia is considered a country that does not prosecute cybercrime, so the fact that several cybercriminals from the ransomware group REvil have been arrested here since January came as a surprise at first. Politically, however, we are moving into a minefield. The arrests can – as a sign of goodwill – contribute to easing the tension in the Ukraine crisis. But if the crisis intensifies, they can also serve as preparations for state-sponsored piracy and economic warfare.
Security researchers noted with satisfaction that this led to fears and confusion in the cybercrime scene. They feared losing a safe haven in Russia. But ransomware actors, like the buccaneers of the seas, are only a pawn in politics. The fact that members of REvil in particular were arrested can be taken as a clear sign. At the time, the group was behind the attack on the Colonial Pipeline in the USA – the only attack on a critical infrastructure that triggered a more than clear political reaction. In this way, Moscow is sending a signal to potential copycats that has also been interpreted as a concession by Western observers. In an escalating conflict with Ukraine, as we are currently witnessing, it would be inconvenient for Russia for various reasons if cyber criminals attacked critical infrastructures in the West, thereby automatically limiting its own political room for manoeuvre.
Two types of cyber warfare
Forms of cyber warfare, such as cyber espionage, disinformation campaigns or disruptive attacks on a country’s critical infrastructure or server systems can only be understood by those who understand the nature of cyber weapons. Limited impact can be achieved with smaller actions – we have been observing this for more than ten years. Because it is not possible to capture the originator and their motivation beyond doubt, they are political weapons that have an effect as long as they are able to scare people.
Larger incidents that target critical infrastructures or entire IT systems of a country, on the other hand, are extremely difficult for state perpetrators to control – and thus actually unsuitable as weapons of war. NotPetya from 2017 serves as an example. This attack initially appeared to be an extortion attempt, but was almost certainly a disguised state cyberattack, because the technology used to spread it and the damage it caused were enormously advanced, in contrast to the ransomware portion, which was so underdeveloped that it can be assumed to be a diversionary manoeuvre rather than a monetary motive. Ukraine was considered the main victim, but European, American and Russian companies were also affected by NotPetya.
Because like nuclear, biological and chemical weapons, digital weapons cannot be limited in their effect. In a networked world, they affect everyone. Anyone who uses them as a weapon in a conflict must expect to hit non-participating nations as well as himself sooner or later. If, on the other hand, the perpetrator tries to use the weapon in a controlled manner, he needs personnel to “supervise” its effect. This requires specialists to ensure success for each targeted company, for example. The number of possible victims is automatically limited by this high expenditure of resources.
De-escalation instead of hackback
Previous incidents such as Stuxnet, an effective computer worm uncovered in 2010, or NotPetya have proven: It is possible to cause enormous damage with targeted actions. An adversary could use weapons like these to cause massive problems for another nation in an escalating conflict – with consequences for other states. Because just like the use of a nuclear bomb, an uncontrolled digital escalation of the crisis between Russia and Ukraine would also have consequences for Germany, Europe and the whole world. But since the consequences are much milder than those of a nuclear threat, this scenario could be less of a deterrent for military “hawks”.
This makes it all the more important to put diplomatic conflict resolution in the foreground. In fact, it can be assumed that every country today has the means not to react defensively alone. The German government, for example, is at least in possession of the necessary technology for a hackback to be able to strike back in the event of attacks.
Cyber warfare is now firmly established in some nations, and attacks are consequently used strategically. However, state perpetrators are usually more interested in manipulating public perception or staging diversionary tactics through cyberattacks, rather than causing lasting, widespread disruption – to critical infrastructure, for example. The psychological effect prevails at this point. Truly successful cyberattacks produce only selective and difficult-to-assess damage that at best paves the way for a conventional strike, but does not replace it.