Electronic Weapons: Cyberwar Devastates Russian Internet

Archives

September 14, 2024: In July 2024 Ukraine carried out a surprise electronic attack on Russian internet access. This was accomplished by using the largest DDOS distributed denial of service attack ever. The attack disrupted all major Russian internet systems, including financial institutions, government networks and internet-based communications. This included messaging apps and social networks.

These attacks are usually carried out by first using a computer virus, often delivered as an email attachment that installs a secret Trojan horse type program that allows someone else to take over that computer remotely and turn it into a zombie for spamming, stealing, monitoring, or DDOS attacks to shut down another site. There are millions of zombie PCs out there and these can be rented, either for spamming or launching DDOS attacks. You can equip a web site to resist, or even brush off, a DDOS attack but the Ukrainian attack was so massive and well planned that Russian DDoS defenses were of no use.

It took about three weeks to get the Russian internet back to normal, although some systems were so heavily damaged that it will take months to get them running again. Major commercial, government and military systems were damaged or offline for weeks while repairs were made. The Ukrainian attacks were so massive, hitting internet targets throughout Russia, that there were not enough Russian internet engineers to repair all that damage immediately. That means systems that are not critical will be offline for weeks or months.

Russians fear the Ukrainians will launch a similar attack before all the damage from the recent one is repaired. Russia has long been a leader in such attacks, but the Ukrainians prepared for that before the Russian 2022 invasion and upgraded their internet defenses. Russia was not as well prepared and was vulnerable. Some Russian internet engineers warned their government of the vulnerability but not enough was done.

Attacks like these are more common now but have been for over two decades. One example occurred in 2011 there was an odd incident in South Korea, where a widely distributed computer game appeared to be infected with malware. What caught the attention of South Korean military intelligence was the fact that the malware was hidden in every copy of this game and, at one point, many of the 100,000 infected PCs tried to shut down the air traffic control system at a major South Korean airport.

Further investigation revealed that the airport attack was part of a growing Cyber War campaign by North Korea against government and military websites in South Korea. One of the most disruptive North Korean Cyber War weapons was DDOS attacks. You can equip a website to resist, or even brush off, a DDOS attack and some of those attacks are prepared. But others were not. The South Korean airport was disrupted for several hours. The Russians suffered even greater damage in 2024. North Korea has launched DDOS attacks and attempted to hack into South Korean networks for over twenty years. This is a continuing problem for South Korea and Japan, which have had to construct large scale internet defenses to provide some protection from further North Korea attacks via the internet. Most North Korean attacks are for financial gain. North Korea is perpetually broke and always in need of more cash. North Korean hackers have turned many foreign internet systems they have hacked into their own private ATM.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close