Death by Computation
Anna Engelhardt, website still from 'Circuits of Truth’' (2021)
BEYOND THE WAR/
BEYOND THE WAR/
Death by Computation
Hakan Tanriverdi on Cyber Warfare.
Conceived before the war against Ukraine, the works by the Russian media artist Anna Engelhardt (*1994) are now presented in the time of numerous war crimes inflicted by Russia on Ukrainian territory and people. Engelhardt herself strongly condemns Russian colonial expansion. Her work Circuits of Truth is a website that offers insight into the digital assembly line of fake news and how truth is „produced“.
Hakan Tanriverdi on Cyber Warfare
What is the role of hackers and hacking in this war?
Right after the war began, people were quick to point out that bullets and bombs have a more direct effect than any kind of malware could ever have even if it were working properly – which is not a given, since malware can crash or be spotted by analysts monitoring the network, to name just two possibilities for failure. However, we have seen multiple pieces about such malware installed on systems across Ukraine with the sole intent of wiping everything on them. This happened in the run-up to the invasion, but pales in comparison to "ordinary" warfare. Although it is unclear why this is the case, Russia hasn't seemed to hinder Ukraine's ability to communicate by any means necessary. As far as I can see, analysts point out that Russian troops may have relied on these services themselves for general communication.
We also now know hackers sabotaged satellite modems across Europe on the morning of Russia's invasion, particularly in Ukraine, which had a devastating effect according to senior Ukrainian cyber security official Victor Zhora. This is arguably the largest "cyber-act" in this war so far. Though we do not yet know exactly what happened, there was at least a "huge loss in communication". Viasat has released a preliminary analysis, stating that "tens of thousands" of modems simply dropped off the network. On April 8, hackers recently hacked into an energy company and tried to execute malware. Researchers with ESET who analyzed the incident released a write-up about the event. Apparently, the hackers wanted to take down electrical substations and, by doing so, cut power. This could have had huge implications if successful, but according to the relevant authority, this particular attack was thwarted. It was not immediately clear how many energy companies might have been breached by the hackers, which are called Sandworm and are said to be part of Russia's Military Unit 74455 of the Main Intelligence Directorate (GRU).
Cyber warfare is one domain that states can incorporate into their strategy, whether for espionage and sabotage purposes or to assist ongoing operations during warfare.
How does this change the nature of war?
What I can understand from the analysis by experts in this field is that using tools for espionage and sabotage purposes makes the most sense when you are not already engaged in direct conflict. We have private actors engaging with state actors; what is the power relationship here, is there a David vs Goliath effect or is the state capacity much stronger? States have significantly more leeway, resources, legal protection, operational guidelines, potential access – think monitoring the flow of data via fiberoptic cables, using satellites or plain legal authority – than private actors will ever have. While caught up in the perhaps euphoric moment, private actors need to think through each and every step by themselves, without necessarily realizing how actions taken today will look tomorrow – once they've been outed, they may be doxed or even prosecuted. One prime example would be the case of Conti, the ransomware operatives who published a statement in support of the Russian government only to have their tools and chats leaked afterward by a cyber security researcher who apparently had been listening in for years by that point.
‘Death Under Computation’ traces how contemporary Russian 'smart weapons' have roots in largely-unknown experiments of Soviet military cybernetic research from the 1950s. The project website (www.machinic.info/computation), is intended to reveal the colonial logic at work in contemporary Russian warfare. Understanding its colonial premise can lead to new ways of resistance. The essay extends into material objects for the exhibition, translating the content of the site into physical holograms and textile diagrams.
What are the biggest dangers of cyber war? What are the chances of cyber warfare?
I'd be cautious to use a word like cyber war, just because it implies that it should be considered separately from regular warfare. However, I don't think it's useful to isolate it like that. Conceptually, it is one domain that states can incorporate into their strategy, whether for espionage and sabotage purposes or to assist ongoing operations during warfare.
In this regard, I'd like to point out an implicit escalatory component. Say you want to develop the capability to target wastewater systems with the intent to cause sewage spills. Attacks like these are not done quickly. First, you need time to prepare and scope out the IT environment in several facilities, which may vary in terms of software and hardware. Then you need to develop the actual framework with modules related to these systems, and undertaking which involves trial and error. In most cases, you would therefore start planning large-scale operations of this kind during peacetime. However, if you get caught, your adversary will have to react. They can either simply try to block you or panic and reciprocate by also stepping up their capabilities and improving their IT-infrastructure. Since the main benefit of cyber espionage and sabotage is that these tools are not on display like tanks and rockets, it is hard to know who is able to do what. Thus, escalatory behavior is always a risk.
Analysts warn that Russia could retaliate against the sanctions by targeting critical infrastructure in the United States and Europe.
How could a disastrous cyber attack play out?
To illustrate possible scenarios, I'll stick to two examples. The first one is the attack that happened in Ukraine in 2016. Hackers – called "Sandworm" – took down a swathe of Kyiv's power grid. If you can take out the power grid, it will have devastating effects within a week or two. Analysis of the incident has shown that the hackers were very sophisticated and tried to shut down the system for months (but ultimately failed to do that). As numerous experts have repeatedly pointed out, shutting down a power grid is hard to do. It requires months of research and testing, and you'd need to have capable people overseeing each step in the process. However, it still remains an option.
Number two: Hackers could target safety systems to render them inoperable. Say you have a refinery and you're processing five million tons of petrochemicals. You have safety systems in place to make sure that the processes you're running are neither a danger to your workers nor to the environment. Hackers called "Xenotime" have targeted these very devices and exploited the software vulnerabilities they were able to find. If only "briefly," the framework they developed managed to shut down a facility in Saudi Arabia. Operations like this are said to be highly-customized, therefore they are not easy to pull off. Nevertheless, the mere existence of such a capability is telling, as it is an indication of how far some groups are willing (or ordered) to go.
‘Adversarial Infrastructure’ is an investigation into the volumetric history of the Crimean annexation that employs deepfake technology as a research method. Dissecting the Crimean Bridge, the crystallised artefact of Russian colonial violence that spans through cyberspace no less than an offline landscape, this project aims to assemble a new image of logistical infrastructures as a type of hybrid warfare.
What comes next?
Many analysts I have spoken to caution that Russia could retaliate against the sanctions by targeting critical infrastructure in the United States and Europe. We know that such intrusions have (successfully) taken place for some years now – apparently up to 150 companies in Germany were on a target list of only one hacking group, who called themselves "Berserk Bear." Given this scenario, it is interesting to note that the US Department of Justice has recently released indictments against two hacking campaigns that targeted critical infrastructure worldwide.
Hakan Tanriverdi is a reporter for Bayerischer Rundfunk, writing about cyber security.