Skip to main content

A laptop screen displays a warning message in Ukrainian, Russian and Polish, that appeared on the official website of the Ukrainian Foreign Ministry after a massive cyberattack, on Jan. 14, 2022.VALENTYN OGIRENKO/Reuters

Municipal engineers have found ways to deliver drinking water without electricity. Hospitals have bolstered reserves of blood and filled storerooms with enough medication and bandages to last until late spring. And government generators have diesel to run for months.

The Ukrainian city of Lviv lies hundreds of kilometres west of the capital, and farther still from the eastern border regions adjacent to some of the estimated 130,000 Russian troops who now surround much of the country.

But the scale of preparations here underscores worry that a Russian invasion, if it happens, could rain destruction across the country, not merely through armaments but with a new offensive of cybertools that have already shown their capacity to disrupt critical functions.

“We are enhancing the city’s capacity to live under extreme circumstances,” Andriy Sadoviy, the mayor of Lviv, said in an interview Monday, describing his task as ensuring “the city’s survival.”

To prepare, “we’ve looked at all possible attacks,” he said.

The Kremlin signalled Monday that it is ready to keep talking with the West about security grievances that led to the current crisis, offering hope that Russia might not invade Ukraine within days as Western officials increasingly fear. But Russian President Vladimir Putin has vowed to take “military-technical measures” if Russia’s demands aren’t met.

For years, Ukraine has been a target and proving ground for cyberattacks – a place dubbed by Wired magazine as “Russia’s test lab for cyberwar.” Hackers have shut down power plants, stolen personal information and deleted data in a melee of digital attacks that number in the thousands per year. More than five years ago, then-president Petro Poroshenko publicly blamed the “direct or indirect involvement of secret services of Russia, which have unleashed a cyberwar against our country.”

Since then – and in particular in the past few months – cyberattacks “are much more intensified,” said Liubov Tsybulska, the founder of the Centre for Strategic Communications and Information Security, which is part of Ukraine’s Ministry of Culture and Information Policy.

Such tools could be used in an invasion to “paralyze” the country, spreading dysfunction and disinformation in ways that “create chaos and panic – and a situation where the state is not able to govern itself,” she said.

Now, however, anxiety of a coming Russian invasion, elevated by reports from the U.S. that an attack could take place this week, have reinforced long-standing fears of Moscow deploying its considerable capacity for digital attacks in an aggressive new phase of cyberwar.

Cybertools can be used to disable critical infrastructure, such as the 2015 and 2016 attacks in Ukraine that remotely shut off power to hundreds of thousands until it could be manually restarted. “In case of emergency or war,” a brochure produced by the Ukrainian government last year warns citizens to secure sufficient gasoline for an evacuation and an alternative source of heat in case there is no central heating or electricity.

Previous attacks have shown how malicious software can be quietly inserted into critical systems, sometimes years in advance. “It’s like a secret agent,” said Nazar Tymoshyk, chief executive of UnderDefense Cyber Security, a Lviv-based firm with clients around the world. Havoc can be unleashed with the sending of a computer command.

A major Russian attack also stands to set loose other groups against Ukraine, such as Russian cybercriminals, already among the world’s most capable. “They may also support the Russian government, because it’s open war,” Mr. Tymoshyk said. Such groups could disable, for example, a supermarket accounting system. “People wouldn’t be able to buy food because the supermarket would be paralyzed,” he said.

The number of Russian troops amassed on Ukraine’s borders does also suggest another possibility, however: a shooting war without any need for a cyberoffensive. “In the face of missile and air strikes, it’s hard realistically to see what you do online to make things any worse, or cause further disruption,” said Robert Pritchard, director of Cyber Capacity Unit, a London-based strategic consultancy.

Russia’s military planners have the option, too, of attacking internet exchange points to leave their target digitally in the dark at the outset of an offensive, frustrating the flow of information internally, and to the outside world.

“They could easily shut it off with kinetic strikes,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a Washington-based research group, who is an authority on Russian digital attacks. He has called Ukraine a “cyber-battlefield.”

Also possible, Mr. Alperovitch said, are attacks that “would make the Ukrainian population think that resistance is futile,” such as replacing radio and television broadcasts with propaganda, and sowing misinformation.

Two years ago, a small community in eastern Ukraine witnessed a striking example of what is possible. In the early days of the coronavirus pandemic, authorities chose the small community of Novi Sanzhary to quarantine travellers arriving from Wuhan. News of the arriving travellers spread at immense speed, aided by a group on the chat app Viber, in which someone warned: “50 infected people from China are being brought to our sanitarium. We can’t afford to let them destroy our population, we must prevent countless deaths. People, rise up.”

In short order, thousands of people were added to the group. But when some tried to leave the group, “it was not possible,” Ms. Tsybulska said. They were added back within minutes. Even people who travelled to Novi Sanzhary from elsewhere found themselves added. Then, an e-mail began to spread in which the Health Ministry confirmed that arriving travellers had COVID-19. It appeared to come from a real government e-mail address, but its content had been faked, authorities said. None of the arrivals had tested positive.

Local residents suspected a Russian attempt to sow chaos – one that proved successful. Residents used farm equipment to block a road. Women threw stones at buses with arriving travellers. Nine police were injured and two dozen people arrested after a riot broke out that Ukrainian President Volodymyr Zelensky called “medieval.”

The frequency of attacks from Russia has also given Ukraine years to prepare its defences, bolstered by funding and expertise from NATO, the U.S. and Britain.

Companies from gas stations to the postal service have begun to take cybersecurity seriously, said Yuriy Syvytsky, who is on the board of Intecracy Group, an alliance of information and technology companies.

It doesn’t hurt that Ukraine remains “old-fashioned” in some ways, he said. Only a fifth of people have used online banking, a bank survey found in 2020, while just under half of the country’s payments are still made in cash.

Besides, the country boasts its own talented hackers, some of whom have helped to test domestic corporate defences – and have in past moments of crisis shown skill in staging counterattacks.

If Russia aims fresh cyberattacks at Ukraine, it could bring “temporary shutdowns,” Mr. Syvytsky said. “But I don’t think it could last long.”

With a report from the Associated Press

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.