War and cyberwar

Garry Kasparov 20 Apr 2022

Real war has come again to remind us that cyberwar, for all its terrors, is not yet on par with the damage done to flesh and family by bombs and bullets.

I usually endeavor to separate my political activities and my cybersecurity and digital rights advocacy, except for cases in which they are inextricably connected. You can say that everything is connected, of course, and that is true, but you cannot discuss everything all the time without losing focus, which is dangerous when focus is required.

But right now, not mentioning Russia in my writing here would be like talking about seeing smoke in the sky and not mentioning the burning house right in front of you. Putin’s renewed war on Ukraine – expanding across the country after his initial invasion in 2014 – will reshape the globe, with security implications present and future.

US president Joe Biden called for people to “harden their defenses” to prepare for Russian attacks online, but what does that mean for individuals? It’s one thing for government agencies and large corporations to dial up their security levels, and they should. But what should the rest of us do that we weren’t already doing before?

Strengthening your defenses

That’s almost a trick question, because how many of us were really doing everything we are supposed to do to stay safe online? Do you have two-factor authentication enabled on your communications and social media logins? Do you use a VPN, especially when you are on public networks like airports and hotels? Like dieting, knowing what is good for you doesn’t help much if you don’t actually do it!

There is already a rise in malicious traffic related to the war and it’s time to take your digital hygiene seriously if you didn’t before. Phishing messages are still one of the leading threats and not everyone has good detection software installed. Think twice before clicking on any link in any email, even if from a trusted source. You can always go to the home website of the institution and log in there.

Avast’s experts also say it’s a good time to make backups of your data and prepare alternatives to accessing various systems we depend on. Would you be able to access important records if a site went down or the internet went down for a day or two? These things might be annoyances now, but you don’t want to be one of those people (we all know a few) who only prepares for an emergency after one happens.

Actions against Russia

Avast has suspended activities in Russia, along with hundreds of other companies, in response to Putin’s invasion of Ukraine. Speaking as someone with friends and relatives still in Russia, it’s always sad to see ordinary people suffer for the crimes of a dictator. But as I wrote many years ago, only Russians can remove Putin, so they must realize that life in Russia will not be normal as long as he’s in power and attacking other nations.

Avast is still protecting its existing Russian users, however, as deactivating millions of accounts would leave everyone less protected everywhere. They’re also making their software free in Ukraine as a gesture of support—especially useful when cyberattacks have always been a favorite Kremlin weapon.

Part of my original proposals to push back against Putin’s invasion was to “send Russia back to the tech stone-age” by withholding services and parts. (Not by using nuclear weapons, as some intentionally misinterpreted the comment!) Russia imports nearly every kind of tech and has few easy substitutions available. If Putin wants to wage war on the civilized world, he won’t be able to benefit from its products, either.

It’s great that so many individuals want to help Ukraine in different ways, from donations to pushing their political leaders to send aid. But I must caution you not to go too far in your activism, or “hacktivism.” There’s been a surge of apps that say they will make distributed denial of service (DDOS) attacks against Russian systems as a way of helping Ukraine.

Who knows, some of these may actually do what they say, but along with legal consequences (DDoS is illegal), and security issues with illicit apps, such attacks could be directed anywhere. Attacks on Russia today could be attacks on Ukraine or any other target tomorrow. You’re basically firing a gun with a blindfold on while someone else directs the bullets.

The group Anonymous says they are hitting Russia too, and such activities cannot be underestimated these days. Tech experts make up a significant portion of the huge exodus of Russians fleeing the country now as Putin cracks down even further on freedom at home. Not content with just censoring the news as before, most social media has been completely banned to prevent the truth of his war on Ukraine from reaching the Russian people, who are fed a diet of vicious propaganda on television.

An entire country disappearing from the free internet

Never before has a large, modern nation essentially disappeared from the large swaths of the internet like this. The disruption is on par with what is happening to the Russian state financial sector as sanctions and boycotts cripple the ability to move money. The immediate consequences for the economy are difficult to calculate, but the ripple effects are also immense and even harder to predict.

At the time of this writing, WhatsApp is still allowed in Russia, possibly because Russian forces are using it after their own secure communications systems reportedly failed repeatedly in Ukraine. 

In efforts of unveiling the truth, privacy violations are committed

Other grim aspects of war have reached some of our favorite topics here, including facial recognition. Ukraine is reportedly using it to try to identify dead Russian soldiers whose bodies have been abandoned on the battlefield. (Transporting bodies and holding funerals reminds people there is a real war with consequences going on, contrary to the Kremlin propaganda message.)

Is it fair to call it a violation of privacy when the subject is dead and the family is being notified? Is all fair in love and war, as the poet John Lyly wrote? This is no small question, as regulations and rights ignored in wartime are often difficult to regain when war is over. Increases in communication intercepts and surveillance, for example, were deemed necessary to counter terrorism after the 9/11 attacks, but most weren’t allowed to expire until 2020, nearly 20 years later, and aspects of them live on still.

For these reasons and many more, let us wish for a peace in Ukraine that will be lasting and meaningful, not merely a pause for hybrid war and rearming. Real war has come again to remind us that cyberwar, for all its terrors, is not yet on par with the damage done to flesh and family by bombs and bullets. Stay safe, my friends.

--> -->