This morning, Russian President Vladimir Putin ordered “a special operation,” allowing armed forces to move into Ukraine. The offensive wasn’t just limited to military forces, as Ukraine faced major internet disruptions.
In this story, we’ll aim to summarize how information flow in the war-affected country has taken a hit.
Yesterday, the State Service for Special Communications and Information Protection of Ukraine said several government websites were under a DDoS (Distributed Denial of Service) attack. As such, users wouldn’t be able to access these critical sites in the midst of this crisis.
Today, the authority said, “phishing attacks on public authorities and critical infrastructure, the spread of malicious software, as well as attempts to penetrate private and public sector networks and further destructive actions have intensified.”
It has advised citizens to back up critical information, and isolate workstations that are not important at the moment.
Later in the night, researchers from security firm ESET said thousands of computers in Ukraine were under a malware attack. They found that this data wiper malware was aimed at corrupting data and taking over servers. Currently, this attack is not being attributed to a particular threat actor.
Breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n
— ESET research (@ESETresearch) February 23, 2022
Netblocks, an agency tracking internet disruptions all over the world, noted this morning that internet services were disrupted in Kharkiv, Ukraine’s second-biggest city, after Russian forces attacked it early today. It isn’t clear if the infrastructure was damaged by shelling. The tweet describes this as happening after explosions were heard in the city.
⚠️ Confirmed: Significant internet disruption registered in #Ukraine-controlled city of #Kharkiv shortly after huge explosions heard; users report loss of fixed-line service on provider Triolan while cellphones continue to work 📉
— NetBlocks (@netblocks) February 24, 2022
Infrastructure company Cloudflare noted that it had seen a small uptick in cyberattacks against Ukrainian government websites, and it’s actively keeping an eye on the situation in the country.
Misinformation and Telegram’s role in it
Telegram is one of the most popular communication channels in Russia and Ukraine. As Jordan Wildon, a misinformation researcher noted, that app could be a key source of information to people in that region.
One of the examples is Ukrainian President Volodymyr Zelensky’s recent address to the people of Russian through Telegram. As MSNBC reporter Cal Perry noted, he used the app to broadcast his message, because Russian media might not air his address — given the state has tight control over press information. After Russia began its attack, the country’s press watchdog, Roskomnadzor, indicated local media to use only state verified information.
Astonishing moment of this crisis – the address posted to telegram – likely an attempt by the President of Ukraine to reach as many people in Russia as possible knowing Russian media would not air the message – https://t.co/HtuEKNKBc6
— Cal Perry (@CalNBC) February 24, 2022
Freelance reporter Justin Ling tweeted that several pro-Kremlin channels are justifying Russia’s invasion as steps to “denazify Ukraine.” This statement doesn’t make sense, as Ukraine is led by a Jewish non-nazi president.
Last week, Eliot Higgins, founder of Bellingcat, an Amsterdam-based investigative outlet, dissected a false video circulated on Telegram that showed “Polish speaking saboteurs” attempting to blow up a storage tank in Gorlovka.
Anatomy of a Russian Seperatist False Flag – On February 18th the Telegram channel of the press service of the People's Militia of the Donetsk People's Republic published the following video, claiming to show a sabotage operation targeting chlorine tankshttps://t.co/Syk8NG2zKx pic.twitter.com/R4mfggxbPg
— Eliot Higgins (@EliotHiggins) February 20, 2022
On February 18, a pro-Russian separatist leader published a clip on his Telegram channel “ordering emergency evacuations” from eastern Ukraine to Russia. However, Bellingcat found from the metadata that the video was created two days prior.
Kiev Post now spreading disinformation! This is not a Russia Air Force fighter shot down. It is a Russian Mig 29 which crashed at Fairford air display in 1993 https://t.co/m3a5yg6pTF pic.twitter.com/Dxx7DrGikR
— ᗰᗩᖇᑕEᒪ ᐯᗪ ᗷEᖇG (@marcelvandenber) February 24, 2022
What happens next?
In a tense situation like this, the internet plays a key role for people in affected countries to get reliable information from verified sources about what’s happening to them and around them. Internet shutdowns or service breakdowns in those regions could have devastating effects.
In a story last week, the New York Times pointed out that some of Ukraine’s internet services were being partially disrupted.
Experts noted that Russia could target the country’s telecommunication services to create an information blackout. However, given that Ukraine has more than 2,000 internet service providers, it could be a difficult task.
On the other hand, Russia could face tech challenges in the coming days, as the US is pondering new restrictions on the country.
Reuters reported that as a part of these sanctions, it could prohibit US-based companies from providing services to Russia. That could halt sales of future devices and cloud services that are critical for tech infrastructure.
We’ll update this story as the situation develops.