Cyber Warfare - A Reality Check

Good morning everyone. Thank you so much for having me today. I'm really glad to be here and to share the experience that we right now as a Ukrainian community working in the field of malign information campaigns, cybersecurity and all, all other types of domains are actually going through right now processing and really eager to share with you so we could build, build together a better resilience to. So the first actually military buildup that Russia was doing is actually started in spring 2021. There was a lot of things happening over there.

Also, a lot of concerns about like, okay, is Russia gonna attack or not? I'm responsible for monitoring information environment 24 per seven basically. And back in spring when I looked at the information environment, I was 100% calm. Basically I was just furnishing my apartment in Kiev and don't really care about the Russian military buildup because from the perspective of information and communication security, there was no science that that's gonna happen.

But a few, few months, basically after like I continued doing my job basically monitoring information environment, and that was the moment when it was very clear, it was actually September when my team and I, we had this clear understanding that full scale invasion gonna happen. Of course, I'm ex, I'm far away from being like military person or having any clue of what actual kinetic war means.

But from the perspective of malign information campaigns we were seeing like quantitatively and in terms of diversity of the messages and where that kind of malign information campaigns coming from Russia attacking Ukraine and other countries where they were basically pushing us to. So that was like the things that we saw only from monitoring malign information campaigns, just not, not really reading any experts on military things. And just to go back a little bit, so basically we understood that that's gonna happen.

There's gonna be a full scale invasion and there were like the, the the close say it was to the date that it actually happened. The more and more indicators were out there. So first we had various cyber attacks back then I would say resisting pretty good, but like overall the same was happening in the information environment. There were like a lot of, a lot of things happening. And basically on the morning, on 21st of February, I woke up in Kiev like 10 minutes before the first hits. I don't know why I just woke up, you know, sometimes happens.

And then I realized that it's like, okay, the full scale invasion is happening. It's completely not like we imagine it, it's like it's cave. We hear explosions in cave, I hear them in my apartment and the first thing that like, okay, what can I do from my side?

I was like, okay, we have to, we have to see the information environment, what's happening out there and how like we as like detected civil society organization, Ang and other civil society organization together with the state, how can we make sure that people in Ukraine actually average people are able to resist all that enormous flow of disinformation that is flooding the information environment.

So, and right, like I, I opened my laptop and I started like doing the work and that was the moment when, just like in, in in few hours, that's the footage basically from our office, right on our office. So what happened actually is that just around man came to our office knowing that assuming what we are gonna do and how we're gonna resist basically Russia in information communication domain.

He just opened the laptop and started trying to basically hack through wifi rotor in our office, the whole website and the system, his attempt was like unsuccessful because right at that moment our it, it team was in the office. So they just basically shut everything off and he just sit in the car and drew away.

We don't, we have no idea who this man was. You know, it was kind of not for police thing to like to go when you have full scale war.

So, but that's what happened. But what I want to say with that, that basically we, but we were prepared to that because actually Russia and Exia back in 2015, Russia invaded Ukraine firstly in 2014. Back then we were completely not ready for that. We were not completely ready for like any kind of resistance in terms of hybrid warfare, meaning that cyber was, cyber defense of Ukraine was completely weak back at the time. I think you all know what, what basically how, how Russia cyber attacked right before ation of Crimea. The things was mobile phone operators and other things.

And the same was in terms of propaganda and disinformation attacking like Ukrainians and all around the, the world. But starting from there, we all, we were like understanding that we have to build our capacity and to be able to actually protect ourselves, protect the information environment. And it was like kind of very hard thing to do because what Russia, like the main narrative of Russian propaganda for all these years have been and still is that Ukraine is basically a failed state. That Ukraine cannot exist. That it does not have the capacity to exist as a state.

And in terms of like especially cyber defense, they were, it was very easy for them, you know, to prove that by like hacking infrastructure things just distorting everyday life. Just for you to give one example, there is one fake like with trace back that is coming from Russian information environment because I, when I saw firstly, I was not sure that it is like it, it doesn't, it didn't really look like it.

It's, it says basically and they are sending it to Ukraine's information environment constantly the same fake since basically 2015. That private bank, which is like Ukrainian bank back then owned by one, one of the oligarchs that tomorrow like the prove bank app is not gonna work, the bank is gonna collapse, just go run, take out your cash. And they were doing it constantly, you know, and people were actually buying it of course with every year it was easy and easier.

But people were doing that and that's like even this small fake, you know, and, and several times they actually tried to hack private bank to really make this fake come into life, you know, so that people would be really stressed about that.

And that's how they even like with this very small fake, they illustrate this huge narrative that Ukraine is kind of failed state because in the mindset of the people imagine regular person like, like looking this piece of information on Facebook and like, okay, I have to, I have to go, a person is in panic going to the bank trying to, to save the money basically. And thinking in that time that like of course it's happening of course because like of course Ukraine's economy is weak, our banks are are terrible. Like everything politicians are corrupt.

Ukraine is basically failed state, no point to exist, no point to fight. So that's basically, I'm simplifying the logic pretty much here, but that's how actually malign information campaigns work and that's how they are very much combined with other, other domains and, but like a little bit about the expectations, as I said, we were preparing, but we like all, all of us, I mean we were closely working with the different state agencies, private companies. We were trying to, to get ready as much as possible.

So what we really expected, we really expected very heavy cyber attacks on basically critical infrastructure together with malign information campaigns. Because it's usually either malign information campaign starts and then you have the cyber attack or device versa. You have the cyber attack and then it just being followed by the malign information campaign. We really like the, the, the most likely scenario that we were preparing to is that the Ghana hack mobile operators so that there is no connection, no internet and imagine like the panic in the country.

Like you hear the, like the bombs, but you cannot call, you cannot get any information about what's happening. So that's basically what we had in mind. Then disabling all the channels of communications official one and TV media, like also all the media like online outlets, months before that were like preparing for that. Like everyone was preparing to any kinds of DDoS attacks, whatever, like everyone was investing in that. Of course we expected a lot of AI driven this information.

We really were like, I'm personally, I was so afraid with about deep fakes in in the full scale war, you know, but, and, and and perfectly doctored images also, we expected that a lot. So these are expectations that we had. Pretty logical, pretty obvious I would say nothing, nothing extra. But what we really see here, what, what actually happened, Oh you cannot see the other part of the, it's okay, it's just the same that it was on the previous slide, but just for you to understand like what actually happened. Most of the cyber attacks coming from Russia were unsuccessful.

So what like what they started doing, they basically started bombing the infrastructure. The same like happened with a TV thing is that they were trying to hack it several times if they were not successful in it. So they started bombing TV towers because that was the only way in their hats how they can kind of destroy, destroy the television basically destroy the communication. The only successful attempt there was is a very ridiculous one on, on the TV marathon. I mean since the start of the full scale invasion, all TV channels united their broadcast in one one TV marathon.

So they hacked on the TV marathon. That's small line, you know, that's running live with the updates that were saying that like Ukraine has lost the war. But it was very ridiculous because you have the TV host that are saying completely different things and you could easily check in any other source that it's basically not true. The same with the defects. We were super afraid of that and actually if you're interested in that, but the case of deep fake is like the best case of pre banking that I have seen personally for a very long time.

When basically Ukrainian security services informed that we have the information Russians are preparing a deep fake with Zelensky saying Ukrainia is losing. And then the whole like media community journalist started like explaining to people what are deep fakes, how they work and if they were so successful that we ended up having so many memes about, you know, like people in the village like 80 years old saying like, have you seen that video of the landscape?

Like, oh it's deep fake, don't, don't you know about it. So it actually went really viral in terms of that and the the the last things that very terribly doctored pictures, we still, just for you to understand that still a lot, a lot of things that we understand that they are coming from Russia is basically about them leaving metadata on files. That's still it.

It, it sounds surreal but still they do that a lot. And the second thing is that they use Google translator because for so many years they haven't managed to actually, you know, hire Ukrainian proofreader.

So they, they do use Google translator and it gives like a lot of mistakes in there actually. It basically translates the, the surname of the landscape not correctly. So it's very easy to spot that as well.

So that's, that's what we actually got that just a famous deep fake that we got. You could just find it and watch it. The sound is even worse than the image itself. So it actually became a meme but not a threat. But what they are good at, basically they are very good at social media listening and they are heavily using it for the military actions. There are like numerous cases when they were taking data from the social media to coordinate some of the actions on the battlefield.

Also huge problem with personal data, personal data of military personal because they basically like can get a lot of things from their Facebook pages and stuff even though they're like trained not to, not to post a lot of things there. But still what they're doing and what we uncovered is that one of Russian propagandists, he, he has Ukrainian origin so he kind of pretended that he has some special context in Russia and he's gonna help Ukrainian families find the soldiers that are potentially being held prisoners that he's gonna help them.

And basically what he was doing is collecting all the personal information from the families, like basically everything and you and you imagine the families being in that state that you haven't contacted your loved ones for some, some period of time. You have no idea if they are alive. So people were actually giving up everything and it was like having this database, it was like publicly available, you could get it, you could look into it like with thousands of records in there.

So these are the things they are really good at, actually good and not so under because previously like I was trying to show how they actually failing and I think that's a very important thing because we are very often, you know, fascinated with the problem more than with the solution and the successes that are out there. So I think it's very important to understand and reflect the weak sites over there. But another thing they are very good at is basically going hyperlocal when it comes to propaganda and disinformation and malign information campaigns.

So social media assisted the data for June 20th, 2211 countries plus Baltics we had in Russian segment. And basically the list of narratives is exactly the same, but their priority and like in the information space of each country is completely different. Just have a look at Hungary, you see the top narratives, the US NA are weak and will break apart.

You would not see that kind of narrative in the top in Estonia for instance or some other countries like, so basically they are very good at going hyperlocal and that is something that unfortunately is even working much more effectively in in European countries and democratic countries. I mean in Ukraine they are also doing that a lot. They're pretty good with that.

But still, and that is just like from our data we were collecting. So when they realize basically that these heavy cyber attacks are not successful, they decided to attack people on the personal level. So that's when we started getting a lot of fishing, a lot of messages for like average people started getting a lot of fraud schemes, a lot of faked petitions in the way how they were collecting the personal data from the people. A lot of doctored images. And that's basically the graph when how many like cases we were recording per day for this period of time.

So you per day just an important thing. Like you see that some days you have like even eight, eight pieces of that. That's the unique, unique things like not not repeating. So that's kind of a lot like really a lot. And that's a huge challenge because it's often combined with of course with some online information campaigns with social media and for people whose digital literacy is quite low, it's huge, huge threat.

You know, and again, what they're doing good is that even this very small tiny pieces, this fake like the fishing letter or something, it builds up in the whole system in a huge system that pushes the key narratives of of propaganda, disinformation and that's what makes them really scared. But just to summarize and to say that the main goals of Russian propaganda, disinformation and hybrid warfare is basically to pursue Ukrainians. That it's time to give up that just go to Russia and, and and leave your life happily over there.

And a lot of, a lot of narratives and messages, they are attacking Ukrainian leadership, political leadership, Ukrainian volunteers, top narratives are always about nature. A lot of conspiracy theories out there. But that's a very fascinating thing that despite all of that, despite all of the enormous resources that were put into it, as of August over 90% of Ukrainians believe in Ukraine's victory. 84% still wants to join NA or 90% wants to join eu.

So, and why I'm bringing it, just to summarize it, is that I think that Ukraine has this great experience, unfortunate experience I would say, but great experience in actually looking at the, at the security from the perspective of cyber information communication and cognitive security. And that's a very important shift I think that we all have to, to make and stop looking at cyber only within cyber or like cognitive only within cognitive because what's happening in Ukraine right now is the example that all together all combined and the same.

And these are like the components basically of resilience to that. And the way how those, these numbers that I showed about how Ukrainians are resisting, these are the actually the building blocks of the numbers you see out there. And these are the things that Ukraine with the help of a lot of international partners from different countries around the world was working with and was building. So just to say that I, I would leave with two points is that first this multi multidimensional, multifaceted perspective on that. Second is we have to be very much invested in actually analyzing successes.

Not only being fascinated with the problem, especially when it comes to malign information campaigns because when we look for them we will always find them. But I urge you to look at the bright side and say that we do have a lot of thing as the democratic countries to be actually proud of in that regard. Thank you. Thank you very much. Caina.

I can, I think you can tell from the applause how much people enjoyed that. We're running a little bit over time, but I'll allow a quick question or two.

No, No, just keep running over time. I wanna hear the Questions. The thing you said at the end that they're over 90% Ukrainians who believe that they will not fail. What was the communication, what helped there? I mean you could think, no we're never gonna make it if you're isolated in a country. So why are they still, I think it's positive, don't get me wrong, there's not a criticism. I'm just trying to figure out what did the Ukrainians do that the other people, all the people think they could still win, which I do believe, but what did you do? So I hope my question is clear.

Yeah, I would say that threat awareness, the level of threat awareness is very high and it goes from very different dimensions perspective. I could tell only from propaganda, disinformation side that the threat of of awareness, awareness of this threat, understanding the consequences, that's like a great shield towards like to protect people And that was basically in a lot of senses, you know, that's the communication that was out there and it's very important to understand that, that kind of communication.

Yeah we, we all think that there is some kind of stratcom in Ukraine. We get together, you know, we brainstorm, we do that massive message box. As a person that do works with Stratcom, I could tell you like none of that happened. Like we didn't have any kind of things like that even though we should have. But what actually happened is that the bottom up approach of the people and the people were the ones that were generating the senses, the messages. That's why they are so strong and powerful because they were going from the society up and not divi versa.

What was really smart to do actually on the behalf of the state slash level society, because a lot of cooperation in there is to be smart enough to see those things that should be amplified. And that's like, I think that's the key thing. And just because it comes from the people.

Okay, thank you very much. Thank you.