On May 13, the State Service of Special Communication and Information Protection of Ukraine published a notice alleging that “Russia’s special services” are targeting Ukrainian internet service providers (ISPs). If this notice is to be believed, the world has just witnessed a new kind of cyberattack—different in kind rather than in degree. Here’s the relevant part:
Free access to information is a major threat to the enemy in the occupied territories of our country. As long as Ukrainians know about the true course of the war russian propaganda fails.
That is why russia keeps trying to connect Ukrainian Internet service providers to their own system controlled by russia’s special services to block access to Ukrainian web resources and gain a complete control of any activity of Ukrainian users in the Internet. Invaders use every available method, resort to blackmailing and intimidate those who refuse to “collaborate” with the occupants.
This morning, terrorists from the so called russian guard invaded the office of Status, a Kherson-based company, and disconnected all the communication equipment. Now they are blackmailing the company’s management and promise to take away all the equipment if those refuse to connect to the Crimean network.
It seems that the notice was translated into English from another language, probably Ukrainian. But even allowing for translation errors, it appears as though the parties that physically invaded the offices of Stratus, an internet service provider, conducted a physical denial-of-service attack against the telecommunications equipment in the office and sought to alter the availability of websites that users of the service would normally be able to access.
One can imagine that an attacker could cause such outcomes electronically, that is, through various cyberattacks carried across the internet. But to the best of my knowledge, this is the first time that parties wishing to cause such an effect have used an approach based on physical force. A 2009 National Academies report, for which I was co-editor, mentioned in general terms the possibility of such cyberattacks but regretfully did not analyze it in depth. So it is interesting…