Cyber experts have warned of a real danger of harmful, unintended consequences from well-intentioned hacking attacks on Russia sparked by its invasion of Ukraine.

This was one of the points made at a wide-ranging discussion by cyber security experts gathered by the professional body for Information Technology when BCS asked leading analysts to appear at its monthly Policy Jam for industry professionals. 

 

BCS Policy Jam March 2022: The war in Ukraine: Hacktivism, Disinformation and Cyber Security

The role of cyber-security in the war was examined in depth by the panel drawn from across the sector. Russia maintains a tight grip on its citizens' information about the conflict. There have been many attempts by non-governmental hackers to show Russian citizens a different narrative. For example, the hacking collective Anonymous has claimed responsibility for disrupting Russian news and entertainment channels and then airing war footage from Ukraine.

Hacktivism 

The panel were concerned that such hacktivism could be counterproductive. "I would theorise that it has the potential to do harm," said Jen Ellis, Vice President of Community and Public Affairs for the security service and solutions company Rapid7 and adviser to the UK Government on its cyber security strategy. "And don't get me wrong," she added, "every population is subject to propaganda, but the Russian state is pretty good at it."

Jen said: "I would speculate that, if you have a situation where people hack into media that people rely on and watch every day, and force images on these people, then that could create a backlash."

In effect, the hackers reinforce what the citizens of Russia have been warned by their government to look out for. She said: "That population then says: 'This is exactly what our government's been telling us: look at how these people behave. They have no right to do this. And they're force-feeding us lies.'"

She did, however, understand why hackers wanted to retaliate against Russian propaganda: "I think there's so much good intent here, and I understand that people are sitting at home, watching the news and want to do something to help people.

"I think the problem is that they don't have all the information. The hackers don't know what other governments are doing, and their actions are going to impact that. I feel like a traitor to my own community saying it because I know that the intent is so good behind it. But I do really worry about the potential unintended negative consequences of what's being done."

Cyberwar

As well as the impact of hacktivism, the panel speculated on why the anticipated cyberwar hasn't as yet materialised as significantly as some had predicted. Patrick Burgess, of the BCS Information Security Specialist Group and co-founder of managed IT services provider Nutbourne Ltd, said: "It's not quite business as usual, but we haven't seen the play-out of the worst scenario. If you look on any social media or the BBC forums etc., it's pretty doom and gloom, and everyone, every company in the world, will be hacked tomorrow. That hasn't happened, but it doesn't mean it won't."

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

Lisa Forte, a partner at Red Goat Cyber Security and co-founder of Respect in Security, said: "Cyber security, information security that's what we think about, we live and breathe it. Those are the threats that we focus on. What really struck me in the last couple of weeks is we're seeing this humanitarian crisis unfold, and these factors are relatively unimportant, in comparison to the scenes that we're seeing."

So why haven't we seen a significant rise in cyber warfare? Alexi Drew, a senior defence and security analyst at Rand Europe, said: "Why use an alternative means of getting what kinetic (physical attacks) can get? Why turn off a power plant with a wiper when you can just blow up the power plant because you're already there? Why double up the resources? If you don't think you need it, there's no point."

Fake news

Deepfakes, those images where it can be hard to tell if they are real or not, are already here, said Alexi, who has specialised in disinformation: "The problem of believable faked media is here now. It is not a 2025 issue.

"Deepfake technology doesn't have to produce high-quality imagery, video, audio or texts. It just needs to be good enough. For example, most footage we get out of conflict zones isn't filmed on a 4k camera." She added they are filmed in a rush on a mobile phone by amateurs: "It's much easier to create believable fake footage on already poor-quality material that's been around for quite some time and already used in disinformation campaigns."

Lisa said there's also the issue of genuine footage could be discredited: "I think the other danger that doesn't get discussed is that it gives deniability to genuine photographs that haven't been Photoshopped. You can cast doubt on something that's factually correct, which is also, in my opinion, equally dangerous."

Dan Card, a cyber security consultant at PwnDefend echoed Lisa and Alexi's sentiments: "The information warfare aspect to this, the propaganda, the misrepresentation, the use of fake materials - laughably so with some of the stuff. There is a psychological impact. I'm talking to people all over the world, and you can see them not understanding what the truth is."

What is truth?

The panel agreed that more education was needed to help people distinguish real from fake.  Dan said: ‘It [the fake] doesn't need to be good. It just needs to have enough people who aren't critical thinkers, looking at it.

“The technology community, at least I can speak for areas I surf around in, naturally rips something apart. If it's not a graph with some science, we're pretty sceptical. But that's so not normal.”

The session attended by 100 professionals was the first of two policy webinars on cyber security scheduled by BCS.   

Image credit: pixarno - stock.adobe.com