Hacktivism could have unintended consequences in the Ukraine war, warn security analysts


Cyber security experts warn of harmful, unintended consequences from 'hacktivist' attacks on Russia sparked by its invasion of Ukraine. The view emerged at a Policy Jam held by BCS, The Chartered Institute for IT, where leading analysts said hacktivism could be counterproductive.

Hackers have made many attempts to show Russian citizens a different narrative about the conflict in the Ukraine war. For example, the Anonymous collective has claimed responsibility for disrupting Russian news and entertainment channels by airing Ukraine war footage.

"I would theorise that it has the potential to do harm," said Jen Ellis, Vice President of Community and Public Affairs for the security service and solutions company Rapid7 and adviser to the UK Government on its cyber security strategy. She told the BCS event that hacking live streaming of news and entertainment outlets in Russia could 'create a backlash' and reinforce the Russian government's propaganda that the west was 'force feeding' lies to its citizens.

But Jen understands the motives of the hackers: "I think there's so much good intent here, and I understand that people are sitting at home, watching the news and want to do something to help." But working independently of the nation-states could pose problems, she argued: "They [the hackers] don't know what other governments are doing, and their actions are going to impact that. I do really worry about the potential unintended negative consequences of what's being done." 

Dan Card, cyber security consultant at PwnDefend said he believed it was hard to measure the impact, but it was probably positive and negative. He added: "I think that people should speak up and act appropriately because failure to do anything against evil in the world is how we get to this scenario we're in."

As well as the impact of hacktivism, the panel brought together by the professional body for IT speculated on why the anticipated cyberwar hasn't as yet materialised as significantly as some had predicted. Patrick Burgess, of the BCS Information Security Specialist Group and co-founder of managed IT services provider Nutbourne Ltd, said: "It's not quite business as usual, but we haven't seen the play-out of the worst scenario. That hasn't happened, but it doesn't mean it won't."

So why haven't we seen a significant rise in cyber warfare? Alexi Drew, a senior defence and security analyst at Rand Europe, said: "Why use an alternative means of getting what kinetic (physical attacks) can get? Why turn off a power plant with a wiper when you can just blow up the power plant because you're already there? Why double up the resources? If you don't think you need it, there's no point."

Deepfakes, images where it can be hard to tell if they are real or not, are widely available, said Alexi, who has specialised in disinformation: "Deepfake technology doesn't have to produce high-quality imagery, video, audio or texts. It just needs to be good enough. Most footage we get out of conflict zones isn't filmed on a 4k camera. It's much easier to create believable fake footage on already poor-quality material that's been around for quite some time and already used in disinformation campaigns."

Lisa Forte, a Red Goat Cyber Security partner and the co-founder of Respect in Security, said genuine footage could also be discredited. She said: "I think the other danger that doesn't get discussed is that it gives a deniability to genuine photographs that haven't been Photoshopped. You can cast doubt on something that's factually correct, which is also, in my opinion, equally dangerous." 

The panel agreed that education was needed to help people distinguish real from fake. Dan echoed Lisa and Alexi's sentiments. He said: "It [the fake] doesn't need to be good. It just needs to have enough people who aren't critical thinkers looking at it. The technology community, at least I can speak for areas I surf around in, we naturally rip something apart. If it's not a graph with some science, we're pretty sceptical, but that's so not normal."

Around 100 professionals attended this session. The next session on cyber security will be on 29 March at midday. The BCS Policy Jam discusses topical tech issues every month, bringing together our experts and those outside the organisation.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter