KYIV — To see the warfare of the future, head to the top floor of a nondescript office tower on a potholed street on the scruffy outskirts of Ukraine's capital. There, next to a darkened conference room, engineers sit at dark gray monitors, waging war with lines of code. “Attacks are happening every day,” says Oleh Derevianko, founder of the Ukrainian cybersecurity firm that employs them, Information Systems Security Partners. "We never thought we were going to be the front line of cyber and hybrid war."
There may be no better place to witness cyber conflict in action than Ukraine today. Open warfare with Russia, a highly skilled, computer-literate pool of talent and a uniquely vulnerable political, economic and IT environment have made the country the perfect sandbox for those looking to test new cyber-weapons, tactics and tools. "Ukraine is live-fire space," says Kenneth Geers, a veteran cybersecurity expert and senior fellow at the Atlantic Council who advises NATO's Tallinn cyber center and spent time on the ground in Ukraine to study the country’s cyber conflict. Derevianko's outfit works closely with the Ukrainian government and its U.S. and European allies to fend off onslaughts against the country’s networks.
The war in eastern Ukraine has given Russian-affiliated hackers the opportunity to perfect their ability to launch cyberattacks with a series of major intrusions in Ukraine over the past few years. “The annexation of Crimea and war in Donbas, it has created a volatile political environment," says Merle Maigre, the former head of NATO’s cyberdefense center in Tallinn who is now executive vice president at the Estonian cybersecurity firm CybExer. Even as Russian tanks crossed the physical border into eastern Ukraine in the spring of 2014, Russian-affiliated hackers were sending malicious code onto Ukraine’s IT systems, providing political chaos as a smokescreen. Large-scale attacks followed the next year, and again in 2016. The targets, this time, were companies running Ukraine’s power grid. But the widest-reaching attack — and the world’s most financially damaging to date — took place in 2017, when hackers combined code tested in the power grid attacks with malware known as “Petya” and a security vulnerability initially discovered by the U.S. National Security Agency called EternalBlue. The resulting malware — "NotPetya” — compromised the software of a small tech firm called Linkos Group, providing it access to the computers of utility companies, banks, airports and government agencies in Ukraine. What happens in Kiev today could easily happen in Berlin, Rome or Amsterdam tomorrow, experts say. Ukraine "is sort of like a litmus test," says Maigre. The stream of phishing emails, the data sold on the dark web, the new types of malware — all of it can pop up west of Ukraine at any time. "That's why it is interesting to see how it all plays out in the elections," she says.
