© 2024
NPR News, Colorado Stories
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

A cyberwar is already happening in Ukraine, Microsoft analysts say

AILSA CHANG, HOST:

Everyone keeps asking when Russia is going to launch the cyberwar. It's been more than three months since Putin invaded Ukraine, but the digital destruction that experts promised seems to be missing - or is it? Software giants like Microsoft might have the answer. NPR's cybersecurity correspondent Jenna McLaughlin went to Seattle to find out.

JENNA MCLAUGHLIN, BYLINE: Tom Burt says there's absolutely a cyberwar going on in Ukraine right now.

TOM BURT: If you are Ukrainian, this has been a relentless, unending cyberwar that has been launched in correspondence with the physical war, in what is clearly the world's first major hybrid war.

MCLAUGHLIN: I spoke to Burt inside Microsoft's Digital Crimes Unit, part of a sprawling tech metropolis surrounded by woods and mountains just east of downtown Seattle. On the wall, he had a massive map of Ukraine to show us where the cyberattacks are happening.

BURT: So we're just looking at a map of Ukraine, and...

MCLAUGHLIN: Burt leads a team of analysts who work with the sleuths in the Digital Crimes Unit. In a quiet room humming with servers, he tells us about a fresh wave of attacks that they haven't spoken about publicly before.

BURT: We've seen a number of cyberattacks going, targeting specifically railways. And at the same time, there have been bombing attacks on railways.

MCLAUGHLIN: As the war drags on, Russia's targeting transportation so Ukrainians can't move vital supplies. But this is just the latest of a series of attacks that date back to even months before the Russian invasion.

BURT: So in February, as the forces were marshaling on the border of Ukraine, we had seen a number of cyber events already. In January, we saw destructive attacks against a number of Ukrainian government agencies.

MCLAUGHLIN: In a cyberwar, it's often private companies that have the most insight into what's happening - even more than the U.S. government. Microsoft isn't the only game in town, but pretty much everybody has at least one Microsoft product running on their phone or computer.

BURT: We receive, every day, 24 trillion signals that come in from our environment.

MCLAUGHLIN: The night of February 24, the world watched in horror as Russian President Vladimir Putin announced a special military operation in a prerecorded address. For most, that marked the beginning of a full-scale invasion.

BURT: Well, from our viewpoint, it really started February 23. About 10 hours before the missiles were launched and the tanks rolled across the border, there was a huge wiper attack across 300 different systems in government agencies and private-sector companies in Ukraine.

MCLAUGHLIN: A wiper attack is designed to literally wipe away all the data. While Burt says his team can't be sure Russian hackers are coordinating their attacks directly with the soldiers and the tanks, there has been a lot of overlap between physical and cyberattacks.

BURT: So you might see, for example, espionage attacks into government agencies in a particular town just before that town is hit by missiles.

MCLAUGHLIN: The goal is to damage important public institutions and their ability to function. That includes the media, too.

BURT: And so they bombed, you know, radio towers. They physically invaded and seized media companies. And at the same time, they were engaged in cyberattacks on media companies.

MCLAUGHLIN: The attacks have been relentless, but it's not all bad news.

BURT: They've been attacked by the Russians for so many years, and the work that they've done to be resilient has really paid off. It's enabled them to be fast, be able to defend well and to be able to recover when they are attacked.

MCLAUGHLIN: Burt's team is facing challenges they've never seen before. One instance in particular jumps to mind - when his team was trying to alert one Ukrainian company about a cyberattack.

BURT: And we got a response back that was, yes, but we can't do anything with it right now. There's tanks outside the gates.

MCLAUGHLIN: Tom Burt is aware that, sitting here in Seattle, he is far away from the front lines, even as his team works constantly to battle Russian cyberattacks.

BURT: We're back here in the United States, where we're safe. Our families are not at risk. We are not personally at risk. But the Ukrainians are. There are tanks, and there's missiles, and there's guns.

MCLAUGHLIN: They're doing everything they can to help, says Burt, but they're not the ones in the trenches.

Jenna McLaughlin, NPR News, Seattle, Wash.

(SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.

Jenna McLaughlin
Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.