Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

If Russia doesn't invade Ukraine with troops, it could still launch a cyberattack

ASMA KHALID, HOST:

U.S. troops are on heightened alert. Russian soldiers are in Belarus. And Ukrainian civilians are taking up arms. All signs suggest the situation in Eastern Europe is not cooling down any time soon. But even if Russian President Vladimir Putin does not invade Ukraine, he could still launch a crippling cyberattack.

NPR's cybersecurity correspondent Jenna McLaughlin joins us now to talk about that possibility. Welcome, Jenna.

JENNA MCLAUGHLIN, BYLINE: Hi, Asma.

KHALID: So let's begin with this idea of a possible Russian cyberattack on Ukraine. How likely does that seem?

MCLAUGHLIN: So things are a little bit ominously quiet right now. Everyone's holding their breath. Interestingly, Russia's actually taking some action against cybercriminals. They said that they shut down a dark web site that traffics in stolen credit cards today. Honestly, it's unclear why Russia is doing that right now and what effect it will have.

But the real concern here is how they might weaponize cyber in an imminent conflict. I spoke to Matt Olney, who's with the cybersecurity company Cisco Talos, and he's been working with Ukrainian officials for over five years. His big worry is that a cyberattack in the middle of a conflict could leach out beyond Ukraine.

Of course, it's still up in the air. He has two colleagues on the ground, and they had two totally different takes. Take a listen to this.

MATT OLNEY: One is convinced that nothing is going to happen, and the other one's very concerned about the evolving situation.

MCLAUGHLIN: So as so much with this conflict, it's still really unclear.

KHALID: Well, there is a history here, right? I mean, remind us what's happened in the past between Russia and Ukraine when it comes to cyberattacks.

MCLAUGHLIN: Absolutely. Russia has used Ukraine as a digital testing ground for years. They shut off the power grid in 2015 and 2016. In 2017, they shut down, basically, the entire country with a cyberattack. Ukrainians couldn't buy groceries, access the ATMs. That was the fault of a malware called NotPetya, which targeted popular tax software. But it actually spilled out to companies around the world that do business in Ukraine, which cost them billions of dollars. A cyberattack could spill out and even hit companies in the U.S.

KHALID: Oh, wow. Well, so what are your sources say about that possibility?

MCLAUGHLIN: So only the cyber expert thinks that this could be a few chess moves out in the future. But if the U.S., for example, slaps Russia with sanctions, Putin could retaliate in cyberspace. Clearly, he doesn't care all that much about collateral damage. Russians typically burrow into systems months in advance, so they could be lurking right now to make their move.

Companies should be careful with internet traffic from Ukraine right now. It could be coming from infected devices. DHS' cyber agency, CISA, put out an advisory on that. And Olney's also been talking with companies directly about how to interpret U.S. government warnings.

OLNEY: My discussions with critical infrastructure components have been interesting because one of the things that we've gotten in response is, well, we've been facing Russian attacks for years. And I'm like, yes; that is true. But what CISA is trying to tell you is that all of those attacks have been in preparation for some future conflict so that if they needed to do something, they would already be in position to take that action. And what they're trying to tell you is the future may be now.

MCLAUGHLIN: So hitting U.S. critical infrastructure with a damaging cyberattack would obviously be a huge escalation, one that would probably demand a strong U.S. response.

KHALID: That's NPR's cyber security correspondent Jenna McLaughlin. Thanks so much.

MCLAUGHLIN: Thank you. Transcript provided by NPR, Copyright NPR.

Jenna McLaughlin
Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.