The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Ukraine war is more about disinformation than cyberattacks

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Good morning! Congratulations to my colleague Cristiano Lima, whose Technology 202 newsletter just reached 100,000 subscribers! If you haven’t subscribed yet, you’re really missing out.

Below: The U.S. government considers sanctioning a Russian cybersecurity giant, and the Ukrainian researcher who posted the Conti hacking group’s internal communications speaks out.

Disinformation, not cyberattacks, are the big takeaway from the war in Ukraine

The cyber conflict between Russia and Ukraine has been more muted than what experts had initially feared.

Instead, both countries appear to be focusing more on their disinformation war – and even there, Russia isn't as effective as in past conflicts.

The tradecraft involved in Russia’s disinformation operations has declined over the past several decades, Thomas Rid, a professor at Johns Hopkins University’s School of Advanced International Studies and author of the widely acclaimed “Active Measures: The Secret History of Disinformation and Political Warfare," told me in an interview yesterday.

Russia’s disinformation capabilities peaked in the 1980s and have been “downhill ever since,” Rid said. At times, Russia’s intelligence services have been clumsy and shown a real lack of knowledge about U.S. politics. 

  • For example, Russian operatives were “unable to recognize and extract politically juicy content from [Hillary Clinton campaign chairman John] Podesta’s inbox” when they tricked him into clicking on a phishing email, Rid writes in “Active Measures.”

Ukraine has faced Russian information operations for years, including during 2014 protests and Russia’s annexation of Crimea. But there's no reason to think Ukraine isn't involved in disinformation too, Rid told me.

  • “I mean, I would fully expect them to be," he said. "In fact, I would advise them to do that right now because they’re in an existential struggle; I mean, why not take the gloves off? And as long as they don’t forge information at scale beyond the war, I think all bets are off right now.”
New perspectives

Here's the wide-angle view: The war could reshape how researchers think about disinformation and cyberattacks.

Evidence that Russia tried to influence the 2016 U.S. elections prompted deep fears about disinformation. Some Democrats claimed Russia helped get Donald Trump elected while some Republicans said the whole thing was a hoax. Rid is frustrated by both takes.

  • “We pay too much attention to the whole disinformation narrative,” he told me. "The disinformation itself had become a political issue. It's the Russia hoax versus Russia installed Trump narrative. Both are completely off base, clearly are wrong."

But now the war in Ukraine offers a reset of sorts, a chance for both sides to step back and look at the role disinformation is playing in an actual conflict.

  • "This war is offering an opportunity to sort of recalibrate our understanding of both the significance of cyber operations in the context of actual hostilities and, of course, the role of disinformation,” Rid said.

Despite fewer large-scale cyberattacks than expected, hackers are clearly playing a role in the Russia-Ukraine conflict. They're called “hacktivists" – purportedly independent hackers aiming to further political goals.

They may not be what they seem. A complex web of self-described hacktivists say they’re taking the conflict into their hands in cyberspace, and experts disagree about whether such hacks against Russia are justified.

Intelligence agencies could try to pose as hacktivists themselves or “feed information to existing activists under the mantle, under the cover, of activism itself, because that’s also something that has happened a lot in history,” Rid said.

The keys

The Biden administration has considered sanctioning Kaspersky

The National Security Council told the Treasury Department to prepare the sanctions, but Treasury officials who specialize in sanctions have “raised concerns” about their scope and size, the Wall Street Journal’s Vivian Salama and Dustin Volz report. Kaspersky Lab calls itself the world’s largest privately owned cybersecurity firm, and some U.S. and European officials fear that Moscow could retaliate by launching a cyberattack, they report.

  • “It wasn’t clear whether the sanctions would go forward, and one official said the idea had been put on hold for now,” Salama and Volz write. “The debate reflects how agencies within the Biden administration are weighing in real time options to deliver more economic pain to the Russian economy in response to its invasion of Ukraine.”

The company said it hoped to discuss the U.S. government's concerns and said proposed moves would be “a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services,” the Journal reports. The National Security Council deferred the outlet's questions to the Treasury Department, which declined to comment.

For years, the U.S. intelligence community has argued that the Kremlin could use Kaspersky software as a spying tool. The company has repeatedly denied the allegations.

The Federal Communications Commission this week declared the company a national security threat, restricting the use of federal subsidies to buy the company’s services. Kaspersky said it was “disappointed” by the move, which it said was “made on political grounds.” The U.S. government ordered civilian agencies to remove the company’s anti-virus software in 2017.

The researcher who leaked files from the Conti hacking gang is speaking out

The anonymous Ukrainian researcher who CNN called “Danylo” said the FBI contacted him to request that they stop posting internal details about the infamous Conti cybercrime syndicate, CNN’s Sean Lyngaas reports.

“After he started leaking the data, Danylo said, an FBI special agent contacted him and asked him to stop. Exposing Conti infrastructure could, in theory, make it more difficult for the FBI to track the group because it might set up new computer systems,” Lyngaas writes. “Danylo has stopped leaking for now. But he says he still has access to some Conti computer systems.”

The FBI declined to comment to Lyngaas. Publicly releasing data about a cyber gang is “reckless” and working with law enforcement “can achieve a more substantial and lasting impact in disrupting the operations of groups like Conti,” a U.S. law enforcement official told Lyngaas.

Cybersecurity experts verify authenticity of Hunter Biden emails

New documents show how the Biden family profited from relationships forged over Joe Biden’s decades in public service, Matt Viser, Tom Hamburger and Craig Timberg report

Biden aides and some former U.S. intelligence officials have warned that the hard drive the emails were found on could have been manipulated by Russia to interfere with U.S. elections. Democratic lawmakers dismissed previous reports on Hunter Biden’s China work by saying they lacked credibility or were part of a Russian disinformation campaign.

The verification process: “The Post analysis included forensic work by two outside experts who assessed the authenticity of numerous emails” related to a deal involving Chinese energy conglomerate CEFC China Energy, my colleagues write. “In addition, The Post found that financial documents on the copy of Hunter Biden’s purported laptop match documents and information found in other records, including newly disclosed bank documents obtained by Sen. Charles E. Grassley of Iowa, a senior Republican on the Senate Finance and Judiciary committees.”

  • Here’s more on Hunter Biden’s laptop, the hard drive and the verification of the emails. Craig also wrote about the methodology here.

Hill happenings

  • The Senate Homeland Security and Governmental Affairs Committee has advanced legislation to require the Cybersecurity and Infrastructure Security Agency to give commercial satellite owners and operators voluntary cybersecurity resources. The legislation was written by the committee’s chairman, Sen. Gary Peters (D-Mich.), and Sen. John Cornyn (R-Tex.).

Key lawmaker defends SEC’s cyber incident reporting proposal  (NextGov)

Global cyberspace

Cyber war talks heat up at UN with Russia at table (Bloomberg)

China, Iran, North Korea, Russia and others using Ukraine invasion in phishing attacks: Google (The Record)

Cyber insecurity

Apple and Meta gave user data to hackers who used forged legal requests (Bloomberg)

Crypto-bridge hacks reach over $1 billion in little over a year (Bloomberg)

Am I being tracked? Anti-stalking tech from Apple, Tile falls short. (Geoffrey A. Fowler)

11 years, 10 arrests, at least 62 women: how did Britain’s worst cyberstalker evade justice for so long? (The Guardian)

Globant confirms reports of breach after Lapsus$ shares 70GB of stolen files (The Record)

FBI arrests 65 in BEC scams that took $51M from US businesses (CyberScoop)

Industry report

Hackers’ path eased as 600,000 U.S. cybersecurity jobs sit empty (Bloomberg)

Sitel blames Okta breach on ‘legacy’ network from acquisition (The Record)

Securing the ballot

Dane County judge holds Robin Vos in contempt over election review records (Wisconsin State Journal)


  • CISA’s cybersecurity advisory committee meets today at 2 p.m.
  • The Center for Strategic and International Studies hosts an event on the cybersecurity implications of U.S.-China technology decoupling today at 2 p.m.
  • Homeland Security Secretary Alejandro Mayorkas, Australian Minister of Home Affairs Karen Andrews and Dilan Yeşilgöz-Zegerius, the Netherlands’s Minister of Justice and Security, speak at an Atlantic Council event on securing marine transportation systems on Friday at 10:30 a.m.
  • Gen. Paul Nakasone, who leads U.S. Cyber Command and the National Security Agency, testifies before the Senate Armed Services Committee on Tuesday at 9:30 a.m.
  • U.S. Naval Seafloor Cable Protection Office Director Catherine Creese and NTIA senior policy adviser Maureen Russell discuss securing Asia’s subsea cables at a Center for Strategic and International Studies event on Tuesday at 1 p.m.
  • The U.S. Election Assistance Commission holds a meeting and vote on Voluntary Voting System Guidelines Lifecycle Policy 1.0 on Tuesday at 2:30 p.m.

Secure log off

Thanks for reading. See you tomorrow.