ARN

Windows XP proves Russia is losing the cyber war against Ukraine, too

Not only has Russia seen setbacks on the battlefield in Ukraine, it's not faring well in the less-obvious cyber war either. One reason: Russia's ally Belarus was still using Windows XP to keep the trains running on time.

When Russia launched its all-out attack against Ukraine in February, the world expected the invaders to roll over the country quickly. That didn’t happen, and Ukraine today, though still under assault, has so far thwarted Russia’s ambitions to conquer it.

Russia has also been fighting a quieter war against Ukraine, a cyber war, deploying what had been considered the most feared state-sponsored hackers in the world. And in the same way that Ukraine has fended off Russia’s military might, it’s been winning the cyber war as well.

In that cyber war, as always, the terrain is primarily Windows, because it represents the largest and most vulnerable attack surface in the world. The facts about what exactly is going on have been shadowy. But there’s plenty of evidence that Ukraine may keep the upper hand.

Windows XP and the initial Russian invasion

The first loss Russia suffered in the cyber war came at the very beginning of its invasion — in fact, even before the invasion began. Russia used the extensive railways of its partner in the war, Belarus, to rush soldiers, tanks, heavy weapons and other war materiel to the Ukraine border. 

Once the invasion began, it used the same railroads as a primary supply chain for its troops, and to send more tanks and weapons into Ukraine.

But then came the Cyber Partisans, a hacktivist group of exiled Belarus tech professionals that had for years been fighting Belarussian dictator Grigoryevich Lukashenko. At the first signs of the Russian buildup, the Cyber Partisans attacked the Belarussian train system, slowing troop movements, supplies and weaponry. They worked in concert with Belarusian railroad workers and dissident Belarusian security forces. 

The Washington Post notes that they played “a role in fuelling the logistical chaos that quickly engulfed the Russians, leaving troops stranded on the front lines without food, fuel and ammunition within days of the invasion.”

Thanks to that chaos in the face of fierce of Ukrainian resistance, the Russians couldn’t take the Ukraine capital Kyiv and other cities in the north of the country. Eventually they turned their attention to the south and east.

The Cyber Partisans were successful, in part, because Belarus’s train system runs on the more-than-year-20-old Windows XP, a hacker’s best friend.

Cyber Partisans spokesperson Yuliana Shemetovets explained to Vice in a video, “tanks cannot be transported by planes. Heavy artillery cannot be transported by planes. So, they do need to use these trains. Cyber Partisans attack the internal network of the railway systems, as well as equipment, software, and any databases that are associated with the railway systems…. 

"Windows XP is a really old program and it can be easily attacked… One of the reasons it was so easy to hack these systems is because Lukashenko prefers loyalism over professionalism. They didn't secure the systems. 

"So, as much as people admire the work of Cyber Partisans, we should also state that it was not that hard to hack, because Lukashenko's regime disregarded simple cyber security practices."

The Cyber Partisan revealed publicly in what they did, at point tweeting screenshots of the hacked Belarus train software and calling it, “An outdated piece of crap-ware that runs on Windows XP.”

Ukrainians step up

The Cyber Partisans aren’t the only ones involved in the cyber war against Russia. The Ukrainians are, too — and there’s evidence they’ve held off what has long been considered the perhaps most fearsome cyber warriors in the world: Russian intelligence agencies and the hacking groups they support.

A Microsoft report found plenty of evidence that Russia is engaged in a “hybrid war,” using soldiers and weaponry in tandem with cyber attacks and the online spread of misinformation. For example, the report found the Russians targeted a government agency with malware in coordination with hitting government buildings with missile strikes.

As the Russians turned their ground and missile attacks towards the east and south, they also coordinated cyber attacks there.

Throughout the war, many of the Russian attacks targeted Windows machines. Russian hackers frequently used the Windows utility SecureDelete to, in the words of Microsoft, “permanently delete data from targeted devices.”

Tom Burt, who oversees Microsoft’s investigations into the biggest and most complex cyber attacks, says of the Russian cyber attacks: “They brought destructive efforts, they brought espionage efforts, they brought all their best actors to focus on this…. It’s definitely the A-team.”

The New York Times reports, “…Ukrainian defenders were able to thwart some of the attacks, having become accustomed to fending off Russian hackers after years of online intrusions in Ukraine… Ukrainian officials said they believed Russia had brought all of its cyber capabilities to bear on the country. Still, Ukraine managed to fend off many of the attacks.”

Burt added: “Ukrainians themselves have been better defenders than was anticipated, and I think that’s true on both sides of this hybrid war. They’ve been doing a good job, both defending against the cyber attacks and recovering from them when they are successful.”

This doesn’t mean, of course, that the Ukrainians will eventually win the cyber war or the physical war. But the evidence so far shows they can at least hold their own in the cyber war with the Russians, which bodes well for their future.