Q&A: Kenneth Geers on the cyber war between Ukraine and Russia

Russia’s recent aggressions toward Ukraine might have caught some off guard, but Kenneth Geers had been forecasting such a conflict since 2015 — a year after the Kremlin’s first invasion of Ukraine.

Even then, Kyiv and Moscow had all the necessary ingredients for waging a digital battle, including an ongoing military conflict and a community of tech-savvy hackers, Geers wrote in the introduction to Cyber War in Perspective, a book he edited.

At that time, many experts were skeptical of cyber warfare and its strategic value on the battlefield. When Russia invaded Ukraine this February, the "big cyberattack" that everyone expected didn't happen — either because Russian hackers have been overestimated or because they are still waiting for the right moment to attack.

And yet, Russia’s 2022 invasion has proved the importance of a cyber component in military operations, but not where everyone expected. The main gain of these cyberattacks, according to Geers, is the information that hackers managed to leak from websites and state registries.

He is sure there are other gains, but governments are reluctant to talk about them. “Soldiers don’t do anything without cyber support these days,” Geers told The Record.

From 2014 to 2017, Geers worked in Ukraine as a visiting professor at the Taras Shevchenko National University of Kyiv.

He currently works as an analyst at a data security startup Very Good Security, backed by Goldman Sachs and Andreessen Horowitz. He also served for two decades in the U.S. government, including positions at the National Security Agency, Naval Criminal Investigative Service, and NATO.

The Record spoke with Geers about the course of the current cyber war between Russia and Ukraine, the strategy of Russian hackers, and the likelihood of a major Russian cyberattack on the United States.

The interview has been lightly edited for space and clarity.

The Record: What is the biggest insight for you in the cyber war between Russia and Ukraine?

Kenneth Geers: In this cyber war, the defense has seemed to play a bigger role than the offense. We see that Ukrainian cyber defense has matured over the years, which is probably why it’s more difficult for Russian hackers to achieve significant damage in Ukraine.

Russia, in turn, is known for its offensive operations but cares little about cyber defense. Russian computer systems often use old unpatched software and are therefore very vulnerable to malware attacks.

Foreign hackers supporting Ukraine now have a field day in Russia. Because of the war, they feel they have the moral and ethical right to hack into Russia. And there’s plenty of space to hide in Russian networks — they are so bad. 

Hackers have stolen millions of Russian government documents and posted them online or sent them to the whistleblower site Distributed Denial of Secrets (DDoSecrets). For spies, media organizations, and human rights activists, it is a treasure trove with insights and stories that could have catastrophic consequences for Russia.

TR: NATO and the EU actively support Ukraine's cyber efforts. How will this support affect the course of cyber war?

KG: International collaboration in cyberspace is indeed effective. The U.S. and other countries have a strong national interest in supporting Ukraine and influencing the course of the conflict. Foreign hacker teams are trying to support their national priorities.

When Russia invaded Ukraine, intelligence poured into Ukraine — NATO and the EU have a lot to share. They have been collecting information about Russia for at least 20 years, and because of the war, they can be more open about what they know about Russian nation-state hackers. 

Ukraine also has a lot to share with NATO and the EU. This information explosion about Russian hackers and Russian cyber operations is likely to cause serious damage to Russia. 

2022-10-Kenneth-Geers_headshot1.jpg

Kenneth Geers. Image: Atlantic Council

TR: What is the strategic value of cyberattacks in Ukraine for Russia?

KG: Russia has a long history of cyberattacks against other countries, but most of them involve cyber espionage and intelligence gathering.

Russia wants to hack the Ukrainian military, intelligence organizations, and political agencies to get insight into what the West and Ukraine are doing. 

Of course, there are more serious attacks — Russia wants to be able to target critical infrastructure in Ukraine if its military runs out of missiles and bombs.

But these attacks are rare because they take a lot more time and thought to prepare, execute and assess the damage.

TR: Is Russia as good at analyzing information as it is at hacking?

KG: No. In dictatorships, the quality of analysis is fairly poor. These countries don’t have what scientists call peer review – the meritocratic vetting of intelligence using reliable sources and methods.

And this applies not only to information leaked by hackers. It is very difficult for Russian intelligence officers to tell president Vladimir Putin about the defeats of the Russian army in Ukraine because Putin is a dictator who has instilled fear into the system that discourages people from telling the truth. 

TR: What is the role of Ukrainian President Volodymyr Zelensky in this cyber war?

KG: Among the information that Russian hackers are trying to obtain may be data on the location of Zelensky, whom Russia most likely wants to assassinate.

Zelensky also plays a huge role in information operations, which are very close to hacking. In this cyber war, information operations have turned out to be much more important than computer hacking.

And Zelensky's ability to stay online and in touch with the world is impressive. He is the voice of the country, and that could be decisive in this war.

TR: Many foreign hackers sided with Ukraine or Russia and joined the fight. What are the legal implications of this?

KG: The current cyber war is indeed a huge opportunity for hackers from different countries to participate. 

The legal terms for this are unclear. Anybody can be Anonymous.

Hackers are not afraid of getting caught or getting in trouble because there are a lot of technical things that need to happen to accurately attribute these attacks. Attribution is a political thing.

Hackers can use proxies across the world to obscure their real location. And their operational tempo is too fast to investigate every attack.

Intelligence may know who is responsible for the attacks, but they don’t want the hackers to know — they’d rather watch and follow them. 

TR: How likely is it that Russia will launch a big attack on the U.S. before the upcoming elections?

KG: It’s possible, but Russia is currently quite busy with the war in Ukraine. The bandwidth for its hackers is low, they do what they can. 

The problem is that the U.S. is open to such attacks. Ukrainians and Eastern Europeans in general are more aware of the problem of digital propaganda – they have a better radar for this. 

In the U.S., on the other hand, political polarization and an immature understanding of computer hacking make people vulnerable to cyberattacks.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.