Cybersecurity experts expected Russian forces to take out at least some Ukrainian phone lines and internet services as part of a ground invasion. It hasn’t happened — even though Russia appears to be suffering for it.
Ukrainian President Volodymyr Zelenskyy is addressing Ukrainians on his Telegram account. Ukrainian hackers are organizing against Russian forces. And ordinary Ukrainians are sharing on-the-ground photos and videos on social media detailing the impact of Russia’s destruction.
But cybersecurity and national security experts believe Russia has three good reasons to refrain from disabling phone and data networks:
- Russian intelligence services can eavesdrop on phone calls and emails and also gather geolocation and other metadata.
- The Russian army is using Ukrainian commercial networks to communicate.
- Russian forces don’t want to destroy infrastructure that they will need if they succeed in conquering Ukraine.
Listening in
“If [Russian forces] can do localized shutdowns of telecommunications, they’ll do it,” said James Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies. “But in general, they’ll want to keep the phones working in Kyiv because they can listen in.”
Ariel Parnes, a former top Israeli cyberintelligence official, agrees: “Imagine if you know the phone numbers of certain people or certain leadership or soldiers, troops. You can see the movement. You can see where the forces are concentrated.”
Russian attempts to penetrate Ukrainian networks have been made easier because the countries use similar technologies in their networks. Wired reported in 2012 both nations have required providers install a piece of surveillance technology that allows governments to tap phone lines and record calls.
Furthermore, prior to the 2014 Crimea annexation, most of Ukraine’s telecommunications providers were either owned by Russians or Russian-Ukrainian businesspeople, giving Moscow the opportunity to lean on the private sector for help infiltrating networks, said Chris Kubecka, a cyberwarfare specialist who traveled to Ukraine before the invasion to help a nuclear power facility prepare for Russian cyber threats.
“It’s easy to put surveillance on telecoms if you have a foothold,” Kubecka said. “Now [the Russians] have blueprints, probably backdoors.”
Having that access could affect Russia’s decision-making, Lewis said. “They’re not asking, ‘Can we get in?’ They’re asking, ‘Is it better for us to let it keep working and use it, or to shut it off?’”
Even before the invasion, Russian surveillance of Ukrainian telephone networks was pervasive. On numerous occasions, U.S. officials have linked Russia to leaks of phone conversations between Ukrainian political elites and Western officials. The old KGB building still stands tall in the center of Kyiv, serving as a permanent reminder of Moscow’s reach within Ukraine. Zelenskyy himself uses a secure satellite phone to communicate with U.S. officials, according to a CNN report.
Hiding in plain sight
Meanwhile, rather than sticking to more secure, military communications lines, “the Russians themselves are using the local telecoms networks — and more widely, the local communications infrastructure as well — as they do their operations,” said Shane Huntley, who leads Google’s Threat Analysis Group, which tracks and fights government-backed cyberattacks. “I can’t speak to their intent, but one possibility is that they believe that if they take out telecoms networks that it would actually hinder their operations as well.”
Ukraine’s State Service of Special Communications and Information Protection, which coordinates the country’s cyber operations, said last week that Russian military personnel had stolen mobile phones from Ukrainians after phone companies cut off network access for phones with Russian numbers.
“Having deprived them of the opportunity to call their own numbers, the occupying forces are increasingly taking away phones from citizens. We call on Ukrainians whose mobile phones were taken away by representatives of enemy troops to inform the operator as soon as possible and ask [to] block the stolen phone," the Ukrainian agency said on Telegram.
Tweets also purportedly show that some of Russia’s invading troops used cheap, off-the-shelf walkie talkies to communicate. Hacktivist groups including Anonymous claim to have interrupted Russian military communications. If those claims are true, it would help explain why Russian soldiers would turn to commercial networks to communicate.
Keeping the house intact
Another explanation is simply that Russia expected to win so quickly that it felt it could keep important telecommunications infrastructure intact that it would soon need to run the country.
“If you want to own the house, you’re not going to burn it down,” Lewis said.
Even if Russia does succeed in claiming Ukraine, taking over a region’s existing telecommunications infrastructure is already difficult without having to spend tens or hundreds of millions of dollars building entirely new cell towers. When Russia illegally annexed the Crimea peninsula in 2014, it took Moscow about three years to take full control of the region’s mobile infrastructure. That’s even though that cell network had been left intact during the invasion, according to a 2020 paper from Citizen Lab, internet registry RIPE NCC and Japan-based IIJ Innovation Institute.
And it wasn’t a simple process. Ukrainian mobile operator Ukrtelecom kept running the network for almost a year after the annexation in parts of Crimea, until armed guards surrounded the company’s offices and blocked employees from entering, according to TeleGeography, a consulting firm. Crimean providers relied on Ukrainian infrastructure while Russian state-owned provider Rostelecom laid a new submarine cable across the Kerch Strait to connect Crimea directly with Russia without having to pass through Ukraine.
Of course Crimea’s population is about 20 times smaller than that of Ukraine. So the difficulty Russia had in taking over Crimean phone networks only hints at the challenges that assuming control of the Ukrainian phone system would entail, even if it were to remain intact.
Changing winds
But as Chris Krebs, a former director of CISA, noted in a virtual panel event on Twitter Wednesday as the invasion drags out, Russia’s strategic calculus could change at any moment and the country could decide to start bombing telecommunications infrastructure or send state-sponsored hackers in to shut it down altogether.
And if that happens, it could be a clear sign of how Russia views its odds of winning: “[Russian President Vladimir] Putin of all people knows the intelligence benefits of keeping the networks up and running, and he expects to inherit them soon,” said Lewis, of CSIS. “It will be a sign that the Russians are giving up if they start blowing up critical infrastructure.”