Ukraine says government websites and banks were hit with denial of service attack

WASHINGTON — Amid heightened tensions between Russia and Ukraine, multiple Ukrainian government websites and banking systems were temporarily inaccessible to users Tuesday afternoon. But so far it remains unclear who was behind the disruption, and the overall intent.

The outage, which impacted the website of the Ukrainian Defense Ministry and the Armed Services as well as two large Ukrainian banks, Privatbank and Oschadbank, was the result of a digital denial of service attack, according to multiple Ukrainian government agencies.

The reports quickly generated concern, especially given ongoing U.S. government warnings that Russia might launch a massive cyberattack impacting critical infrastructure in Ukraine, such as communications or banking, prior to an invasion.

Digital attackers targeted the organizations' online services to prevent them from functioning properly, but the intrusion fell well short of any kind of massive cyberattack – which would typically involve visible manipulation of content on the websites, penetration of servers, or apparent theft or destruction of data or devices.

The Defense Ministry shared in a tweet that it received an unusually high volume of requests to load the website, suggesting attackers were flooding the servers with illegitimate requests in an attempt to overload them and prevent citizens from accessing the site.

The State Service of Special Communication and Information Protection of Ukraine, which was leading a recent investigation into a website defacement and data destruction campaign linked to Russian hackers last month, published a statement claiming "there is a powerful DDoS attack on a number of information resources of Ukraine," though it also noted that as of Tuesday evening, banking services have already been restored.

Wave of fake messages saying ATMs were down is debunked

There were also reports from the Ukrainian Cyber Police on Tuesday morning debunking a wave of fake SMS messages sent to Ukrainian citizens claiming ATM services were down.

Given that only a few organizations experienced disruptions and the outages were not long-lasting, the impact on Ukrainians' access to their banks and government websites seemed extremely limited. People in Ukraine posted tweets about still being able to access their bank accounts through ATMs, or by using their digital bank cards, and the government agencies were able to communicate with the world through social media during the outage.

But given the heightened tensions in the region and the looming threat of a Russian invasion, these kinds of attacks could have a bigger psychological impact.

Olena Prokopenko, a visiting fellow for the public policy think tank the German Marshall Fund and the co-founder of the Transatlantic Task Force on Ukraine, told NPR these kinds of digital attacks "have been our major concern" over the past few hours. "Hybrid warfare in action," she continued.

For the people of Ukraine, she said, there's some uncertainty because the government has not been communicating clearly about what to do in an emergency.

"People don't understand what to do in case of escalation, so they just choose to carry on, hoping that the military and the government will take care of things," Prokopenko said.

This attack, while rather unsophisticated and short-lived, could be one of the early salvos in a Russian invasion, though it hasn't yet been linked directly to Russia.

DDoS attacks are 'notoriously difficult to attribute'

"Though we've anticipated disruptive Russian attacks against Ukraine, we've seen no evidence of responsibility at this time, and denial of service attacks are notoriously difficult to attribute," said John Hultquist, the vice president of intelligence analysis for the cybersecurity firm Mandiant.

Ukrainian citizens, however, have become used to regular digital attacks from Russia since at least 2014, often much more serious ones, including shutting off the power grid.

John Graham-Cumming, the Chief Technology Officer of Cloudflare, a company that specializes in defending against denial of service attacks, told NPR that his company has actually not seen a huge uptick in malicious traffic on Tuesday that has impacted its customers in Ukraine. The websites and banks impacted, however, are not Cloudflare customers, he said, and Graham-Cumming said it's possible attackers chose to avoid organizations protected by Cloudflare purposely.

Graham-Cumming noted a small uptick in broader attack traffic around lunchtime, but nothing "particularly noteworthy," as well as an increase in digital congestion across the Internet in Ukraine around midday, potentially suggesting an increase in internet searches.

Cybersecurity company Akamai also specializes in defending against denial of service attacks, though it had limited visibility into the attacks in Ukraine on Tuesday. Still, according to Akamai's Chief Security Officer, Boaz Gelbord, "In times of international conflict, DDoS is often the attack tool of choice of threat actors."