World's First Cyber War? - with Rachael and Eric
This week Rachael and Eric discuss the world’s first cyber war and the recently published "Defending Ukraine: Early Lessons from the Cyber War" report from Microsoft and the accompanying blog post by Microsoft President and Vice-Chair Brad Smith. They share insights and raise lingering questions on the report’s findings and the five conclusions Microsoft framed from the war’s first four months.
They also briefly share insights from the June 2022 cyberdefense research report "The IT Army of Ukraine" from Stefan Soesanto of the Center for Security Studies in Zurich. So much to unpack in this week’s episode! There will definitely be follow-on episodes with key players from these reports that you won’t want to miss!
World's First Cyber War? - with Rachael and Eric
[00:59] The First of Many
Eric: We decided to do this together without one of the many brilliant guests we always invite.
Rachael: Microsoft dropped this pretty voluminous Ukraine report, and there's a lot to dig in there. I think this is a great opportunity to chat through it a little bit. There are so many questions that remain that I think this is just the first of many conversations on this.
Eric: I think it'll be a great topic. We'll do our best to cover it. There's also another report that came out about Ukraine's IT army which blew your mind and mine.
Rachael: It sure did. I don't know if I can say the name, the source is The IT Army of Ukraine by Stefan Soesanto.
Eric: I think that’s right, Stefan Soesanto. Cyber Defense Report out of the Center for Security Studies in Zurich, Switzerland, just came out in June of 2022, and I couldn't tell you how many pages it is.
Rachael: It's about 32. I was reading through it yesterday and it was very thorough. Thank you for that. But for those that may have missed the Microsoft report, do you want to give a quick little tee-up on what that is?
Eric: Microsoft released a report title. Defending Ukraine: Early Lessons from the Cyber War. I think there are some really good early lessons in here. It's a little bit salesy and it's clearly Microsoft-focused.
It appears to be primarily based on Microsoft's lens and they have a huge lens. I think at one point they talk about over 400 trillion events observed a day globally, which is a lot.
Capability At the Data Center or Network Level
Eric: I'll tell you at some point you hit statistical relevance and the difference between one million and 400 trillion statistically, it doesn't matter. But they do have quite a lens at the endpoint level. I think based on their Azure stack, they also have the capability, at some level, at the data center or network level.
But they do have a different lens than a Cisco might have, which has a very network-centric approach. They will see a lot more events on the network side in my experience, but they're not as detailed. You don't get as much context as you do with an endpoint. During my time at McAfee, we had, I think it was 100 and 40 or 50 million sensors across the globe.
You learned a lot. You could see things happening in real-time or near real-time because you had those sensors everywhere. You'd also see blind spots. If you didn't have a sensor in China, you had very little visibility into China or if you didn't have a lot of sensors, I should say. So, I just put that out there, recognizing based on my experience in this business that the Microsoft report is very good. We can draw a lot of early lessons. In fact, I'm going to cover them right now.
It is a Microsoft lens, so keep that in mind. There's a good five, six-page summary from Brad Smith at Microsoft, but they go into five conclusions. But I do think you have to read the whole report to get the proper context. So first conclusion: defense against a military invasion now requires, for most countries, the ability to disperse and distribute digital operations and data assets across borders into other countries.
The First Cyber War: A Coalition of Countries
Eric: Distribute your data and processing. Now, if I'm a Microsoft salesperson, that's great, we've got the Azure cloud stack. If I'm Amazon, same thing. Google? Yes, put it in our data center. But we'll go into more detail. It's a really good idea. We saw in practice here why it was good. So second, recent advances in cyber threat intelligence and endpoint protection have helped Ukraine withstand a higher percentage of destructive Russian cyber-attacks.
Third, as a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine. We've seen this war. It is a Russian-Ukraine conflict, but NATO's involved, and the Five Eyes are involved, China, India. You and I were talking last night as we were talking about this, Brazil is involved. Fertilizers, who would've known. You would absolutely expect that to happen as Russia is looking at, what these friendly and non-friendly nations doing and thinking right now. I need to know more.
Fourth, in coordination with these other cyber activities, Russian agencies are conducting global cyber influence operations to support their war efforts. Absolutely, hands down, in my opinion here, the most potentially risky and damaging to the free world. We've seen Russia, Russia is very good at this. Finally, number five, the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations. That's the one for me where it's like, okay, great. We knew that. The lessons call for a coordinated and comprehensive strategy.
Laws of Cyber
Eric: Brad Smith and Microsoft have been talking about, I believe they were the big ones on the digital GE Geneva convention, "We've got to have some laws of cyber," they've been doing it for years. Brad's been number one on this from my experience in the industry. I think this is a continuation of that. But that is what the report is about. It's very good, and we can talk about it. Then we have the IT army, the Ukraine IT army.
Rachael: I know there's so much to dig into there and the implications of such as well.
Eric: So, the first one is the distribution of digital operations in wartime. I think it's in the full reading, which is absolutely worth a read if you're in this business, but I think the paper starts out with a story about the second war. How in London, the UK, the British government had to move its communications equipment underground into cabinet war rooms because of the Battle of London. The blitz.
They were getting bombed and they needed to continue to communicate. So what do they do? They distribute and protect their assets. What did we see in this case? On the 17th of February, the Ukraine government changed their law. They took some action a little more than a week before the conflict went kinetic, and went physical when it started.
Rachael: Which is interesting timing.
Eric: I think it is. One of the things that I observed in the press, and I'm just talking about free press here, is no other intelligence gathering. It appeared that President Zelensky and the Ukraine government did not feel the Russians were going to roll across their borders on the 24th of February.
[08:57] The First Cyber War Took the World by Surprise
Eric: They hadn't distributed a lot of their physical, traditional defense assets. We saw a lot of planes, air, helicopters, and assets that were caught unaware. They hadn't mobilized their version of the national guard yet. I'm trying to remember back to that four months ago at this point, but they really didn't appear to think that the Russians were going to roll across the border when they did. They almost were taken somewhat by surprise.
But what they did do a week before was they allowed Ukraine to change the law, which allowed them to distribute data and assets outside of Ukraine, compute, and data. I think it's brilliant. The Ukrainian data protection law prohibited government authorities from processing and storing data in public clouds, stroke of genius, they changed it. A week later, they were at war but they had assets.
I was doing some research the other night, and some of the first assets that the Russians hit with physical, kinetic weapons, bombs, and missiles, were known Ukrainian data centers. If all that processing, all that communications equipment was resident just in the country of Ukraine, it's easily targetable, easily accessible. Clearly, if you break down communications, you've got a problem. I think that was a stroke of genius.
Microsoft talks about the next 10 weeks. Obviously, they didn't move it overnight, but in the next 10 weeks, they moved many operations and data to distributed cloud environments. If you look at Microsoft's regional data centers in Europe, they're in Frankfurt, Berlin, Marseilles, Paris, and Northern Italy.
Measures to Ensure the First Cyber War Doesn’t Escalate
Eric: They have data centers all in the NATO countries, the European Union. What we saw here, which I think just underscores the brilliance, just like equipment that the NATO countries are moving into Ukraine, wartime equipment, military equipment, it hasn't been touched until it crosses the borders into Ukraine.
The data assets have been relatively protected also because they aren't inside the borders of Ukraine. I think Russia's trying to ensure that this conflict doesn't escalate. And I don't think at this point, especially with what we've seen from Russia's military effectiveness, they want an all-out conflict with NATO.
Eric: You just don't, that's pretty evident. So they move the data and it's protected just like a US Howitzer is when it's sitting in Poland waiting for movement into Europe. Brilliant move on their part.
Rachael: They've spent years, I think, working to this. They've had several years of preparedness, of knowing what's coming. In the event of a quote-unquote cyber war, they knew they had to move quickly if something did happen, perhaps. So if anyone knows the Russian tactics, perhaps in the cyber realm, it is Ukraine. So very smart timing.
Eric: We've had several people tell us, and I've talked to others off the air, that Ukraine has probably the best cyber defenders and offensive teams out there. Big why they get so much practice. They're very good. In fact, I forget who I was asking. I said, "Even better than Estonia and Lithuania?" "Absolutely. They get so much practice."
Rachael: We'll get into the IT army later. I don't want to talk about it just yet, but I think that's a nice segue there as well.
Eric: It absolutely is. The other benefit I see when you move that infrastructure to the cloud is you don't have to deal with the responsibility for the security of the cloud. If you look at the AWS shared responsibility model, Microsoft and I'm assuming Google, are similar. The difference is, that you're no longer setting up servers, setting up the networking.
You still have to have connectivity to your processing centers, but a lot of the software, the compute, the storage, the databases, the networking, all that global infrastructure, the redundancy, that's all taken care of by a CSP. You don't have to worry about it as much. When you're in a time of conflict, what do you want to do? You want to slim down and focus, simplify and automate as much as you can. You're pushing that off to third parties.
In Microsoft's case, in the report, they claim, and this is a little salesy, that this whole effort so far has been $107 million of technology services to support the effort. Helping 20 ministries and more than 100 state agencies and state-owned enterprises. In total, Microsoft has provided $239 million in financial and technology assistance to support Ukraine.
Now, I don't want to turn this into a Microsoft commercial but let's assume it's even loosely accurate. What Microsoft is doing, and we can assume that other CSPs may be doing the same thing, is providing capability that the Ukraine government and the Ukraine people don't have to do, freeing up resources for offensive operations, and kinetic operations, whatever it may be. A simple example might be patch management. I'm running a whole server farm, how do I keep them patched? How do I keep them up to date? My servers.
The Networking Sides of the First Cyber War
Eric: So, Ukraine must do some of that, but some of the networking sides, the different compute capability, Amazon, or Microsoft will help you do that. You don't have to do all that patching; you have to do some but not as much. The other thing is, Microsoft would say they're providing key vault, they're providing DDoS protection, Azure information protection.
I think a lot of the data they're getting is through Microsoft Defender. They've got a good lens on things. When a new attack is out there, Microsoft can stop it before it gets to the actual compute platform itself, or Amazon can in this case. I think that's a huge benefit to Ukraine.
Rachael: You heard a lot at the beginning of the conflict about their minister of digital transformation, Federov. I know he was very active on social media, but it seems like there were some within the Ukrainian government appointees that were cyber-savvy, and technically savvy as well. They, I think, were reaching out to a lot of folks for help and getting it. It's wonderful to see that come together.
Eric: I think that goes back to they've had a lot of practice. Was that 2017, targeting Ukraine. Lots of practice here. It is top of mind. One of the things I observed in the Five Eyes governments, my customer base is over the last, 12, 13, 15 years I've been in this business. The infosec/cyber security knowledge, awareness, just general understanding, and focus have increased, I don't know, tenfold?
Rachael: Probably more.
The First Cyber War Calls for Cyber Savviness
Eric: We've had several congressmen on the podcast, we've had general officers. Across the board, cyber savviness has increased. People are more aware. Nobody more than Ukraine, in my guess, because they've had so much practice.
Rachael: It's unfortunate to say. I think back in 2017, we were still like, "We need to elevate the cyber discussion." As a result of so many of these devastating incidents, I think everyone's now so keenly aware of the threat and they have to step up the cyber game. It's a good thing and a bad thing that we got here, but thank goodness we got here, I think.
Eric: We have a long way to go. As John said last week on the show, he's very optimistic. We're making strides. I'm not quite as optimistic, but we have a long way to go, and let's see how we get there. So umber two here, cyber threat intelligence and endpoint protection advances help Ukraine.
I mostly agree with this. Brad Smith says a defining aspect of these attacks so far has been the strength and relative success of cyber defenses. It goes back to the Ukrainians being some of the best in the world at protecting their nation, and the ability to go offline. But I think there's more here to this.
We saw Connecticut, the missile attacks on government data centers, and the distribution of assets. There is a lot of third-party help going to them. They distributed that compute. The other thing we've seen is, that once things go kinetic, physical, bombs, missiles, tanks, infantry aircraft, I think the government of Russia wasn't exactly coordinated, especially in the beginning.
[18:50] A Call to Soften the Battlefield of the First Cyber War
Eric: It appears to me like their military was surprised that they were going into Russia. We've read enough reports to believe that's probably pretty accurate. I think the cyber forces in Russia were probably surprised and they didn't have time to soften the battlefield. They didn't have time to do the preemptive work that they needed to do. They're still being serviced by NATO, by the friendly countries. We're providing capability.
Microsoft talks about this not just being a government problem. That, unlike typical conflict war, this type of conflict war is digital, and the commercial industry has a big part. To this report, Microsoft has a really big role to play here, and they talk about it. They've got all the sensors that they have.
They see as much as or more than the government. They are a sensor input to the US government also. We have, we have Jen Easterly in CISA with shields up. We're telling the US, "Get ready." Why? Well, the commercial industry and the government are seeing all of this activity pick up. I think we are getting better, but just like we're providing intelligence to the Ukrainians from the ISR overflights of Europe. Before the war started, we were flying over Ukraine monitoring the posture of the Russian army.
What are they going to do, and how are they changing? How many troops are there, and how many are coming in? All those ISR flights, by the way, moved outside of Ukraine. We didn't want anything to happen in the Black Sea.
The Kinetic Aspect of the First Cyber War
Eric: They only go so far north, and you can see a definitive line on those ISR overflights, mostly P3 aircraft. But you see the line where they will not go north because we don't want to have an accident.
Rachael: That's a really good point because there's the kinetic aspect. In the physical war that everyone is, there is that line that seems like all sides are trying to be very careful not to overstep. However, I have heard it characterized, and in that IT army report as well, some are positioning this as the world's first cyber war being waged. It’s really interesting when you look at the physical and the cyber sides. One line is being walked incredibly carefully and the other line seemingly doesn't exist.
Eric: It's a new world order we're dealing with.
Rachael: Would you characterize this as the world's first cyber war? I've seen a lot of, I guess, of that positioning, or maybe I'm just not looking hard enough. I didn't really think about it that way, but I guess if you step back and look at all the players, perhaps yes.
Eric: It's a good question, one I can't answer. I think we probably have to get some of our legal experts on. I've always thought that war had to be declared. But we're in this special operation and the US had its operations in Afghanistan, and Iraq, and Vietnam, and Russia went into, is it a war? Is it not? I don't know. People are shooting at each other, people are dying. From a cyber perspective, people are attacking other people. We don't have any reports right now of cyber conflict causing death or dismemberment or harm. Is it a war?
Is the First Cyber War Legally a War?
Eric: I don't know if it's legally a war, but with the special operation, it's clearly a war. You go back 300 years, to an invasion across a country's border into another country. That's war. We're doing it with cyber tools. I think that's probably a war. Certainly, I am not the authority on this. But is it the first?
We've talked on the show a lot. We have been in a low-grade cyber conflict for how long? Look at SolarWinds or Sunburst. Like look at that from a year and a half ago, look at all the attacks we've seen. Is it war? Does it matter what the naming is? Obviously, a country is reaching into another country with the intent to do harm. That's probably not a good thing.
Rachael: No, it's not. It's not one country either, as we know. There are several large countries that have been executing said exploits. That could be a whole podcast episode on its own.
Eric: I don't know that there's a definitive answer, but especially as time goes on, we are seeing cyber activity in conjunction with physical activity. We've also seen that the physical attack really overran the cyber activity very quickly. I think I saw a Twitter post from Dimitri Alperovitch, a friend of the show, and co-founder of CrowdStrike. He showed a picture of an electric substation or generation plant that got hit by a missile.
I think it was a ballistic missile or missiles, and it's clearly destroyed. His commentary is about how the physical attack on an electric substation or generation facility, whatever it may be, is much more damaging, much more lasting, and much more costly than a cyber-attack would be.
Can the First Cyber War Become Physical?
Eric: I fully agree with that. Unless you can do something through some cyber-attack where you create an explosion, a fire, or something that makes it go physical or destroys, the destruction of equipment facilities people, you could be on a similar path here. But for the most part, kinetic destruction is much more difficult from a reconstitution effort than a digital one, from what we've seen in our time. So first cyber war, I would say no. Cyber war, yes.
Will things get better or worse? Worse. One of the things we're seeing is it appears that Russia has been very careful here to not launch attacks like the destructive worm-able malware. I think that they call it to jump across international borders. They're very targeted. It appears that they're trying to keep things mostly constrained, minus espionage, in the country of Ukraine.
The other thing I want to talk about quickly is this comment here that Brad Smith made through Microsoft. In section two, "The role of the private sector that it now plays in protecting a country in a time of war. Unlike the land, sea, and air cyberspace is owned and operated in part by companies." That's what I was talking about. You'd normally call the Army for land, the Navy for sea, Air Force for air.
For cyber, they all have components, and now we have cyber command and so does everybody else. But this makes this war very different from major wars of the past, as Microsoft talks about it. Brad continues on, "It imposes a heightened responsibility on tech companies to use the best technology available and sometimes take extraordinary measures to help defend a country from attack."
Why the First Cyber War Is a Societal Issue
Eric: Then he goes into, "Even at no charge, in the case of Microsoft support for Ukraine. This stands on its own.” There's a responsibility there.
Rachael: There really is. It gets down to cyber truly is a societal issue, and we're all in this together. If there's no cooperation, and coordination, we're never going to win, and get further behind. It's an important point, but it's also all these companies doing the goodwill from their perspective versus like the coordinated cyber-NATO, if you will, response, which makes it interesting. Does one company do all the heavy lifting and others chip in? How do you distribute that assistance in kind of an equitable way? I don't know. It's a big question.
Eric: What is the role? We're seeing more government and private industry partnerships with things like the JCDC in the US. In Russia, you see the direct control of companies. As reported with Kaspersky and the Russian government and people fleeing Kaspersky at this point. There are different levels of interconnectedness. I think this will be a space to watch over time.
I think we'll see over time as it evolves, a lot of change. But one thing I will tell you, just like the government, it doesn't make sense for the government to make semiconductors anymore. The government used to be the farthest ahead in that. The private industry now does it. In cybersecurity, is the government making tools? They don't have the visibility, the view. Microsoft has 400 trillion, I think they mentioned, transactions a day, or incidents they're noticing a day.
Rachael: Something remarkable.
[28:30] What the Government Doesn’t See
Eric: The government doesn't see that. In the US, the government can't even look at activities on US IP addresses, US computers, US systems, you name it.
Rachael: I understand that kind of government oversight, but it is fascinating that so much power does lie with private industry here.
Eric: Those are our laws, it has to. I don't know, and it evolved that way.
Rachael: It's a hard one.
Eric: In cyberspace, it's not like the authorities are going to protect you, as, John said on our last podcast. Law enforcement doesn't have the talent, the capability, or the number of personnel to really help us. That's why programs like Shields Up from CISA, their guidelines, and the recommendations, you get a lot from them. But you see a lot of content coming out of NIST and CISA and the like on, "Here's what you should do."
You don't see that on the kinetic side. We've got an Army, an Air Force, and a Navy for that. There's no pamphlet, "If there's a Russian sub off the coast, here's what you should do." If there were, it would be like, "Call the US Navy." But in cyberspace, those boundaries are gone, which is interesting. Let's keep the show moving. Allied government network penetrations increase.
To me, this is a no-brainer. Of course, they're increasing. They have a little map showing basically most of NATO, the US, and Canada, the Five Eyes countries, where network penetration and espionage are strategic in nature. It’s primarily targeted at obtaining information from the governments and agencies that are playing critical roles. You and I talked about Brazil last night. We looked it up, and Brazil is the biggest buyer of fertilizer from Russia.
Understand What NATO Is Doing
Eric: Brazil is also neutral in the UN against Russia. What's happening here in this special operation or war and why? They want to continue buying fertilizer because the nation of Brazil needs it, that’s my guess. The other thing we see is India is a country there, and a number of the Mid East countries are listed on the map. Why?
I think what we're seeing here is the Russians really need to understand what NATO's doing and thinking. What these independent third-party countries, Brazil, India, and the Mid East, what these organizations, the governments, and the companies within those countries are looking at, are doing. They want to understand from an intelligence-gathering perspective, what the story is, and what the messaging is.
They know where they stand. One of the things that I think is interesting here, is there's nothing on Russia and there's nothing on China.
Rachael: When you look at the map too, it's just blank. There's nothing there.
Eric: So, it raises a few questions.
Rachael: Why is that?
Eric: Does Microsoft not want to talk about it? Does Microsoft not have sensors in those countries, or enough sensors to really detect anything?
Rachael: I think I'd rather not talk about it. If I were Microsoft, I probably wouldn't go through that door myself.
Eric: Certainly, on the China one, you want to be very sensitive. But you know Russia has an interest in understanding where China sits on this issue. They had an agreement, I think a week before the special operation kicked off, the conflict kicked off, at the Olympics. Maybe it was two weeks before, a strategic partnership was reinforced or announced between China and Russia.
Will the First Cyber War Change Relationships?
Rachael: Okay, "I just rolled into a neutral country with tanks and aircraft and bombs and missiles. Is that going to change my relationship?" I'd want to know that. At some level, Russia has to figure out what that means for them and how that works. I don't know, maybe they don't want to, maybe Microsoft doesn't want to publish it. Or one of the other problems is, that Russia does not use a lot of US security capabilities.
It's not a massive market, I don't think a lot of people understand that. I think, GDP wise it's like Italy's size. One thing we haven't talked about yet, just a sidebar in this part of the Russian network intrusion efforts, it was saying that there were 128 organizations in 42 countries outside of the Ukraine that has been targeted. But Microsoft was finding those were successful 29% of the time. Depending on how you look at that number, is that a high or a low number?
Eric: My initial read was, that's a really high number. If you take it on the surface, we have no idea how many millions of attacks were launched against these countries from an espionage perspective. But 29% of, let's just take a million. That's a lot of success. I don't understand, it's not clear in the paper how Microsoft is measuring this. Is it a campaign instead of a specific attack?
How do they define attack? To me, 29% is very high from what I've seen in my experience. Usually, you have a very tiny amount of malware that's successful compared to the just volumes of it that have blown out there. You know unless it's a very targeted attack.
The Degree of Russian Success in the First Cyber War
Rachael: I highlighted in the report where it said Brad Smith had said that number likely understates the degree of Russian success, which I think is really interesting. To your point, I agree, it seems like a high number. If it's higher than that, wow.
Eric: It would be great to get Brad or somebody from Microsoft on the show to really get the context under that. I saw the chart and we can see they're attacking; the US was number one. They were attacking governments, but also commercial organizations, and NGOs. What they're trying to do is really understand what's going on, and I don't know how Microsoft measured it.
I believe that in most cases a persistent adversary can beat a defender's defenses and get to what they want. If a third at the time said, "I want to understand what this NGO is doing," breaking into a third of them, a determined adversary. Okay, I could see it if you're measuring it that way.
Rachael: It was interesting that Estonia was one that Microsoft said had detected no Russian cyber intrusions, and they credited that to their adoption of cloud computing. I thought it was interesting, of all the countries in proximity to have unscathed, if you will.
Eric: Once again, is this blatant sales play for the Azure cloud, or do they not have sensors there, or do they just miss things? Zero days are zero days for a reason, we don't know about them. You don't know about them until you detect them. There's no way to guarantee that you're, you haven't been penetrated, you haven't been breached.
Rachael: Ostensibly, this report is from February to the present day.
Global Cyber Influence Campaigns
Eric: From February to January, I don't know at what point in time they stopped and said, "We have to go to editing and publishing." But yes. Number four, Russian global cyber influence campaigns. This is the biggest concern to me. The Russian Internet Research Agency is a great example. We've heard about them for almost, probably a decade now.
An example working to actually sway public opinion in the countries across the globe. That's what we're talking about here. Foreign influence operations. They're cheap, they're easy, they're highly effective, and they talk about propaganda consumption in Ukraine. There's a massive spike.
Rachael: Was it 116%?
Eric: I think it's more than that, right as the war kicks off. Russia does the same thing in Russia. They do it in the US. There was an example of COVID in New Zealand, the most vaccinated, most COVID-protected country in the world, I believe. They compared and contrasted the messages that Russia was putting out in Russia about getting vaccinated. Then in New Zealand, how the vaccines aren't working.
This is the most concerning to me because I think the average person doesn't have the ability or the time or doesn't take the time to actually go out and validate with reputable sources what's going on in the world.
Rachael: It's a lot of work. You're bombarded with information. I just got on TikTok over the weekend just to see what’s that all about. But it isn't, you're just flipping through and you see someone, for one of them was like, "I lost 230 pounds in four months and without diet or exercise." The post has 100,000 likes and comments. You start wondering, "That doesn't sound humanly possible." But then you're like, "What if?"
[38:59] That Seed of Doubt Can Sprout the First Cyber War
Rachael: There's always that seed of doubt in anything. Taking the time to go and research if this is for real or not takes a lot of time and effort. It's a lot easier to go, "That's pretty cool, and maybe that's possible. Let me do that and then tell somebody that's possible," and then propagate the lie unwittingly in some regards. Or just figure other people are going to look it up for themselves and validate. It's a lot of work.
Eric: When you have multiple sources. Russia doesn't go out and put something on the front page of the New York times and say, "I'm done."
Rachael: The groundswell.
Eric: It's that groundswell. We saw in the states back a couple of years ago, we saw actual rallies where the Internet Research Agency got both sides from St. Petersburg, Russia to come to a place, I think it was Texas or Arizona, and have a protest. They were protesting their issues. This was done in St. Petersburg with Americans. It's really hard. Microsoft does talk about something called Microsoft's AI for Good Lab.
I'd love to know more about that. They've even created a Russian propaganda index, an RPI, which is how they're measuring it. I think it's great to have a methodology. I think we should really try to get some more there. Then they talk about some other third-party reviewers, which I've heard of before. I don't know a whole lot about them, News Guard and the Global Disinformation Index. We've got to get somebody on the show from the Global Disinformation Index.
Justifying Attack Capability
Eric: A 216% surge in Ukraine, was a 216 and 82% increase in propaganda in the US. It was all around justifying the attack capability around the terms of the surrender, what they're looking for. It's trying to get the American people to reach out to their politicians and sway public opinion to make Russia look good or to make Russia better.
Rachael: It can be surprisingly effective. It's, you start small and grow the lie.
Eric: Here's some COVID-19 messaging. In Russia, it was lockdowns and boosters that prevented transmission. Russian public figures are testing positive, and cases and deaths are increasing in Russia. Vaccinations fail to curb transmission and are ineffective against new strains. That's what they're kicking out in the English world. The Pfizer vaccine has dangerous side effects, Pfizer and Moderna conduct unregulated trials. That's Russia telling the American people.
Rachael: People want, they're already skeptical of anything developed so quickly. It's very easy to tap into that, it's just vulnerability. Take the oldest trick in the book, finding the vulnerable and taking advantage of that.
Eric: This is probably the biggest concern I have, and there's a really good chart on. The US and China tend to operate in sync with one another, and it shows the divergence. When you see a divergence like that, a change, to me, that's usually, there's something here we need to dig into.
Rachael: There's a mitigating factor.
Eric: You can really see as the RPI for Canada increases while the US doesn't increase to the same extent, you can see that there's active targeting going on there. Why Canada versus the US? I can't tell you. Somebody obviously determined that we're putting resources here for a reason. What that reason is, I don't know.
Full Range Cyber Threats Leading to the First Cyber War
Rachael: Number five.
Eric: A strategic response to the full range of Russian cyber threats. This is Microsoft saying, "There are four tenets to countering the Russian cyber threats." Digital tactics, public-private collaboration, multilateralism, and free expression. This is the one to me which is like, of course. I do agree with the public and private collaboration, and with what they're saying here. This is motherhood and apple pie, we should all do this. I'd love to see more about how.
Rachael: It's, they only had so much time to put the report together. I think there should be an ellipsis at the end of this report, more to come.
Eric: Now, I will say in ending, we are seeing this collaboration that Brad Smith and Microsoft talk about. I mentioned the ISR and the overhead capability that we're providing to them. There's a reference in here back to the Battle of Britain about radar and how it made such a difference. You couldn't really see it, but it provided that intelligence, that capability to allow the Brits to know when the Germans were coming and know where, and how with a smaller air force and on the defensive to multiply their force.
We're doing that, we're doing that in cyber. General Nakasone on June 1st was quoted in Sky News. He confirmed for the first time that the US conducted a series of operations. I'm reading this to make sure it's exactly right. I've mentioned it on the show before, "In support of Ukraine," as a response to the Russian invasion of Ukraine, "We've conducted a series of operations across the full spectrum, offensive, defensive and information operations."
The Coalition of the Willing
Eric: I think you're seeing here the coalition of the willing come together, commercial organizations like Microsoft and many others. You're seeing governments come together and work together. In this interconnected world, we live in, I think that's a very necessary and good thing.
Rachael: It absolutely is. I do want to close with more of the ellipsis’ conversation, with all of this support, which has been wonderful, and this IT army and the volunteer cyber army.
It's like everyone on the defense for both sides, is setting us up for a really interesting path ahead. A lot of these, if you're not the government, but you're trying to help Ukraine with offensive attacks, that's a real gray area. I highly recommend everyone go take a look at this
IT army of Ukraine report. They do call out, that it's a hybrid construct that's neither civilian nor military, neither public nor private.
Eric: Nor regulated.
Rachael: Nor local, nor international, and neither lawful nor unlawful. It’s a highly gray area operation here. We're really setting the stage for what's to come out of this. It's a dangerous, scary, yet very interesting time that everyone should keep an eye on. I don't know that's getting talked about as much as maybe it should be.
Eric: We should get Stefan on the show. I think that would be a great interview. As we're closing out here, do you want to tell our audience how many people are reportedly estimated to be in the IT army of Ukraine?
Rachael: I think there was in the hundreds of thousands.
The IT Army of Ukraine on Their First Cyber War
Eric: They estimated based on the Telegram channel subscribers up to 300,000 personnel in the IT army of Ukraine. At one point, I think the Russians hit 100,000 troops on the border of Ukraine in Russia, and they might have gone up to 150, 160,000, don't hold me to that. I’m just putting it into perspective, let's assume it's 150,000. It was never 300,000, twice as many people in the IT army of Ukraine.
Rachael: They're all distributed right across the globe, I suspect. How do you manage that? Who's coordinating that effort and yes, lots of gray areas. It's a fascinating topic. I think the years are going to show us ahead how that transpires and the impact of such. Definitely,
I want to get the report author on our show. I have so many questions for you, Stefan.
Eric: I just did a quick Google search here, the United States Army in total, active-duty members, and personnel is around 482,000 as of 2020. The Ukraine IT army is what, two-thirds of that? That's people attacking Russia. We don't have a lot of data on the impact in Russia, but it's definitely something we should talk about and tease out in the future.
Rachael: This has been great. Everyone, thanks again for joining us another week. Never forget to smash that subscription button, get a fresh episode every weekend, and more discourse on this fascinating topic. Until next time, be safe.
About Our Hosts
Listen and subscribe on your favorite platform