iCSS researcher co-authored a research paper on exploring the impact of DDoS hacktivism in the Russo-Ukrainian War

ACSAC2024-Paper338-Cover

iCSS Core Member and Operations Lead Dr Budi Arief and his collaborators, Yağız Yılmaz, Dr Orçun Çetin, Ömer Said Öztürk and Emre Ekmekçioğlu from Sabancı University (Turkey) and Professor Julio Hernandez-Castro from Universidad Politécnica de Madrid (Spain), have found evidence that the Russo-Ukrainian War had spilled into the cyber space, demonstrating that modern warfare is likely fought both in the physical and cyber realms.

The team’s recent paper, “Assessing the Silent Frontlines: Exploring the Impact of DDoS Hacktivism in the Russo-Ukrainian War”, was presented at the prestigious Annual Computer Security Applications Conference (ACSAC), which celebrated its 40th anniversary in Honolulu, Hawaii, USA during this year’s conference on 9-13 December 2024. See the video recording of the paper’s presentation given by Professor Hernandez-Castro at the Conference.

The research assessed the impact and effectiveness of Distributed Denial of Service (DDoS) attacks conducted by entities associated with the belligerents of the Russo-Ukrainian War. DDoS attacks – in which an attacker would bombard their target’s website with a high volume of internet traffic in order to disrupt, overwhelm, or even take down the services provided by that website – are increasingly utilised in modern armed conflicts and political tensions between nations. This signals a significant shift in the landscape of modern conflict, underscoring the increasing importance of the cyber domain as part of the battlefield. This transition not only amplifies the complexity and reach of conflicts, but also introduces many novel cybersecurity challenges. For instance, DDoS attacks and other forms of cyberattack may act as extensions of state power and serve as asymmetric tools for non-state actors to take part and contribute in the conflict, in order to accomplish strategic objectives without resorting to open warfare. As such, DDoS attacks play an important role in modern hacktivism, in which volunteers would donate their time and resources – and even systematically organise themselves by creating and maintaining targets list – to support their side of the war.

The lead author, Yağız Yılmaz, is a former Master’s student at Sabancı University. He explained the motivation behind this research: “We knew that DDoS attacks are widely deployed in the Russia-Ukraine cyber conflict, however their extent and effectiveness were still unknown. We aimed to address this gap through our study, based on empirical data gathered and analysed from the conflict.

To be able to measure the reach and actual impact of DDoS attacks in the Russo-Ukrainian War, the team compiled two lists of DDoS targets – one for each side of the war. The team then set up several monitoring servers across the globe to observe and collect data regarding the Quality of Service of these targeted websites. The data provided quantitative measure of the performance and the status of the targets after experiencing DDoS attacks, allowing the team to measure the effectiveness of these DDoS attacks.

One of the key findings from the research is that the pro-Russian side appeared to have more impactful attacks than the pro-Ukrainian side. Over one-third of the websites targeted by pro-Russians entities went completely down, while only one-quarter targeted by the pro-Ukrainian entities suffered the same fate. Dr Arief added: “An interesting observation from this study is that there were many instances of repeated target registrations by pro-Ukrainian entities. On the one hand, this might indicate a higher level of hacktivism among the pro-Ukrainians, but unfortunately this did not necessarily translate into a higher rate of success.

One of the most common ways to combat DDoS attacks is by employing DDoS protection companies. Dr Cetin mentioned another important observation: “We found that the rates of DDoS protection usage were remarkably low: overall, below 14% of the targets showed any indications of using these services. Additionally, we observed that some targets in Russia were able to obtain DDoS protection services from companies based in countries that are supposed to be applying an embargo on Russia, notably the US.

The latter observation opened up an interesting debate, as pointed out by Professor Hernandez-Castro, an iCSS Honorary Member and also a former professor at the University of Kent: “We were quite surprised to discover that a significant number of targets on the Russian side were using anti-DDoS services and technology provided by countries that have for a long time imposed economic and commercial sanctions on Russia. This may or may not be strictly illegal, but it is without question against the spirit of these sanctions.

The authors’ version of the paper is available to download from KAR (Kent Academic Repository) of the University of Kent at https://kar.kent.ac.uk/107797/.