Russian forces usurp Ukrainian internet infrastructure in Donbas

Russian forces have taken over internet infrastructure in Ukraine and rerouted traffic to Russia-controlled operators, making Ukrainians’ data vulnerable to interception and censorship by the Kremlin.

As Russia has renewed its offensive on the southern Donbas region over the past fortnight, shelling and power cuts have caused the nation’s biggest broadband and mobile internet providers to lose connectivity across large swaths of besieged regions.

A fibre optic cable in the city of Kherson was taken offline last weekend and rerouted to a separatist Crimean operator called Miranda-Media, meaning broadband data was directed out of Ukraine and into Kremlin-controlled regions, according to Ukrainian officials.

The move mirrors the way telecommunication networks were usurped and data rechanneled in the areas of Donbas captured by pro-Russian rebels with Moscow’s support following the 2014 annexation of Crimea.

Efforts to reroute data have alarmed internet governance specialists given Russia’s overt ambitions to instate a sovereign and centrally governed web. Control over the flow of internet traffic from besieged areas of the Donbas, they argue, could offer Russia access to a trove of Ukrainians’ personal data.

“In Russia, internet traffic is regulated by Russian forces — they collect data and they find those who support Ukraine and try to quash the resistance movement,” said Yurii Shchyhol, the head of the State Service of Special Communication and Information Protection of Ukraine.

“The enemy understands that their mission is to eliminate Ukrainians’ access to their own internet and they have experience from 2014 of how to do this,” he added.

A fibre optic cable in the city of Kherson was taken offline last weekend and rerouted to a separatist Crimean operator © Olexandr Chornyi/AP

As well as the rerouting of data packages, in the past fortnight the Russian army has facilitated attempts to set up new internet service providers in parts of Luhansk and Donetsk that are under attack, with their IP addresses registered to Russia and separatist regions of the Donbas that were captured after the 2014 war.

Local reports in Russia-backed outlets boast of new internet companies being set up and new base stations being built in the southern towns of Novokrasnovka, Starchenkovo, Khlebodarovka and Berdyansk.

Over the past 10 years, the Russian government has implemented increasingly stringent rules to govern the domestic internet — dubbed “Runet” — which culminated in a “domestic internet law” in 2019.

This new legislation sought to centralise control over internet infrastructure, demanding that all service providers channel traffic through filters controlled by the Kremlin’s digital censor Roskomnadzor, making it easier to enforce blocks on banned websites.

It also mandated the creation of a domestic domain name system, whereby Russia would store and control access to internet IP addresses, and could therefore identify individuals and theoretically siphon itself off from the global internet.

Russia and Ukraine have some of the most complex internet markets in the world. The distinctive nature of both countries’ internet dates back to the Soviet period, when chronically low bandwidth encouraged the creation of thousands of small and local internet providers — a dynamic that continued even after the dissolution of the Soviet Union.

The thousands of different network providers that make up Ukraine’s internet, and the large amounts of redundancy built into the system, have made it surprisingly resilient to Russia’s two-month assault, as have the efforts of telecoms company staff and civilians who have fixed damaged fibre optic cables and towers.

But a brutal onslaught in a much more targeted location in recent weeks has pushed the resilience of these systems to a breaking point.

Three of the biggest internet providers in Ukraine have registered severe damage to their internet infrastructure and following that, a drastic drop in coverage in the Donbas.

Kyivstar, Ukraine’s biggest broadband and mobile provider, is able to provide connectivity to only a quarter of the people it was prior to the Russian offensive in Donetsk and 10 per cent in Luhansk.

Telecoms group Ukrtelecom has no connectivity remaining in Luhansk, while rival Lifecell has around 9 per cent connectivity in Luhansk and 66 per cent in Donetsk.

A woman works on a laptop in one of the rooms of the center for the arrival of Ukrainian refugees on March 4 2022 in western Ukraine.
Three of the biggest internet providers in Ukraine have registered severe damage to their internet infrastructure © Lorena Soopena/Europa Press/Getty Images

“It is likely that if Russia succeeds in keeping hold of the occupied areas and stabilising the front, these parts of the Donbas will at some point be attached to the Russian internet, via Crimea and Donbas,” said Louis Petiniaud, a postdoctoral researcher at the University of Paris.

Investigative work undertaken by Petiniaud and others at the University of Paris showed how, in the years after the 2014 invasion of Crimea and the ensuing offensive in the Donbas region, data pathways were altered and packages were rerouted away from Ukraine and towards Russia.

Ukrainian telecom group Lifecell has first-hand experience of these tactics. During and after the 2014 assault, the Russian army destroyed all of the terrestrial cables connecting its base stations in occupied territories of Donetsk and Luhansk with the rest of Ukraine. The company and its peers lost connectivity entirely, and were replaced by Russian-backed providers.

Other countries have taken similar moves to alter the routes taken by communication data. In 2019, Iran adapted the structure of its web to isolate its pathways and data from the global internet following widespread social unrest. Pakistan is investing in a cross-border terrestrial cable with China, in a move seen as an attempt to ensure its data bypasses India and Western telecoms companies.

The expropriation of internet infrastructure seen in the Donbas today is part of a wider drive to “Russify” newly occupied territories in the south and is a major step in the “transfer of assets to the Russian forces”, said Alp Toker, director of NetBlocks , a watchdog that monitors cyber security and the governance of the internet.

“Undoubtedly, this is just the beginning,” he added.

Source link