The government of Ukraine asked yesterday (the day the invasion of Russia officially began) the United States government to take various retaliatory measures against the Russian government for the invasion of its neighboring country, among they cut off software updates coming from US companies and manufacturers.
We have already been seeing since January how the war is brewing in various fields and not only in that of weapons and violence. We have reported on computer attacks in Ukraine or how the economic blockade is also a weapon of war. Even the European Union yesterday announced sending cyber operations experts to Ukraine to help fight Russia’s digital invasion.
We are witnessing the war in Ukraine in real time: citizens report on Twitter and TikTok how it is progressing
Yesterday Thursday, in a list of “suggested actions” (it was a document that was first leaked from Reuters and then shared in many media, although neither the authorities in Kiev nor those in Washington have confirmed that this list is true) sent to the administration of President Joe Biden, the government of Volodymyr Zelenskyy called for “a ban on the supply of any merchandise, including hardware and software“.
It also called for “a ban on US companies supplying and updating software for the benefit of Russian consumers.” However, it is not so clear that this action can be really effective.
What could it do to stop security updates
As users we are well aware of the need to update software versions to keep our data safe. For example, Windows, one of the most widely used operating systems, often reminds us of this, especially when it launches new versions and warns that the old ones will no longer have protection and support.
Well, in the case of a government, it should be even more important to keep the software up to date. Because much more sensitive information is handled. And more in times of war and conflicts. If Russia were prevented from updating software, this would, in theory, make systems without security patches easier to hack.
Now, it is not so clear that the consequences are going to be those. Dmitri Alperovitch, a cybersecurity expert and president of the Silverado Policy Accelerator, told Vice’s Motherboard that such a ban “is only going to drive the government further into open source [software]. And it is that Russia has been working to move towards the use of more open source software since 2010, and the Moscow government promised to eliminate Microsoft services in 2016 (as published by the Free Software Foundation Europe), a promise that he continued to make over time, thus imitating China.
If we go further, at the end of 2019 it was made public that Putin, President of Russia, was still using Windows XP with the risks that this entails, as it is a very old version of the Microsoft operating system that stopped receiving support in spring 2019. According to the independent Russian website Open Media, quoted by The Guardian, Russian President Vladimir Putin was still using Windows XP as the main operating system both on the computer at his Kremlin office and at his official residence in Novo -Ogaryovo.
The Pentagon creates a blacklist with Russian and Chinese software
Furthermore, the country has long wanted to curb software that arrives from other countries. In 2019, the Duma, the main legislative chamber of the Russian Federation, approved a bill to impose, as of July 2020, the pre-installation of software developed in Russia on all those devices that intend to be marketed in the country, from PCs to smartphones, through tablets and smart TVs.
On the other hand, Joe Slowik, head of threat intelligence and detections at cybersecurity firm Gigamon, told Motherboard that the ban could be enforced, but could affect companies’ operations Americans in Russia, such as Microsoft, which has an office in Moscow.
Who does think it could work is another of the experts consulted by Vice: Lukasz Olejnik, an independent cybersecurity researcher and consultant, said that cutting software updates is “a fairly novel idea, with possible long-term consequences.” And that is seen in how “Russia has been developing its cyber sovereignty for a long time taking into account this specific risk“, as we have been reviewing.
According to the expert, “it would leave many consumer devices open to cyberattacks, because, of course, blocking updates would also block security patches.”