The Digital Tremors of the Russia-Ukraine Conflict
As tensions rise on the Ukraine — Russia border we document digital tremors already occurring in the internet space
The current conflict in eastern Ukraine started in early 2014 and has so far (based on conservative estimates) killed more than 10,300 people
and injured 24,000. Until recently (apart from a brief escalation in the spring of 2018) the conflict has been mainly a stalemate involving regular shelling
and skirmishes between Ukraine’s army and pro-Russian, separatist forces in the eastern Donbas region.
However, the situation has escalated in recent months after satellite photos revealed a built up of Russian military hardware, including tanks, artillery and armored personal carriers, on the border to Ukraine.
Despite security talks between Moscow and Western Allies, the tensions have reached a new high during the past few days when major Ukrainian government websites became the target of cyber-attacks allegedly perpetrated by Russian hackers. Some sources consider these acts of cyber warfare as the ground-work for a military invasion and the United Kingdom has already reacted by supplying the Ukraine with light anti-tank weapons.
Russia has now moved around 100,000 troops to her Western border with the Ukraine, with major troop concentrations in the Bryansk, Voronzeh, Kursk, Belgorod, and Rostov oblasts, among others. In addition, Russia has a contingent of around 5,000 troops, including artillery, armored vehicles and tanks stationed in occupied Crimea.
At the Monash IP Observatory, we monitor global internet infrastructure, in near real-time at high spatial granularity. Our mission is to document, and publicise, information and analysis on disruptions to key information infrastructure during times of geopolitical crisis (see for example Myanmar, Iran, Venezuela).
In this post, we present examples from recent measurements on how the escalating tensions on the ground can be monitored, in real-time, through anomalies in the local digital realm. The data for this report was collected by the Monash IP Observatory remote monitoring infrastructure over the period December 1st 2021 — January 17th 2022 and visualizations have been produced by our team member Associate Professor Simon Angus. The underlying data is publicly available and can be accessed below.
The Digital Tremors of an Escalating Crisis
To date, we find no evidence of significant anomalies in connectivity in the bordering regions of Ukraine and Russia. Connectivity is our measure of the number of unique, online internet protocol (IP) addresses that are online, given our breadth-first sampling approach, in a given location and period of time.
However, we have identified many latency anomalies in the region, and these form the focus of our reporting in this post. A latency anomaly indicates that the the immediacy of the connection is slower than usual. Reasons for anomalous latency are varied, but typically involve high demand, or throughput, for internet infrastructure in a region (see methods below for more information). Latency anomalies can also arise due to purposeful slowing of internet connections, sometimes by state actors.
All quiet in Kiev, but increasing ICT volatility in Eastern Ukraine and Crimea
We start with the Ukraine (see Figure 1, below). Despite the recent cyber-attacks on government websites, internet latency in Ukraine’s capital, Kiev, appears to remain within normal bounds over the observation period between early December to January 17th.
In contrast, internet latency becomes increasing volatile outside of the capital as reflected by a series of high latency anomaly events commencing in early January. In particular, Donets’k and Luhans’k in the Donbas and Sebastopol and Crimea in general, experience episode of high latency events on January 7/8th and 11/13th (indicated below).
Internet becomes increasingly unstable in Russian border regions
Next we consider Russian Oblasts on the Ukrainian border that have seen a major concentration of Russian troops (see Figure 2).
With the exception of the Rostov Oblast, we observe an increasing number of latency anomaly events in January with a major peak latency event on January 13th that coincides with the latency anomaly event in the Ukrainian Donbas region and Crimea.
Analysis
While our measurements show that the escalation of military tensions, troop mobilization in Russian border Oblasts and cyber-attacks on Ukrainian government infrastructure coincide with an increased occurrence of latency anomalies, our technology does not provide insights about the exact causes of these shocks to the local ICT infrastructure.
It is possible that increased skirmishes and shelling had an affect on physical ICT infrastructure on the Ukrainian side of the border, while the movement of military assets including ICT infrastructure resulted in temporal disruptions on the Russian side of the border. Some of the more recent latency anomaly events could also be the result of preparations for the reported cyber attacks. There is also the possibility that some of the anomalies were cause by other, non-conflict related factors.
Here, we provide information for the internet measurement community, and wider public, for their further analysis and triangulation.
ACCESS THE DATA at Monash IP Observatory Open: The underlying data and a data descriptor are available here.
Our Methodology
To generate the data behind these observations, we combine a commercially available geo-located IP database with our powerful scanning technology which measures the online or offline status of millions of Internet addresses globally every hour.
Our observational methodology uses the most basic Internet messaging protocol that is widely used billions of times a day to establish routes for your email, tweet, or share. After developing a carefully selected set of Internet addresses (IPs) to measure, we periodically send them one of these tiny messages, essentially asking, ‘Are on you online?’. These online/offline answers form the basis for our ‘connectivity’ indicators.
Latency
By latency, we mean the average return trip time (rtt) across all unique, connected end-points in a given region, as measured by multiple signals sent from our global platform to the end-point each hour.
Latency can be thought of as the immediacy of the connection. Low latency is crucial for any synchronous internet mediated activity such voice or video chat, but is also a good proxy for the bandwidth pressure on the network at the time. If the network is overloaded latency will tend to rise dramatically as packets of information are slowed down, waiting in queues, if you will. In our team’s earlier work, we know that some governments apply slow-downs (rather than ‘shutdowns’) to make the sharing of voice or video materials practically impossible and influence political outcomes.
Privacy, Safety & Funding
The Monash IP Observatory has no access to any content being shared, viewed, visited, or generated by a user at a given IP, and all IP Observatory activity works in aggregates of thousands of randomly sampled measurements across geo-spatial sub-regions.
The Monash IP-Observatory is fully compliant with the EU’s General Data Protection Regulation (EU-GDPR). The IP-Observatory does not collect, hold or process personal data.
Our active measurement technology is remote and non-invasive, and runs autonomously 24/7, having no connection to any website or service that is associated with the Observatory. Our measurement platform runs in a series of regions and all regional information is aggregated to form a measurement basis.
The Monash IP Observatory is funded by internal funding from Monash University, together with grants awarded for further research and analysis by external partners, in alignment with Monash University’s broader mission and aims.
Acknowledgement:
The mission of the Monash University IP Observatory — ‘internet insights for social good’ — is to monitor the availability and quality of the Internet during critical events such as elections, natural disasters or conflicts. The Monash IP Observatory was founded by Klaus Ackermann, lecturer in Econometrics and Business Statistics, and Simon Angus, and Paul Raschky, Associate Professors in Economics. The observatory is a project of SoDa Laboratories at the Monash Business School, and tweets @IP_Observatory.
