There has been a sustained cyber-conflict over Ukraine that could still escalate, a senior U.S. intelligence official has told the BBC.
Despite warnings, major cyber-attacks on the West have so far not materialized.
But Russia should not be underestimated, said Rob Joyce, director of cyber-security at the National Security Agency.
Meanwhile, independent hackers targeting Russia in support of Ukraine could also spark escalation, he warned.
“I’m still very worried about the threats emanating from around the Russia-Ukraine situation,” said Joyce.
Initial surprise that Russia did not launch an all-out cyber-assault to cripple Ukrainian infrastructure as the war began has been replaced by an understanding that there has been far more aggressive activity than first thought.
“It wasn’t one massive attack. But there’s been a sustained conflict,” Joyce said.
This included Russia deploying eight or nine different viruses to wipe computer systems. On Tuesday the U.S., U.K., EU, and other nations accused Russia of targeting a satellite communications provider used by the Ukrainian military, a hack that spilled over to affect other customers in Europe.
But Ukraine’s defences have held up relatively well, partly thanks to its experience going back years.
Paul Chichester, the director of operations at the U.K.’s National Cyber Security Centre, describes the cyber-clash as “the most sustained set of cyber operations coming up against the best collective defence we have seen.”
So far, Russia has not responded to sanctions with cyber-attacks on western companies or infrastructure, as many had predicted.
But multiple officials told the BBC they were worried that as sanctions bite on the Russian economy and as the conflict continues, Moscow could turn to that weapon later in the year.
“Our worry is that it’s a decision point,” Joyce said. “When that decision point happens, there certainly is capability to come after some of that (western) infrastructure.”
As time goes on, it may be difficult to maintain the current heightened state of alert in the private sector.
Vigilante hackers just as problematic
Joyce warned another risk of escalation could come from activist or “vigilante” hackers who have been targeting Russia in a show of support for Ukraine.
Some western officials say this aspect of the conflict took them by surprise, as a cyber free-for-all broke out in which individuals were targeting Russian institutions and companies, and publishing stolen information on the Internet.
“We all want to cheer for the people who are trying to help in this situation, but it actually is a problem,” Joyce said.
“We want to hold other nations accountable for the cyber activities that come from vigilantes and criminals inside their countries. And so we have to support those international norms, we have to understand that there are rules, there are crimes, and there are lines that can be crossed.”
One risk, he said, was that Russia could interpret these hacks as having the support of western governments and then strike back. “There’s the problem of the reprisals in that whole cycle of cyber-violence,” Joyce said.
One piece of perhaps surprising news though is that ransomware attacks – when computer data is encrypted and hackers demand money for it to be released – are actually down.
Joyce said he believed this was partly because many of the gangs, which operate out of Russia, were finding it hard to use western credit cards and infrastructure to launch their attacks because of sanctions.
In his opening remarks at the CYBERUK conference in Wales this week, the Director of the Government Communications Headquarters also revealed that joint intelligence-military teams from the U.K.’s National Cyber Force had been operating against criminal gangs – including by hacking them back to retrieve credit card details that had been stolen from the public.