Security experts say Ukraine’s request to shut down Russian domains could hurt civilians
Ukrainian officials sent an urgent request Monday to the nonprofit that stewards domain and IP systems key to the global internet, but security experts are warning that it’s not as simple as it looks.
Ukraine asked the Internet Corporation for Assigned Names and Numbers (ICANN) to shut down Russian top-level domains — such as those with the .ru country code — in response to Russia’s use of the internet as a key attack surface for both information operations and cyberattacks.
ICANN has not yet responded to the request, Andrii Nabok, head of the expert group for the development of fixed broadband at Ukraine’s Ministry of Digital Transformation and Ukraine’s representative to ICANN, confirmed in an email to CyberScoop.
The email, first reported by Rolling Stone, presses ICANN to “revoke, permanently or temporarily” Russian domains, revoke identification certificates for the domains and shut down DNS root servers in the Russian Federation.
Cumulatively, the requests would have the effect of making Russian emails and websites unreachable from the outside and make it harder for Russians to reach the outside internet, Bill Woodcock, executive director of the security nonprofit Packet Clearing House, explained in a Twitter thread.
Moreover, it could make Russian civilians more vulnerable to attackers intercepting traffic such as passwords, tweeted Woodcock, who first spotted the email Monday evening.
Other security experts also expressed concerns about the request from Ukraine.
“It’s the complete opposite of what we need,” security researcher Runa Sandvik told CyberScoop. “We should make sure that the Russian people are seeing what is happening and what their government is doing.”
“ICANN and the Internet community must reject calls for it to misuse its administration of the DNS root zone for political and military purposes,” tweeted the Internet Governance Project, a global internet research nonprofit based at the Georgia Institute of Technology.
Ukrainian officials argue that the action is necessary to shut down Russian propaganda.
“These atrocious crimes have been made possible mainly due to the Russian propaganda machinery using websites continuously spreading disinformation, hate speech, promoting violence and hiding the truth regarding the war in Ukraine,” Ukraine’s representative to ICANN wrote in an email. “Ukrainian IT infrastructure has undergone numerous attacks from the Russian side impeding citizens’ and government’s ability to communicate.”
It’s unclear if ICANN has responded to the request, though as of Tuesday the Internet in Russia appears to remain intact. ICANN did not immediately respond to a request for comment from CyberScoop.
The Russian government has in recent years worked on developing a national Internet that could work even if it was cut off from the rest of the world. A move by ICANN to shut the country off from the Internet could bolster political justifications for the project.
“It certainly plays into this argument that ‘yes, we need our own internet and we need to block Facebook and Twitter and the West is evil,'” Sandvik said.
In an effort to stop the spread of Russian propaganda, some American tech companies including Google, Facebook and have taken steps including labeling Russian state media and demonetizing it from advertising revenue. But “there’s a big difference between not distributing content from Russian states and taking any action that would prevent the Russian internet,” Sandvik said.
This story was featured in CyberScoop Special Report: War in Ukraine
