Late Wednesday night, Russian troops invaded Ukrainian territories across the country’s northern, southern, and eastern borders, kicking off the largest troop mobilization in Europe in a generation. As Russian media attempts to cast the invasion as a response to Ukrainian aggression, on-the-ground reporting has played a crucial role in countering the propaganda, with footage coming from both professional journalists and amateurs on social media.
But as the conflict intensifies, many civil society groups are increasingly concerned about the possibility of direct attacks on the country’s internet infrastructure. Russia has previously been linked to DDoS attacks against Ukrainian government sites — but a full blackout would mean going further, using physical or cyber weaponry to disable telecommunications infrastructure at the network level, and silencing Ukrainians in the process.
The invasion has already reduced internet connectivity in some parts of the country. At present, outages seem to be centered around Kharkiv, Ukraine’s second-largest city, which is located in the northeast of the country, around 25 miles from the Russian border. The Internet Outage Detection and Analysis (IODA) project at Georgia Tech reported partial outages starting just before midnight on February 23rd and continuing into the morning of February 24th. Outages are affecting the Triolan internet service provider, which services a number of cities and other areas across Ukraine, including Kharkiv.
According to internet shutdown tracker NetBlocks, Triolan users had reported the loss of fixed-line internet services while cellphones continued to work.
A message visible on the Triolan website on Thursday morning advised customers of a partial or complete lack of access in some cities. Updates posted in the company’s official Telegram channel at around 10AM ET claimed that service had largely been restored, although responses suggested that many customers were still experiencing network outages.
Triolan’s updates also noted that DNS servers — which send requests made to a human-readable URL like “theverge.com” towards the IP address of a website — were experiencing unstable operations in some areas. Customers were instructed to connect using the 188.8.131.52 or 184.108.40.206 services, public DNS resolvers provided by Cloudflare and Google, respectively.
A Cloudflare spokesperson told The Verge that traffic monitoring showed Ukrainian internet services were largely operational but that connections from Kharkiv were disrupted.
“The Internet continues to operate in Ukraine for the most part,” the spokesperson said. “We saw an increase in Internet use after 0330 UTC, perhaps indicating Ukrainians using the internet for news and information. Currently, we are seeing about 80 percent of the load we usually see in Ukraine. Traffic from Kharkiv seems to be about 50 percent below normal levels.”
There are indications that the Kharkiv blackout began after explosions were heard in the area, although it is unclear whether damage was inflicted on telecommunications infrastructure at the time. A blanket attempt to shut down internet access would likely involve similar targeted strikes against other ISPs across the country.
So far, Russian forces have conducted a number of air and ground strikes against strategic targets across Ukraine, hitting military command centers and transport hubs, according to Ukrainian media; but no concentrated attack on telecommunications services has yet been reported.
However, open internet advocates fear that the disruptions could herald a strategic intent to limit information flows from the region, based on previous incidents in which internet infrastructure has been targeted in active war zones. Felicia Anthonio, a campaigner for digital rights organization Access Now, pointed to the impact of internet shutdowns in other conflict zones around the world.
“Internet infrastructure becomes a target in order to control the flow of information and gain or maintain power during conflict, as we witnessed through the destruction of Yemen’s telecom infrastructure due to Saudi-led airstrikes,” Anthonio told The Verge. “Internet shutdowns during times of crises, conflict, and unrest make it difficult for journalists and human rights defenders to get vital information in and out of these regions and for people to access crucial information that can impact their safety.”
As Anthonio points out, blackouts have been used in military actions before. Only a month ago, a strike against the Yemeni port city of Hodeidah damaged undersea cables bringing internet to the country, leaving almost all of the country without internet for at least three days. Elsewhere, shutdowns can be used as a tool of governments seeking to quash internal dissent: the highest number of shutdowns in 2020 took place in India, where the government cut internet services in the disputed Kashmir region more than 100 times.
If such a shutdown did take place, there’s little doubt it would benefit Russia, at least in the short term. As the invasion began, many researchers sharing user-generated video from the region on Twitter found their accounts suspended, an event that Twitter blamed on a moderation error. And if internet disruptions become widespread, the risk of human rights abuses grows, according to campaigners.
“When the internet is shut down in times of crisis, we often receive reports of human rights violations perpetrated against the people by state and non-state actors,” said Anthonio. “But without internet access, it’s harder to corroborate — and that’s often the point.”