Might Russia have Hacked, Hijacked, and or Spoofed Ukraine’s S-300 Air Defense?

Purpose:

This brief dispatch is to point out a possible, not certain, past reference raising the issue of whether (1) Russian network attack capability and/or (2) cyberattack using backdoors could have had a hand in the errant flight this past week of what evidence so far suggests are two Ukrainian (yet Russian designed and made) S-300 anti-air missiles flying into Poland and hitting a farm, killing two people. This in light of the strong denial from the Ukrainian chain of command.

In 2007, Wired reported that Israel may have used its own tech analogous to U.S. tech developed by BAE Systems and L3 Communications to suppress air defense radar networks in Syria during Operation Orchard, which destroyed a Syrian nuclear weapons development project aided by North Korea. Wired paraphrased Aviation Week’s Radar expert Dave Fulghum to say that ‘there’s a bunch of Russian radar engineers studying the strike right now.’

Citing U.S. aerospace industry and retired military officials, Wired reported this about such technologies:

The technology allows users to invade communications networks, see what enemy sensors see and even take over as systems administrator so sensors can be manipulated into positions so that approaching aircraft can’t be seen, they say. The process involves locating enemy emitters with great precision and then directing data streams into them that can include false targets and misleading messages algorithms that allow a number of activities including control.

What makes the above troubling is as London Times reported, that President Zelensky said his country was ready to apologise if the missile turned out to be one of theirs, although he added that he had been assured by Ukraine’s military General Valerii Zaluzhny that “it was not our missile or our missile strike”.  Yet NATO cited its preliminary missile tracking evidence showing that the missiles were indeed fired by Ukraine in defense against a Russian missile barrage which defensive launches ultimately hit the Polish farm. Ukraine insisted on joining the Poles and other NATO member specialists investigating what happened. All this, made the Fulghum paraphrase in the Wired piece stand out that after Operation Orchard, ‘there’s a bunch of Russian radar engineers studying the strike right now.’ 

Fulghum followed-up with an Aviation Week piece indicating that Israel had consulted with U.S. experts before the strike and showed electronic prowess during Operation Orchard.

More information is needed to determine whether the Russians since 2007 managed to get or develop their own communication network attack capability as described above, or whether Russia may have infiltrated the S-300 supply chain to Ukraine from former Soviet states and / or advantaged backdoors placed within the S-300’s by which it might take control of them.

In March 2022, Russia threatened to attack Slovakia’s supply chain of S-300s to Ukraine, suggesting Moscow’s intense focus on former Soviet or more recently sold S-300 systems. Russia claimed it later hit said S-300s with cruise missiles which Slovakia denied happened. However, a cyber and EW attack might have been a less expensive approach to attacking the S-300 supply chain. Russia had also threatened another former Soviet satellite, Poland, if it dared supply warplanes to Ukraine.

During the ongoing investigation, data recovery from digital avionics components surviving the missile strike will become important. There are firms such as VTO Labs, that can harvest data from damaged computerized assets that may help resolve some of these questions.