Been enjoying our Fixing Aid podcast? We'd love to hear from you!

  1. Home
  2. Global

From cyber attacks to bot farms: The top tech threats humanitarians face in Ukraine

‘If aid workers can’t keep pace, they are likely to find it increasingly difficult to support and protect the civilians they are meant to serve.’

(Sara Cuevas/TNH)

New technologies are changing the means and methods of warfare, presenting a host of new threats and challenges for humanitarian actors. This is particularly true in and around Ukraine.

Parties to the conflict and NATO member states possess some of the most sophisticated technological tools in the world, from cyber weapons – such as viruses, spyware, and other malicious software – to bot-enabled disinformation campaigns. 

The war in Ukraine may prove to be as much a virtual war as it is a conventional one. Humanitarian organisations are unlikely to be spared as Russia sees them as an extension of Western and NATO influence. Yet, technological and digital literacy across the aid industry remains patchy

As the number of refugees fleeing Ukraine exceeds two million and aid agencies ramp up their response, how should they navigate this technological minefield? What are the biggest threats they could face, and how should they respond?

  1. 1. Targeted and coordinated disinformation campaigns

Since at least 2014, Russia has led targeted disinformation campaigns against Ukraine as well as EU and NATO member states. While the number of documented instances is on the rise, aid actors themselves have yet to be explicitly targeted. This could change, particularly given recent allegations of Russian attacks on civilians and humanitarian corridors, as well as its alleged involvement in cyber attacks against aid agencies in the past (see below). 

Targeted disinformation campaigns could render considerable harm to relief efforts in and around Ukraine and undermine the trust that serves as the bedrock for all humanitarian action. The disinformation campaign against the White Helmets, a Syrian civil defence group, provides one particularly cautionary example. Claims that the war in Ukraine is a hoax perpetrated by the Western media are already going viral online.  

In Ukraine, targeted disinformation campaigns could similarly shape local and international perceptions of aid agencies and their missions, undermining the fundamental trust between aid agencies and the communities they serve. They could also distort the scope and scale of threats on the ground, or provide false or misleading information about available services and support, ultimately influencing the life-or-death decisions civilians are forced to make: where to seek refuge, what kind of support is available, from whom, and how to access it. 

Bot farms can create and maintain tens of thousands of fake accounts on social media to pump out and amplify disinformation. AI-powered systems can create synthetic media and “deep fakes” that are nearly indistinguishable from unaltered videos and images. Social media platforms, like TikTok, are pushing out limitless troves of content, ripe for manipulation. The industrialised production and dissemination of disinformation is no longer the stuff of science fiction but a very real threat. 

How should humanitarians respond? Rely on ground-truthing from trusted sources, including your locally recruited staff and civil society partners. Adopt agency-specific guidelines on social media, including ways in which staff should engage with social media platforms. Provide consistent, transparent, public communications on your relief efforts and adherence to International Humanitarian Law and humanitarian principles. Drawing on the wide range of pre-existing, expert material, train staff to spot and report misinformation and disinformation. This training should be offered alongside broader efforts to improve digital and technology literacy for humanitarian aid workers writ large.

  1. 2. Cyber attacks on humanitarian agencies and digital surveillance

Humanitarian agencies are increasingly vulnerable to cyber attacks. In 2020, the Russia-backed group, Nobelium, which led the SolarWinds cyber attack – one of the largest in history – hacked into an email marketing account used by USAID and launched phishing attacks against other organisations. A quarter of those were agencies with a humanitarian, development, or human rights-focused mission. Analysts suspect Nobelium’s attacks were part of wider intelligence-gathering efforts by Russia to gain access and deeper insights into the foreign policies of Western governments and the civil society actors they support, particularly those critical of the Kremlin or supporting elections work in Europe.  

Digital surveillance is also cheaper and easier than ever. With little effort, threat actors can use advertising IDs to identify your location history and browser information. More advanced tools can extract other sensitive information, including address books and messages. This can expose the location, movements, and identities of aid workers, staff, and civil society partners and the communities they serve, increasing the risk of threats or harm against them. 

Most cyber attacks aren’t hugely sophisticated and draw on tried-and-true social engineering tactics, such as baiting, phishing, or scareware. Some risks can be mitigated with quality training and maintaining basic standards in securing mobile devices. Still, cyber security measures and targeted training for staff remain low priorities across the aid industry.   

How should humanitarians respond? Hope for the best but plan for the worst. Collect the minimum amount of data necessary to deliver life-saving services. Donors, including UN agencies and NGOs sub-granting to other actors, should place strict limits on the data they require of implementing partners. Destroy all data after it has served its purpose. The rights of data subjects and conflict-affected populations must remain paramount, and services should never be held or reduced for individuals unwilling or unable to share sensitive information, including personally identifiable information. Develop strategies to handle future cyber attacks, drawing on the guidance offered by experts like the Australian Cyber Security Centre, the UK’s National Cyber Security Centre (NCSC), and the US’ Cybersecurity & Infrastructure Security Agency. Include national partners and civil society in these strategies and extend tech support to them, as they often have fewer resources but face higher risks and greater threats of attack. Involve your IT departments and qualified tech staff in the design and delivery of emergency response operations. Improve the protection of mobile devices, and roll out mandatory training for all staff to reduce the threat of hacks and social engineering.

  1. 3. Cyber attacks on critical national infrastructure 

Attacks on critical national infrastructure – power stations and grids, healthcare providers, financial institutions, or water systems – can have a devastating impact on civilians as well as the aid agencies deployed to support them. Ukraine has long been a target of cyber attacks. The first successful cyber attack against a power grid to be reported occurred in Ukraine in 2015 and affected almost 225,000 people. 

Cyber attacks on Ukrainian infrastructure and institutions are reportedly on the rise. NATO member states – including the UK and the United States – and global tech firms like Microsoft, have warned of groups deploying destructive malware against organisations in Ukraine to destroy computer systems and render them inoperable. In response to this rising threat, the Ukrainian government is allegedly mobilising cyber militias to help defend the country’s critical infrastructure and support intelligence operations against Russian forces.

How should humanitarians respond? Be prepared for disruptions in utilities, public services, and financial systems. Work with local authorities to develop contingency plans to manage extended outages in public services, particularly water, sanitation, electricity, if and when services fail. When designing digital solutions to meet humanitarian needs – for example, electronic cash and voucher assistance schemes – ensure that risks of attacks on financial systems and institutions are adequately accounted for in the design of your programmes.

What to expect next? 

Parties to the conflict in Ukraine will continue to deploy a range of hybrid warfare tactics. The time for aid agencies to improve technological integration across the industry and upgrade their digital literacy is now. If aid workers can’t keep pace, they are likely to find it increasingly difficult to support and protect the civilians they are meant to serve. 

Share this article

Right now, we’re working with contributors on the ground in Ukraine and in neighbouring countries to tell the stories of people enduring and responding to a rapidly evolving humanitarian crisis.

We’re documenting the threats to humanitarian response in the country and providing a platform for those bearing the brunt of the invasion. Our goal is to bring you the truth at a time when disinformation is rampant. 

But while much of the world’s focus may be on Ukraine, we are continuing our reporting on myriad other humanitarian disasters – from Haiti to the Sahel to Afghanistan to Myanmar. We’ve been covering humanitarian crises for more than 25 years, and our journalism has always been free, accessible for all, and – most importantly – balanced. 

You can support our journalism from just $5 a month, and every contribution will go towards our mission. 

Support The New Humanitarian today.

Become a member of The New Humanitarian

Support our journalism and become more involved in our community. Help us deliver informative, accessible, independent journalism that you can trust and provides accountability to the millions of people affected by crises worldwide.

Join