Something shifted in the last 48 hours and I’m still processing it.

The geopolitical situation between Russia and Ukraine has been escalating for weeks, but what I want to focus on is the cyber dimension. Not because the physical dimension isn’t more important—it obviously is—but because what’s happening online represents a fundamental change in how technology intersects with conflict. And our industry is directly implicated.

The cyber front opens first #

On February 23rd, a major cyberattack hit Viasat’s KA-SAT network. The attack targeted satellite modems serving Ukraine, knocking out internet access across the country. But satellite beams don’t respect borders. The same attack disrupted Viasat terminals across Europe, including in Germany, where it knocked out remote monitoring of approximately 5,800 wind turbines operated by Enercon.

That last detail is the one that should concern technologists.

A cyberattack aimed at Ukrainian communications had collateral damage on renewable energy infrastructure in Germany. The attacker almost certainly didn’t intend to disrupt German wind turbines. They just happened to share the same satellite network.

This is what cyber collateral damage looks like. It’s not theoretical. It happened today.

Crowdsourced cyber warfare #

What makes the current situation unprecedented isn’t state-level cyber operations. Those have existed for years. Russia’s Sandworm group—GRU Unit 74455—has been conducting cyber operations against Ukraine since at least 2015, including the NotPetya attack that caused an estimated $10 billion in global damage.

What’s new is the crowdsourcing.

Over the past several days, calls have gone out on social media and messaging platforms for volunteer hackers to participate in cyber operations on both sides of the conflict. Telegram channels coordinate targets. GitHub repositories distribute DDoS tooling. Participation requires nothing more than an internet connection and a willingness to run a script.

This is categorically different from anything we’ve seen before.

Previous cyber conflicts were conducted by trained operatives working within military or intelligence structures. They had chains of command, operational security, and—theoretically—rules of engagement. Volunteer cyber forces have none of these.

The implications are uncomfortable.

When a 19-year-old in Brazil runs a DDoS script against a Russian government website, are they a combatant? When a coordinated Telegram channel directs attacks against critical infrastructure, who bears responsibility for civilian harm? When volunteer hackers accidentally take down a hospital’s IT system while targeting a government network, what’s the legal framework?

International humanitarian law has no clear answers to these questions.

The technology industry’s role #

Here’s where I think our industry needs to have an honest conversation.

The tools being used for crowdsourced cyber operations were built by the open-source community. DDoS tooling, network scanning utilities, exploit frameworks—these are dual-use technologies. They exist for legitimate security research and testing. They’re also trivially repurposable for offensive operations.

GitHub is hosting repositories with attack tooling. Telegram is hosting coordination channels. Cloud providers are hosting command-and-control infrastructure. None of these platforms intended to facilitate cyber warfare. But their platforms are being used for exactly that.

I don’t have a clean policy recommendation here. Taking down attack tooling repositories pushes coordination to less visible channels without stopping the activity. Content moderation at the speed of conflict is basically impossible. And the dual-use nature of security tools means any policy broad enough to prevent misuse would also prevent legitimate security research.

What engineers should think about #

I’m not a policy expert. I’m an engineering manager at a large tech company. But I think engineers have a responsibility to think about the second-order effects of the systems we build.

When you build a platform that enables coordination at scale, how does it perform when the coordination is for something you didn’t anticipate? When you publish security tooling, who else might use it? When you design systems with global reach—satellite networks, cloud infrastructure, content platforms—what happens when they become targets or vectors in a conflict?

These aren’t hypothetical questions anymore. They’re happening right now.

The Viasat lesson #

The Viasat attack illustrates a principle that cybersecurity professionals have been warning about for years: interconnected systems create interconnected vulnerabilities.

The Ukrainian military’s satellite communications and a German wind farm’s monitoring system were never supposed to be related. But they shared infrastructure, and when that infrastructure was attacked, both were affected.

As we build increasingly interconnected systems—IoT networks, cloud platforms, satellite constellations, global content delivery—the blast radius of any single attack grows. A conflict in one region can cause cascading failures across continents, not through deliberate targeting but through shared dependencies.

No clean conclusions #

I started this post saying I’m still processing. That’s honest. The situation is evolving faster than anyone’s ability to analyze it.

What I do know: the barrier to participating in cyber conflict has dropped to zero. The tools are free and available. The coordination channels are open. And the legal and ethical frameworks that might govern this kind of activity simply don’t exist yet.

That last point scares me the most.

We’re running a global experiment in crowdsourced cyber warfare with no rules, no accountability structures, and no precedent to guide us. The technology enables it. The geopolitics motivates it. And nobody—not governments, not platforms, not the international legal community—is prepared for what happens next.

For those of us who build technology: pay attention. The systems we create are now tools of geopolitical conflict. Whether we like it or not, that’s the world we’re building in.