Voluntary hackers act in conflict in Ukraine with no one in charge

Hackers came from all over the world. They took down Russian and Ukrainian government websites, spray-painted anti-war messages on Russian media homepages and leaked data on rival hacking operations. And they filled the chat rooms, awaiting further instructions and urging each other on.

The war in Ukraine has sparked a surge in cyberattacks by alleged volunteers unlike anything security researchers have seen in previous conflicts, creating widespread disruption, confusion and chaos. The researchers fear it could trigger more serious attacks by nation-state hackers, escalate warfare in the field, or injure civilians.

“It’s crazy, it’s crazy, it’s unprecedented,” said Matt Olney, director of threat intelligence at security firm Cisco Talos. “This will not just be a conflict between nations. There will be participants who are not under the strict control of any government.”

Online battles have blurred the lines between state-backed hackers and patriotic amateurs, making it difficult for governments to understand who is attacking them and how to retaliate. But both Ukraine and Russia appear to have welcomed tech-savvy volunteers, creating channels on the Telegram chat app to direct them to specific websites.

Hackers have participated in international conflicts before, in places like Palestine and Syria. But experts said those efforts attracted fewer participants. The hundreds of hackers now rushing to support their respective governments represent a drastic and unpredictable expansion of cyber warfare.

The involvement of voluntary hackers makes it more difficult to determine who is responsible for an online attack. Some of the hackers said they were Ukrainians living inside and outside the country. Some said they were citizens of other countries who were simply interested in the conflict. In some circumstances it was impossible to verify their identities.

Their attacks stand out from the sophisticated incursions made by nation-state hackers in recent years. While Russian government-affiliated hackers have quietly infiltrated US government agencies and Fortune 500 companies, these participants have proclaimed their loyalties and used simpler methods to take down or deface websites.

Their tactics appear to have been successful in some cases, but security researchers cautioned that it was unrealistic to believe that cyberattacks by voluntary hackers without specialized technical knowledge would play a key role in the military campaign.

“The ground invasion is advancing, people are suffering, buildings are being destroyed,” said Lukasz Olejnik, an independent cybersecurity researcher and former cyberwarfare adviser to the International Committee of the Red Cross in Geneva. “Cyber ​​attacks cannot realistically impact that.”

Ukraine has been more determined about recruiting a voluntary hacking force. On Telegram channels, participants applaud their collaboration with the government in chasing targets like Sberbank, the Russian state bank. From Russia, where links between the government and hacking groups have long raised fears among Western officials, there hasn’t been the same kind of call to action.

“We are creating an IT army,” Ukraine’s digital transformation minister Mykhailo Fedorov tweeted on Saturday, directing cybersecurity enthusiasts to a Telegram channel that contained instructions to take down Russian websites. “There will be chores for everyone.” As of Friday, the Telegram channel had more than 285,000 subscribers.

Inside the English Telegram main page for the Ukraine IT Army is a 14-page introductory document with details on how people can participate, including what software to download to mask their whereabouts and identity. Every day new targets are listed, including websites, telecom companies, banks and ATM processors.

Yegor Aushev, co-founder of Ukrainian cybersecurity firm Cyber ​​Unit Technologies, said he was inundated with notes after posting a request on social media for programmers to get involved. His company has offered a $100,000 reward to anyone who identifies flaws in the code of Russian cyber targets.

Aushev said there are more than 1,000 people involved in his effort, working closely with the government. People can only participate if someone takes responsibility for them. Organized in small groups, they aim to hit high-impact targets such as infrastructure and logistics systems important to the Russian military.

“It has become an independent machine, a distributed international digital army,” said Aushev. “The biggest hacks against Russia will happen soon,” he added, without elaborating.
A government spokesman confirmed the work with Aushev.

Finding out who is behind a cyber attack is always difficult. Groups falsely take credit or boast of a greater impact than actually occurred. But this week there has been a series of attacks on Russian targets. The country’s largest stock exchange, a state-controlled bank and the Russian Ministry of Foreign Affairs went offline for some time after being targeted by voluntary hackers from Ukraine.

The worst fears of military analysts and cybersecurity experts — that Russia would use devastating cyber attacks to bring down critical Ukrainian infrastructure such as energy, government services and internet access — have yet to occur.

However, the involvement of unofficial groups can quickly escalate and cause unintended consequences, experts have warned. A malware attack against a target can spread quickly and become uncontrollable, as happened during a 2017 attack on the Ukrainian government and company computer systems. Or a government may mistake an amateur attack for a state-backed one and decide to retaliate.

In neighboring Belarus, a hacktivist group called the Belarusian Cyber ​​Partisans said it had targeted train services in Belarus transporting Russian military supplies to Ukraine, although there was no independent verification that the work was successful.

Cyber ​​Partisans, formed in 2020 to oppose the authoritarian rule of Belarusian President Alexander Lukashenko, has become a model for hacktivists for leaking information from government and law enforcement databases.

After Russia began using Belarus as an invasion staging area, the group began working with Ukrainian activists, providing technical support and helping to recruit new volunteers.
“This is war and you fight back,” said Yuliana Shemetovets, a spokeswoman for Cyber ​​Partisans in the United States.