A Blog by Jonathan Low


Mar 15, 2022

How Ukraine's 300,000 Hacker Volunteers Are Disrupting Russia

The attacks are mostly useful because they force Russia to re-deploy skilled cybersecurity resources away from attacking Ukraine in order to defend their own homeland sites. 

This slows down the Russian assault on Ukrainian assets, giving the country and its allies more time to plan and a greater ability to defend its digital space, which has been crucial for both military and civilian uses. JL

Chris Stokel-Walker and Dan Milmo report in The Guardian, image Toby Melville, Reuters:

300,000 people who have signed up to a group on the chat app Telegram called “IT Army of Ukraine”, through which participants are assigned tasks designed to take the fight to Vladimir Putin. The hacker army has been successful in disrupting Russian web services. The websites of the Kremlin and the Duma – Russia’s lower house of parliament – have been “intermittent” since the invasion started. The sites for state-owned media services, several banks and Gazprom have also been targeted. Russia has attempted to mitigate the attacks and deter hackers by filtering access to websites, causing further disruption.

Kali learned how to use technology by playing with his grandfather’s phone. Now, the Swiss teenager is trying to paralyse the digital presence of the Russian government and the Belarussian railway.

Kali – and many others who contributed to this article – declined to share his real name because some of the action he is taking is illegal and because he fears Russian retaliation. He is one of about 300,000 people who have signed up to a group on the chat app Telegram called “IT Army of Ukraine”, through which participants are assigned tasks designed to take the fight to Vladimir Putin. In so doing, they are trying to level the playing field between one of the world’s superpowers and Ukraine as it faces bombardment and invasion.

The sprawling hacker army has been successful in disrupting Russian web services, according to NetBlocks, a company that monitors global internet connectivity. It says the availability of the websites of the Kremlin and the Duma – Russia’s lower house of parliament – has been “intermittent” since the invasion started. The sites for state-owned media services, several banks and the energy giant Gazprom have also been targeted.

“The crowdsourced attacks have been successful in disrupting Russian government and state-backed media websites,” says Alp Toker, the director of NetBlocks. He adds that Russia has attempted to mitigate the attacks and deter hackers by filtering access to certain websites, which has caused further disruption.

Like many of his peers, Kali was directed to the Telegram group, which has Ukrainian- and English-language versions, by Mykhailo Fedorov, Ukraine’s vice prime minister and minister for digital transformation. Fedorov, 31, has been using his vastly expanded Twitter profile to plead with executives at the world’s biggest tech firms to cut ties with Russia. On 26 February, he posted a link to the Telegram group, which was set up by his ministerial department. “We need digital talents,” he said. “There will be tasks for everyone.”

While his home country has long maintained a policy of military neutrality, Kali was spurred to action when he saw Fedorov’s tweet. “I wanted to help and use my attacking skills to help Ukraine,” he says via Telegram. “I’m from Switzerland, but I’m a strong hacker and I’m so sorry for every Ukrainian. I do it because I stand with Ukraine and I want to help somehow. I think if we hack Russia’s infrastructure they will stop, maybe, because nothing will work any more.”

Kali says his parents aren’t especially keen on what he is doing, although he tries not to tell them much about it. And he is not the only one.

Caroline, a twentysomething from the New York metropolitan area, told her parents she had enlisted into the IT army just hours before we speak on the phone. “They’re starting to get concerned,” she says.

Having watched in horror as Twitter and Instagram videos revealed the devastating impact the conflict is having on Ukrainian civilians, Caroline felt compelled to act when she saw Fedorov’s tweet. She had seen how destructive the spread of disinformation had been during Donald Trump’s presidential campaign. “The 2016 election was an eye-opener to the unfortunate effects of these things, and how it really does affect some of our relationships out in the real world.”

Mykhailo Fedorov, Ukraine’s vice prime minister and minister for digital transformation.
Mykhailo Fedorov, Ukraine’s vice prime minister and minister for digital transformation. Photograph: Ukrinform/Rex/Shutterstock

There was just one problem: she didn’t know what Telegram was. Unlike Kali, the former preschool teacher isn’t much of a hacker. At first, she was concerned that the app – which was founded by the exiled Russian billionaires Pavel and Nikolai Durov – was a trap. But, after some research, she downloaded it and joined the group.

She felt out of her depth when the group’s administrators asked for hackers to bombard Russian state websites with distributed denial of service (DDoS) attacks, by which websites are bombarded with traffic to make them unreachable. This is how many Russian government websites have been disabled since the invasion began.

But Caroline realised things were getting lost in the torrent of information. Messages in the Ukrainian-language version of the group, for instance, can rack up hundreds of comments in less than an hour. So, she has been helping the English-language group by collating information for a website on how to support Ukraine and fight Russian disinformation campaigns. “I enjoy acting as that filter – as that wind to push the sails in the right direction,” she says.

She spends hours every day sharing information in the Telegram chat to help the masses of subscribers. “I can’t explain it,” she says. “It’s just something that’s so innately human that has been inspiring me, the more involved I get. I recognise I’m not special by any means, so all I’m doing is gathering all this information to try to dismantle these campaigns of disinformation that are going on.”

Enrique is a Lithuanian IT expert in his mid-30s. He felt that joining the Telegram group was “the right thing to do”. “Growing up with your parents telling you stories about how they were exiled to Siberia lives with you your whole life,” he says. “We are scared that we will be next.”

He had largely overlooked the Russian occupation of the Donbas, an area in eastern Ukraine that Putin’s army invaded in 2014 and claimed as Russian territory. But as the news became more urgent on Lithuanian television, he couldn’t ignore the situation any longer. He is less focused on wrecking the Russian internet and more on co-opting ordinary Russians to rise up against their dictator.

“I hope the world can put pressure on Russian people so much that they would be willing to re-evaluate their upbringing, understand that people are asking them to help, look at what is really happening and perhaps they will rise up that way,” he says.

Enrique has been inspired by the bravery of the Ukrainian people. That includes those who have taken to the streets to defend their country – and those who have taken to their keyboards. Ukraine has 290,000 people who work in IT and is the world’s outsourcing tech desk. While many of them have given up their day jobs to fight for the army, others have signed up to the IT army.

That includes Sam, who works for a global advertising-technology company. He has been using his expertise to send what he calls “counter-propaganda” to Russians through advertising platforms. “We’ve been in a hybrid war and a direct war with Russia since 2014,” he says. “It was the same, but on a smaller scale. We understand how Russia acts: they do propaganda here, then inside their country, then try to share their vision to the global community.”

The Ukrainian advertising industry has sent what Sam calls “aggressive” videos that show captured Russian soldiers pleading with their mothers and trying to convince them about the reality of war in Ukraine. Others highlight the impact of sanctions on Russia and the strength of the Ukrainian army. “They will move everyone to act,” says Sam.

About 100 advertising specialists from 50 agencies are designing and disseminating adverts to try to raise awareness within Russia and Belarus of what Russia is doing, ducking and diving around advertising bans and platform closures.

Enrique has been impressed by the teamwork of the volunteer IT army. “I have never seen so many people wanting to do something in my whole life,” he says. “You ask for participants to crash something [break it] or run something and you have it.” The immediacy of social media – and the thrill of seeing instantaneous results – has become intoxicating. “Everything is live,” he says. “Everything is being streamed to everybody. Everything is online and easy to understand how to damage.”

Alex, a Ukrainian software engineer, says the Telegram group is mostly used for DDoS attacks. “I wish there were more things to do in terms of helping the IT part [of the war].” He doesn’t want to cut off Russia from the internet, but rather find a way of showing Russians images of the war.

This is what Anonymous, a hacking collective, claimed to have done with Russian TV channels this month. “My ideal way would be to do something that will demonstrate the truth for [Russians],” says Alex. However, suggestions for DDoS attacks are eagerly carried out. When links for target websites go up in the Telegram group, he says, “all of them are down” within half an hour.

Some cybersecurity experts are worried, though. “There are some risks in having this volunteer army,” says Alan Woodward, a professor of cybersecurity at the University of Surrey. He is concerned about the lack of accountability regarding who is directing the battle plan and the overarching strategy. “At best, what they’re doing is running interference,” he says. “It may be a nuisance to the Russians, but the attacks we’ve seen so far haven’t really affected the Russian fighting capability to any decisive effect.”

Woodward says an army of 300,000 hackers will invariably include some bad seeds. “These volunteers might start attacking targets that are not really what the Ukrainian government wants,” he says. “This could be accidental. How often has ransomware spilled over and affected, say, a hospital? I don’t think anyone wants that.”

There is also a risk that such an open call could easily be co-opted by the Russians to generate negative headlines. “You never quite know who is in a volunteer group,” he says. “Not only could they do something unwanted in the name of Ukraine, but they could also do something that plays directly into the Russians’ rhetoric.”

The fear of infiltration is something that also concerns Agnes Venema, a national security and intelligence academic at the University of Malta. “How useful they are depends on how well you can vet them, how well you can coordinate them and how skilled they are,” she says. “Renaming Putin’s yacht is cute, but does the hacking of Russian television stations to play the Ukrainian anthem help the Ukrainians achieve their strategic goals?”

Despite her misgivings, Venema finds the corralling of volunteer forces remarkable. “I’m not one for throwing superlatives around, but I would say this level of civic engagement is unprecedented,” she says. Nonetheless, she says, it could quickly backfire. As soon as hackers start taking orders from the Ukrainian army, they drop their status as civilians and could be considered combatants, she says. “That means that these people are legitimate military targets,” she says.

Whether those defending Ukraine’s right to exist know or worry about that is another question. “I don’t care about it,” says Kali, who as we spoke was trying to DDoS a Russian news website that the Ukrainian IT army administrators had flagged as a source of disinformation. “I’ve never worried about it.”


Post a Comment