International hackers answer Ukraine’s call to launch cyber operations against Russia

As Russian artillery bombarded Ukraine’s infrastructure on Sunday, one of the country’s most senior government ministers issued an unusual call to arms.

The world was already supplying Ukraine with anti-tank missiles and military intelligence, but Vice Prime Minister Mykhailo Fedorov, tweeting a link to a public channel on Telegram, also called for hackers and tech specialists to join the “cyber front”.

While crowdsourcing cyber operations have been linked to conflicts in the past, the size and public nature of this campaign are largely unprecedented.

“In the past, we’ve had much smaller rudimentary groups doing this, and they tended to be associated with one of the conflict groups,” said Australian strategic analyst Alan Dupont. 

“This is a clearly different phenomenon. We haven’t seen it before at this level.

“It is fascinating how cleverly and adroitly Ukraine has mobilised these cyber groups and weaponised them against the Russians, who are meant to be the world-leaders in this area.”

The war in Europe’s east is already seeing an online tit-for-tat and experts are concerned volunteerism could have unpredictable consequences.

Hacker collective Anonymous claimed credit for several cyber attacks, including launching distributed denial of service attacks (DDoS) — in which a website is bombarded with traffic and rendered unreachable — against pro-Kremlin Russian media.

While many Ukrainian citizens were picking up assault rifles and crafting molotov cocktails in a ground war, volunteers were also joining the fight online.

An Anonymous supporter wears a Guy Fawkes mask
Hacker collective Anonymous, famous for their Guy Fawkes masks, declared it would launch cyber attacks against Russian interests.(Reuters: Peter Nicholls)

Since launching at the weekend, one public Telegram channel, the IT ARMY of Ukraine Telegram channel, has grown to more 265,000 subscribers — it is unlikely every account in the group is genuine.

The channel encouraged sympathetic volunteers to target state services and Russian businesses, including energy provider Gazprom and cryptocurrency exchanges connected to Russian banks, with DDoS attacks.

The IT ARMY of Ukraine also asked subscribers to mass report Russian YouTube channels “that openly lie about the war in Ukraine” for terms of service violations.

The ABC has been unable to attribute all cyber incidents to specific Ukrainian supporters.

It’s not the only example of cyberwarfare crowdsourcing. The Security Service of Ukraine’s Telegram posted on Monday it created a chat bot for tips about Russian online vulnerabilities.

Yegor Aushev, co-founder of Kyiv-based tech company Cyber Unit Technologies, said he had also joined the fray.

Multiple media outlets reported the cyber security expert declared on a domestic hacker forum: “Ukrainian cyber community! It’s time to get involved in the cyber defence of our country.”

A soldier stands behind a young woman teaching her how to shoot a Kalishnakob assault rifle.
An instructor trains a woman to shoot a rifle at a shooting range near Kharkiv.(AP Photo: Evgeniy Maloletka)

He asked for tech specialists to respond to his call with a resume and told the ABC, in written correspondence, many have answered the call — some based outside of Ukraine.

“So far we have around 1000+ hackers, this number is growing and they’re just starting their work,” he said.

“Presidents of different countries don’t want to fight against Russia together with us but people from these countries are ready.”

The ABC was unable to independently verify this claim.

On Monday, Mr Yeshov tweeted his company would pay up to $100,000 in cryptocurrency to hackers who could identify bugs in Russian software.

A history of cyber violence

Russian state and patriotic hackers are among some of the most notorious perpetrators of computer intrusions in the world.

They’ve been blamed for cyberattacks and disinformation campaigns across Europe and Asia and were identified as the actors behind hacked emails belonging to the Democratic National Committee (DNC) ahead of the US Presidential Elections in 2016.

Ukraine is no stranger to being the target of digital subterfuge.

The country’s power grid was hacked in 2015 and 2016. A year later, a powerful malware called NotPetya wreaked havoc on Ukraine’s banks, airports and energy firms.

NotPetya was later linked to Russian intelligence by the US, who brought charges against at least four of the malware’s developers.

Weeks before Russian tanks rolled into the country, the websites for Ukraine’s defence ministry, its army and two state banks were reportedly taken down in an apparent DDoS attack.

A “wiper” malware — which deletes information from computers in targeted networks — was also unleashed on the eastern European nation.

Vladimir Putin surrounded by Russian military generals in uniform
Hackers linked to Russian President Vladimir Putin have been responsible for high-profile cyber attacks across the world.(Reuters: Mikhail Metzel )

When Russian President Vladimir Putin’s troops moved into Ukraine and economic sanctions began ramping up, one of the world’s most prolific ransomware gangs, Conti, announced in a blog post it would defend Russia.

“If anybody will decide to organise a cyber attack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” the group said.

Conti was last year the number one cyber extortion threat in Australia and New Zealand, according to Australian cyber security company CyberCX.

Cyber security outlets reported on Monday that an enormous cache of internal chats between Conti members had been leaked, in an apparent retaliation to its support for Russia.

The ABC has been unable to verify the authenticity of the leak.

Cyberwar could reach Australia

The digital skirmishes between Ukraine and Russia could impact Australia in two ways, said CyberCX chief security officer Alastair MacGibbon, who previously worked as cyber security advisor to former prime minister Malcolm Turnbull.

“One is the Russian state carrying out a cyber attack against Ukraine where the spill-over spreads laterally and ends up affecting countries like Australia… we saw that in 2017 with the NotPetya malware.

“The other is the risk that Russian nationalists or crime groups, like Conti, increase disruption efforts around the world.”

A bald man wearing glasses is speaking to silhouetted figures.
Former Australian Cyber Security Centre boss and now chief strategy officer for CyberCX Alastair Macgibbon.(ABC News: Matt Roberts)

Robert M Lee, founder of US cybersecurity firm Dragos, urged caution to those hoping to participate in crowdsourced cyber activities for Ukraine.

He said offensive cyber activities against targets in Russia were unlikely to change the ground war for Ukraine at this point.

“There is no amount of cyber [activity] that’s going to stop a tank,” he said.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *