Russia’s invasion of Ukraine has sparked one of the first wars in which amateur hackers from around the world can join the fray from their sofas.
The pro-Ukrainian hackers hope to shape the outcome of the economic and propaganda battle through a series of cyberattacks targeting the websites of Russian government agencies, financial institutions, media, and businesses. So far, hacktivist groups like Anonymous and a volunteer “IT army” of thousands organized by Ukraine have had modest success downing and defacing Russian websites. But the cyberwar threatens to escalate into a more serious conflict involving ransomware gangs or Russian and US state hackers.
Ukraine recruits an “IT army” on Telegram
The Ukrainian government has organized an “IT army” of amateur hackers from around the world, inviting anyone interested in launching cyberattacks against Russia to join a Telegram channel that now has 310,000 subscribers.
The Telegram channel mainly coordinates Distributed Denial of Service (DDoS) attacks, which aim to knock a website offline by flooding the site with visits from bots until its servers become overwhelmed. Generally, DDoS attacks are a minor nuisance—but they can keep people from accessing a website for a matter of hours or days until the website’s administrators identify the source of the attack and block its traffic. That’s harder to do when the attack is coming from hundreds or thousands of sources distributed around the world, as is the case with Ukraine’s global “IT army.”
IT army targets, including the websites for the Kremlin, the airline Aeroflot, and the bank Sberbank, have seen widely reported outages—but it’s hard for security researchers to independently verify who was responsible.
Meanwhile, Ukraine created a separate Telegram channel for would-be cyber warriors with no technical skills to contribute by spreading pro-Ukrainian messages on social media. On that channel, officials have pushed their 190,000 followers to share memes shaming companies that do business with Russia, spam the United Nations Educational, Scientific and Cultural Organization with demands to de-list Russian world heritage sites, and message prominent US journalists on Twitter and LinkedIn to demand NATO impose a no-fly zone over Ukraine.
Anonymous claims credit for leaks and hacked news websites
The hacking group Anonymous has joined the effort. On Twitter, the group claimed responsibility for leaking 360,000 files from Roskomnadzor, the Russian agency that oversees media censorship, and hacking Russian TV channels and streaming services to show images of the war in Ukraine. Security researchers have confirmed many of these claims, and documented cases where Russian databases have been encrypted and had their file names switched to variations of “putin_stop_this_war” and “HackedByUkraine.”
Russian state hackers and cyber gangs sit on the sidelines, for now
The cyber-skirmishes in the Russia-Ukraine war have been fought mainly by activists and amateurs engaged in relatively harmless vandalism, DDoS attacks, and memeing. But there’s a risk that the cyberwar could escalate if Russia’s cyber gangs join the fray.
Last year, Russian ransomware groups shut down the largest fuel pipeline in the US, the world’s biggest meatpacking plants, and thousands of American businesses over the July Fourth weekend. Now that the US is arming Ukraine and has already imposed severe economic sanctions against Russia, the country’s president Vladimir Putin may decide to sic Russian cyber gangs on big companies and key infrastructure in the US.
Those criminal hacks could then prompt US president Joe Biden to respond with direct cyberattacks against Russia, as he threatened to in July, raising the specter of both countries’ state hackers leveling crippling cyberattacks against each other.