Report: Hacktivists take action online for Ukraine, cybersecurity experts cautious

Hackers from around the world have answered Ukraine's call for an IT army, but some are skeptical.

Photo by UP9/CC BY SA 3.0

The current war between Russia and Ukraine has happened in a time when anyone can instantly post for the world to see. People see the consequences of war on a wide scale through the internet and social media. In this digital age, the ways that battles are fought are changing. Online hacktivists have been waging their attacks in defense of Ukraine, according to The Verge

The online group known as Anonymous has already posted multiple videos claiming they are going after Russian sites and even Putin himself. But Anonymous isn’t an organized group. Instead, it’s the name for a loose movement of internet hacktivists devoted to a handful of broad human rights values.

This comes after Ukraine’s deputy prime minister posted a tweet saying that Ukraine would be recruiting for an “IT army” that the Ukrainian government will give operational tasks to fight on the “cyber front.” The Telegram channel is updated daily with jobs that the Ukrainian government wants to see accomplished online.

But it appears that Ukraine’s IT army and the Anonymous #OpRussia are engaging in different activities in the cyber arena. The Ukrainian IT army is more focused on DDoS attacks that will limit Russian functions, like a recent call to take down online banking in the Telegram channel on March 11. 

Some other actions taken by a group using the Anonymous moniker included stealing emails and documents from a Belarusian weapons manufacturer and making them available to the public through DDOSecrets. Another theft of documents came from Russia’s Space Research Institute and leaked information about Russian lunar missions. 

The most recent data leak of 800GB came on March 10 from Russia’s Federal Service for Supervision of Communications, Information Technology, and Mass Media. This is the organization that decides what is censored in Russia and was recently responsible for the removal of Instagram and WhatsApp from the country.

These data leaks don’t appear to be occurring in any kind of order. It just seems that the online activists want to deal blows to Russia in any way they can by leaking whatever information is available. But this may have negative consequences beyond the end of the current war, according to The Verge.

A DarkOwl analyst is quoted as saying the hackers are leaking “sensitive corporate information… You’ve got shipping addresses and account numbers… This can be used in more strategic espionage activity.” Outside of corporations, some of the leaks may contain information on regular Russian citizens who have no impact on the war.

“This flurry of action that we see right now is basically to vandalize and create as much chaos as possible,” American cybersecurity expert Jeremiah Fowler, who is currently based out of Ukraine, told The Verge. His worry is that innocent Russian citizens will become victims in the cyber warfare that is being waged by those claiming to work in Ukraine’s defense.

As this war moves forwards, it’s become clear that misinformation will run rampant from both sides of the conflict. Many reports of hacktivists circulating on social media have been hard to verify, such as the report that someone had hacked Russia’s broadcast channels to show news reporting the truth about the war in Ukraine. 

While state-ordered hacking is usually quiet and confidential, the hackers for Ukraine in the last two weeks have been proclaiming their successes loudly. So naturally, this plays into the flurry of action, allowing some hackers to have something to announce they won.

Another worry for some cybersecurity experts is the potential that these hacktivists could input a backdoor that is useful once the conflict is over. This could be used for profit and would be considered a criminal act.

Chester Wisniewski, a research scientist at Sophos, also spoke with The Verge and is worried that civilians aren’t aware of the consequences of their actions when hacking. “Civilians aren’t prepared to do that effectively… and I’m very concerned about that,” Wisniewski told The Verge.

Matt Olney, the director of threat intelligence at Cisco Talos, spoke with the New York Times. “It is crazy, it is bonkers, it is unprecedented… This is not going to be solely a conflict among nations,” Olney said. “There are going to be participants that are not under the strict control of any government.”

It’s unlikely that these hacktivists will impact the ground campaign unfolding in Russia. “The land invasion is advancing, people are suffering, buildings are being destroyed… Cyberattacks can’t realistically impact this,” said Lukasz Olejnik, a cybersecurity researcher.

But that won’t likely stop the hordes of people ready to defend Ukraine with their computer skills.