"Vladimir Putin’s attack on Ukraine has been met with fierce resistance throughout the country’s towns and cities. As Russian forces have moved closer to Kyiv, lawyers, students, and actors have taken up arms to defend their country from invasion. They are not the only ones: Volunteers have also flocked to join a Ukrainian volunteer “IT Army” that’s fighting back online.
At around 9 pm local time on February 26, Ukraine’s deputy prime minister and minister for digital transformation, Mykhailo Fedorov, announced the creation of the volunteer cyber army. “We have a lot of talented Ukrainians in the digital sphere: developers, cyber specialists, designers, copywriters, marketers,” he said in a post on his official Telegram channel. “We continue to fight on the cyber front.”
Ukraine has seen other volunteer-organized cyberdefense and attack efforts leading up to and early in the war effort. Separately hacktivists, including the hacking group Anonymous, have claimed DDoS attacks against Russian targets and taken data from Belarusian weapons manufacturer Tetraedr. But the development of the IT Army, a government-led volunteer unit that’s designed to operate in the middle of a fast-moving war zone, is without precedent.
The IT Army’s tasks are being assigned to volunteers through a separate Telegram channel, Fedorov said in his announcement. So far more than 175,000 people have subscribed—tapping Join on the public channel is all it takes—and multiple tasks have been dished out. The channel’s administrators, for instance, asked subscribers to launch distributed denial of service attacks against more than 25 Russian websites. These included Russian infrastructure businesses, such as energy giant Gazprom, the country’s banks, and official government websites. Websites belonging to the Russian Ministry of Defense, the Kremlin, and communications regulator Roskomnadzor were also listed as potential targets. Russian news websites followed.
Since then the IT Army channel has expanded its scope. On February 27, it asked volunteers to target websites registered in Belarus, one of Russia’s key allies. The channel has also told subscribers to report YouTube channels that allegedly “openly lie about the war in Ukraine.”
One former Ukrainian official who has knowledge of the IT Army’s organization says it was formed as a way for Ukraine to hit back against Russian cyberattacks. Russia has significant hacking capabilities: Wiper attacks hit a Ukrainian bank in the buildup to the invasion, and government websites were knocked offline. “Our country didn’t have any forces or intentions to attack anyone. Therefore, we made a call,” the former Ukrainian official says. “We already know that they are quite good at cyberattacks. But now we will find out how good they are in cyberdefense,” the former official says.
“For a country that’s facing an existential threat, like Ukraine, it’s really not surprising that this sort of call would go out and that some citizens would respond,” says J. Michael Daniel, the head of the industry group Cyber Threat Alliance and former White House cyber coordinator for President Obama. “Part of it is also a signaling exercise. It’s signaling a level of commitment across the country of Ukraine to resisting what the Russians are doing.”
The impact of the IT Army is hard to gauge thus far. While thousands of members have joined the Telegram channel, there is no indication of who they are or their involvement in any response. The channel has shared screenshots of some Russian websites allegedly being taken offline, but it’s unclear how successful these efforts have been or where they originated from.
While many nations around the world have offensive hacking capabilities, these are mostly shrouded in secrecy and run by intelligence agencies or military units. The IT Army will likely instead take on defensive tasks to free up Ukraine’s government hackers. “It really is true that even in this age of automation and other things, additional bodies will make a big difference,” says Daniel.
The challenge now will be to effectively corral those newfound resources. The former Ukrainian official says the IT Army is being coordinated through a Telegram channel as it is an easy way to broadcast messages to thousands of people at once. They say those working on the IT Army behind the scenes are doing so in more-secure messaging services, although they decline to say which ones. “We are trying to use any help to protect our country and people,” they say.
“Managing the organization and logistics is a challenge in itself,” says Lukasz Olejnik, an independent cybersecurity researcher and consultant who previously acted as a cyberwarfare adviser at the International Committee of the Red Cross. He says there are questions around how to vet volunteers, distribute targets, and avoid infiltration.
Who exactly Ukraine recruits will have the most bearing on what tasks the IT Army takes on. But it’s likely to encompass the DDoS attacks that have been called for thus far, and potentially helping protect critical infrastructure. “The idea that you’re going to grab this ragtag group of folk, even if they have an extensive pen testing background, that they’re going to somehow hack into the Kremlin’s networks and get valuable intelligence that’s going to change the course, that’s fantasy,” says Jake Williams, an incident responder and former NSA hacker. “DDoS and defensive is probably more important for Ukraine right now than offensive.”
It will also be important for the group to avoid any misfires. Launching more sophisticated cyberattacks—such as a worm, which can self-propagate from one system to the next—would also risk spillover incidents, where the impact of a cyberattack goes well beyond its intended target. “You could take anything from emergency services, health care systems, or other things offline without meaning to. Which both has an immediate impact—you could hurt civilians inside Russia—and it could also inadvertently escalate things if the Russians perceive that as a direct order, the direct intent of the Ukrainian government, and they escalate and respond in kind,” Daniel says. That caution applies as well, and perhaps even more so, to independent hacktivist groups like Anonymous, which has vocally joined the fray. Russia-based ransomware group Conti has said it would use its “full capacity” to retaliate if the West attempted to target critical infrastructure in Russian or “any Russian-speaking region of the world.”
The government-backed IT Army builds on other Ukrainian hacking efforts. On February 25, Yegor Aushev, who has founded multiple cybersecurity companies in Ukraine, made the first call for volunteers. “” Aushev wrote in a post on Facebook, which was first reported on by Reuters. Those wanting to offer their skills could sign up using a Google Form—they could be involved in defense or attack. Volunteers were asked how many years’ experience they have in 12 specific areas, ranging from open source intelligence gathering and social engineering to malware development and DDoS operations. Those signing up were also asked to provide the name of a trusted reference who could vouch for their credibility."
Reference: https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/
