Ukrainian "IT Army", the dangerous reality of volunteering

When Russia invaded Ukraine, the Ukrainian government was already thinking of another way to counterattack.

On February 26, Ukraine's Minister for DX (Digital Transformation) Mikhailo Fyodorov launched the "Ukrainian IT Army". It's an unprecedented attempt to call on hackers around the world to attack Russia for Ukraine. The Ukrainian IT Army has become the most prominent force in this complex cyber conflict, characterized by a mix of players, unverifiable sabotage claims, and very little visible hacking activity. ing.

In fact, in the first week of the war, there was little evidence of hacking activity. Rather, the Ukrainian IT Army and all other groups expressing their willingness to attack cyber were busy with the propaganda war that affected not only Ukraine and Russia, but the entire world.

Experts point out that Ukraine's strategy of seeking help from an international hacker group makes sense for a country's move into a corner. Those who wish to join the IT Army are invited to a Telegram channel, and a series of messages provide a clear purpose. Targets of hacks and DDoS (Distributed Denial of Service) attacks are listed along with documents explaining how to deploy information warfare for the Ukrainian camp. The list includes government and financial institutions, clearly stating that it is aimed at Russia's critical infrastructure. So far, more than 270,000 people have subscribed to the Telegram channel.

A group of hackers who operate numerous ransomware have also expressed their intention to participate in the conflict. But, again, although the message (to hack) was quickly reported, neither group carried out a visible and supportable attack. A group of hacktivists (hackers hacking for political claims), such as Anonymous, have argued their involvement, including alleging that they have invaded the Kremlin's database. Was immediately denied. However, exaggerated statements and false information spread as well as wildfire. Scammers, liars, and scammers are spurring the turmoil of war.

This turmoil extends to big groups and groups organized by the government. "Belarus Cyber ​​Partisans" is a dissident hacking group with a track record of actual activities in their own country. They claim to have launched attacks on both cyber and physical infrastructure to disrupt the railroads that transport military forces, but this is not supported.

The Ukrainian cyber resistance group, organized by Ukrainian Ministry of Defense officials, says it is targeting railways and power grids in Russia. This is also a bold claim, but there is no evidence. Experts believe that very few countries have cyber-attack capabilities that can affect the power grid.

Ghostwriters, a hacking group associated with Russia and Belarus, have been found to target Ukrainian politicians and military personnel, but have not achieved significant results so far. Hours before the invasion, an unknown hacking group used devastating wiper-type malware against a target set by the Ukrainian government, according to Jean-Ian Bhutan, director of threat research at cybersecurity company ESET. However, it remains unclear what kind of effect it had.

What is really happening in Russia? He applied to an expert at Carpelsky, the country's largest cybersecurity company, but was rejected. But something is happening. Russia's Foreign Ministry spokesman Maria Zakharova recently told Russian media that Russia was being attacked by "Ukrainian cyber terrorists."

"It's the first time we've seen so many different players (in cyber conflicts)," said Adam Mayers, director of CrowdStrike, a US cybersecurity firm.

But what is the real value of a website that has been leaked or malfunctioned from its database when millions of people in urban centers across Ukraine are being bombarded? How much impact did this international "army" really have? I can't say anything. When the Ukrainian IT Army lists a particular IP address, its target often goes down. That is also relatively early. Many Russian sites currently refuse all connections from abroad and operate only within Russia. To defend against international attacks on an unprecedented scale in history.

DoS attacks are technically simple and not difficult to recover. It is far less destructive than Russian missiles that attack the center of the city and Ukrainian Molotov cocktails that repel invading forces.

All of this affects the information warfare in Ukraine, Russia and the world. The cyberattacks on Ukrainian government and financial institutions that Russia carried out before the invasion seemed to have been aimed at losing confidence in Ukrainian leaders. Similarly, the Ukrainian government's downfall of the Russian government's site is a Ukrainian-style information warfare that seeks to send its own message to Russia. Ukraine, which has almost completely besieged its capital, continues to resist on the ground and in cyberspace with support from the West, an important lifeline.

"Cyber ​​is one of the weapons used in war and espionage," says Mayers. "There is an open armed conflict. (The Ukrainian government's call to hackers around the world) asks foreigners to come to Ukraine, pick up Kalashnikov guns and fight Russia on the ground. It's no different from being there. "

On the other hand, in Washington and London, the situation looks a little different. Western governments have long blamed cyberattacks from within Russia. What's happening now that Ukraine is openly seeking help from hackers?

"The US government says,'We don't allow hacktivists to use US routers to launch DDoS attacks on Russian propaganda sites,' but Russia wouldn't believe it." Michael E. Van Landingham, a former Russian analyst at the Central Intelligence Agency (CIA), said. "Russia uses cyber tools as an extension of state power, and Russian leaders see much as a mirror image: attacks from Anonymous and Western hacker groups as attacks driven by the Western government. You will recognize. "

Many cyberattacks promoted by the Ukrainian IT Army are clearly crimes in the United States and other Western countries. But this situation highlights not only legal issues, but also new moral and geopolitical issues.

"Western governments should strictly enforce laws prohibiting hacking against anyone who modifies Russian sites, launches DDoS attacks, or attempts to commit any illegal activity in cyberspace. That's what former analyst Van Landingham says. "It's the only way to show that it's not a CIA plot or an attack by the US Cyber ​​Command. It's about showing who the culprit is and what we're doing."

In a chaotic situation, the unverifiable large-scale cyber operation that took place at the same time as Russia's invasion of Ukraine has become one of the major mysteries that stands in the way of the entire war. Russia has launched a devastating cyberattack on Ukraine in recent years, but has been sticking to traditional ground wars since the invasion. As the war prolongs, the question of whether Russia could switch to a cyberattack in the coming weeks or months becomes a new issue.