Sean (left) and Dahmer (right), RUH8 hacktivists. Photo: Euromaidan Press
On 25 October, the contents of the hacked mailbox of Vladislav Surkov, advisor to Russian President Vladimir Putin, made headlines all over the world. Known as #SurkovLeaks, the 1GB email dump [email protected], apparently managed by his assistants, was confirmed to be authentic by the Atlantic Council’s Digital Forensic Lab and Bellingcat.
This first hack of a senior Russian officials’ mailbox gave additional evidence for the Kremlin’s extensive involvement in orchestrating and funding so-called “separatist” movement, and consequently, war in Ukraine’s Donbas. It serves as a good supplement for other proof of such evidence, like the Glazyev tapes and Informnapalm’s OSINT report on Russian military equipment in Donbas.
- Read more: Ukraine publishes video proving Kremlin directed separatism in eastern Ukraine and Crimea
- Donbas “separatists” got 33 types of military systems from Russia – report
The Ukrainian hacking group CYBERHUNTA took responsibility for the hack.
However, many journalists and experts have voiced a theory of the CIA’s involvement in the hack, as promised “unprecedented cyber covert action against Russia” after the alleged Russian hacking of the Democratic party’s computer networks. We set theory aside and met in Kyiv with Dahmer and Sean, hacktivists from RUH8, the most media-welcoming representatives of the Cyberalliance, to find out more about the cyberwar, their plans, and what they think of the CIA and Wikileaks.
When was RUH8 created?
In mid-2014, somewhere around spring-summer. We had each our own skill sets at that time, being involved in information security. Then we understood that the government needs our help because there were no specialized departments in the security service or military intelligence. We saw they needed help with obtaining information.
Tell us how the war is manifest in cyberspace.
Cyberwar, or infowar, is a wide topic. We are involved in the technical aspects of this war.
What is this technical aspect?
Our main goal is to obtain full information and cause collateral damage to our enemies with the help of social engineering, special programs, or technical means.
Do you describe yourself as hackers or hacktivists? What’s the difference?
The term “hacker” is pretty diffuse. Journalists or information security products salespeople like to use it. I think we’re hacktivists first of all.
What is a hacktivist?
A hacktivist is a hacker who is working in the interests of his own country or social group. We’re working in the interest of our country.
What is your goal? Which interests of the country specifically are you working towards?
Our interests are written in the Constitution: each citizen of Ukraine must defend its independence and territorial integrity at all costs.
You are part of the “Cyberalliance.” Tell us about it
Cyberalliance is a quasi-organization with the participation of several groups – RUH8, Trinity, Falcon Flames, Cyberhunta. There are structures affiliated to the hackers – the Myrotvorets site, Informnapalm analytical agency.
How do you conduct your operations? Who does the planning?
Each unit in the Cyberalliance functions separately. It outlines and implements its own goals. But there are moments when we do act together – when somebody has special knowledge that will be useful for the whole team.
Are there any hacktivists outside of the “Cyberalliance” pursuing the same goal as you?
There are some, but they don’t make contact with us and don’t coordinate their actions.
What operations have you conducted before? Which are the most successful ones?
Our operations started back in 2014. Overall, it was about obtaining information about separatists and traitors who were on ORDLO territory. This data was passed over to our special services. We made a present for Vladimir Putin on his birthday in 2014…
Proclaimed him the independence of the Astrakhan Republic, so he would feel a bit of what we felt and keep feeling throughout three years already. We hacked Russia’s Channel 1, the Orenburg State Duma, [conducted] Op256th day. Obtaining information, creating collateral damage, defacing sites. Creating problems.
The cyberalliance is known for conducting a range of hacktivist operations starting from 2014.
One of the early operations was on 7 October 2014, when the hacktivists broke into a number of “DNR” websites and defaced the site of the Duma of Russia’s Astrakhan Oblast to display its “decision” to secede from Russia.
Apart from Surkov leaks, they have broken into the phone gadgets of Motorola, a notorious Russian separatist warlord, obtaining evidence that his death was the result of an operation of the Russian special services. But they are most known for operations to destroy websites related to the separatist “republics” in Donbas and Russian propaganda sites. The operations, scheduled around memorable dates, include: #op256thDay (Programmer’s Day), #opDay28 (Ukraine’s Constitution Day, 17 sites destroyed), #opMay18 (on the eve of the Day of the deportation of the Crimean Tatars by Stalin, the commemoration of which the occupation government of Crimea has effectively prohibited for the third year in a row, the hackers displayed a forged message from Sergey Aksenov, the puppet governor of Crimea, on an official website. In it, the pseudo-Aksenov stated that he is looking forward to Eurovision being hosted in the Ukrainian Crimea), #opMay9, in which nine “DNR” propaganda sites streamed videos about the Ukrainian contribution to t, he victory over Nazism on Victory Day.
On 29 April 2016, the Cyberalliance released a video addressed to the administrators of the websites they destroyed, urging them to stop using the “information space for lies and terror,” and to Ukrainians: “Support each other. Together we are a force that will win the war against the vile and deceitful enemy.”
Do you have a Code of Honor? Your group, the “Cyberalliance”?
Yes we do, and you’ll be surprised – it’s grounded on universal human qualities. Honor, dignity, but in an amplified state.
Some journalists have assumed that you are affiliated with Ukraine’s security service (SBU). Could you please comment on that?
We’re not affiliated with the SBU in any way, except for us giving their specialized departments some information that we obtain. Either to the SBU or the military intelligence.
The DNC hack in the USA is considered to be a Russian government operation. Did we have any such Russian operations against Ukraine?
Well, there are some, but they weren’t very publicized. For instance, “Yarosh’s card” from the elections [in which Ukraine’s central elections committee servers were hacked to briefly show the faked victory of the far-right candidate Dmytro Yarosh, a picture widely circulated on Russian TV, which pedals the Kremlin myth of the “fascist junta” ruling in Ukraine at any possible occasion – Ed.]. Or the Ivano-Frankivsk blackout [on 23 December 2015 – Ed.]. The Cyberberkut…
Some western experts assumed that the Surkov leaks were a result of the USA’s special services helping Ukrainian hackers as revenge for the DNC leak. Could you comment on that?
Let’s understand that Ukrainian hackers and Russian hackers once constituted a single very powerful group. Ukrainian hackers have a rather high level of work. So the help of the USA… I don’t know, why would we need it? We have all the talent and special means for this. And I don’t think that the USA or any NATO country would make such sharp movements in international politics.
When will you host the dump for “Shatun” operation?
A bit later, but soon. Cyberhunta is managing this question. [“Shatun” is an alleged Kremlin operation to destabilize Ukraine to provoke early parliamentary and presidential elections, as well as separatism in Ukraine’s regions. While Cyberhunta published scans describing the operation on their site, describing them as having originated from Surkov’s mailbox, no corroborating evidence has yet been provided – Ed.]
Is it possible to forge a dump of a mailbox? What should journalists pay attention to?
Each email has its unique digital signature which is generated as a result of many criteria. It’s like a fingerprint – unique for each user. You can fake an image, a text document, but we know that there exist many organizations which deal with establishing the authenticity of those. I wish them luck.
What do you think of Wikileaks? Have you offered to host Surkovleaks there?
No, we didn’t offer them that, I don’t see any sense in this. We have our own analytical organizations, like Informnapalm, which does a good job at this. In my opinion, Wikileaks lost its moral-ethical code, which it had at the beginning.
Till when do you plan to work?
I don’t know, till the end of the war?
Till the victory?
Till the victory. And then we’ll see. Maybe we’ll start a civic movement. Or maybe we’ll just do our own things.