Belarusian cyber-guerillas have a victory plan for the revolution

Maria Tolsova / Mediazona 

International

Article by: Anastasiia Hatsenko
Translated by: Promote Ukraine

Editor’s Note

As the Lukashenka regime continues its crackdown on the civic and protest activity in Belarus, a new type of resistance has come to the forefront. Cyber guerillas deface state websites, hack databases, and wiretap state officials. Moreover, they have a victory plan. Who are these anonymous warriors, activists or terrorists, and do they have a chance at success?

Every revolution is associated with information and communication technologies one way or another. But now, social media and the Internet have replaced leaflets, posters, and newspapers. The protests in Belarus, which began after the authorities had rigged the presidential election in August 2020, had a technological nature from the onset and were even called the “Telegram Revolution” for coordinating rallies through this network.

The world’s first Telegram revolution: how social media fuel protests in Belarus

The use of the messenger allowed protesters to receive text messages even when the Internet was blocked, thus agreeing on their actions.

To a large extent, it was the use of communication technologies in the face of widespread repression that made possible such a massive anti-government movement as we saw it in August-October last year. And today, when the regime’s massacres have reached immeasurable proportions, and expressions of dissent may result in imprisonment or even death, hacktivists remain the main elements of resistance. Here is who they are and how they act against the Lukashenka regime.

Belarusian cyber guerrillas

Belarus, like Ukraine, is known for its IT specialists. Thousands of industry representatives work here. After the election was rigged, many of them joined the protesters who demanded justice. With the start of the street confrontations, more than 2,500,000 CEOs, investors, and developers wrote an open letter calling on the authorities to stop the violence.

That was when the IT sector became the target of authoritarian regime reprisals.

Ukraine rolls out official site to help Belarusian IT specialists relocate

On 2 September 2020, employees of the Financial Investigations Department of the State Control Committee of Belarus raided the Minsk office of the PandaDocs IT company.

The reason was that the founder of the company created an initiative to raise funds for law enforcement officers who decided to change their profession. As repression and harassment were gaining momentum, many IT companies decided to relocate their offices. As of March 2021, almost 40 Belarusian information technology enterprises moved to Ukraine.

However, today we will focus not on those industry representatives, who just fled the dictatorship or helped their affected compatriots, but on professionals who created a whole hacker group to oppose the regime.

They call themselves cyber guerrillas, and their main goal is to destabilize the work of all agencies that support the rule of Alyaksandr Lukashenka and to keep the illegal government in constant tension.

The most famous deed of cyber guerrillas is the hacker attack on the website of the Administration of the President of the Republic of Belarus on 2 September 2020 when the opposition white-red-white flag was placed on the main page of the web resource. Then, one after another, the state Internet portals were tapped into, and the hackers even reached the Ministry of Internal Affairs of Belarus, on which they put Alyaksandr Lukashenka and Minister of Internal Affairs Yuri Karayev on the wanted list.

Belarusian cyber-guerillas hacked the website of the Belarusian Ministry of Interior to put self-proclaimed President Alyaksandr Lukashenka and Minister of Internal Affairs Yuri Karayev on the wanted list. Photo: Nasha Niva

In an interview with Bloomberg, a spokesman for the cyber-guerrillas said that their group included about 15 people, three or four of whom specialized in the “ethical hacking” of computers in the Belarusian government. The rest work on data analysis and other tasks. Most of the group’s representatives are Belarusian citizens working in the field of information technology. The New York Times, in turn, notes that the main cyber guerrilla forces are outside the country.

The hackers also cooperate with the BYPOL group (association of Belarusian security forces). This initiative was created by former law enforcement officers to oppose the Lukashenka regime. BYPOL has channels on Telegram and YouTube, where it publishes videos related to security forces and leaks data about law enforcement officers. The main goal of the initiative is “to restore democracy in Belarus led by people’s leader Svetlana Tikhanovskaya and to hold new presidential and parliamentary elections based on democratic principles.”

How do cyber guerrillas work?

Apart from hacking state websites and trying to prevent further unraveling of the spiral of violence, the hacktivists have a Victory Plan that was published on their Telegram channel on 12 April this year. The main event for which hackers are preparing is Moment X, when massive protests against the authoritarian regime will break out. Cyber ​​guerillas pave the way for a new wave of protests together with the Busly Lialiats movement, a resistance group of the citizens of Belarus, and the units of people’s self-defence.

The “victory plan” presented by Belarusian cyber-partisans. Moment X denotes the start of the indefinite protest that will include cyberattacks, guerilla activity, special operations organized by the Busly movement, and other activities

The “Victory Plan” of Moment X will be preceded by Phase X – a period of time during which Moment X can be announced at any time. Phase X is needed to inform the citizens of the country that a new phase of resistance has started. In addition, its duration will be concealed from the regime, which will tire the latter and make it lose vigilance. During Moment X itself, they plan the following activities:

  • Cyber ​​attacks on critical infrastructure;
  • Launching the newly created X-App application,  which will paralyze state websites if it is used within them;
  • Using the “Vulnerability Map.” That is, a guerrilla will be able to open the map and see the vulnerabilities of the regime, as well as receive instructions to break on their own.

In addition, the activists promise to create safe conditions during the new street protests. The self-defense squads are responsible for this in the Victory Plan. If last year’s demonstrations were peaceful, now resistance groups say they will defend themselves in response to the violence.

Activism or terrorism?

Given the actions of the Belarusian guerrillas, a logical question arises: whether they are really activists and not adherents of cyberterrorism. After all, cyber-guerrillas use hacker attacks against information systems, deface websites (when one page is replaced by another, often obscene, one), and so on. Cyberterrorists also resort to these actions. So who are the Belarusian hackers really: terrorists or activists after all?

The logotype of the Cyber-Partisans

The main difference between cyberterrorism and hacktivism is that the adepts of the latter usually choose motives such as social justice or freedom of speech. Their purpose is to draw attention to certain political and social issues.

The most famous example of this type of activism is the history of WikiLeaks. The founder of the site, Julian Assange, identified the main purpose of his platform as the protection of freedom of speech and publications in the media, as well as the protection of human rights. Thanks to this project, the world has learned about how Swiss banks laundered money or has the opportunity to read US dispatches with critical reviews of the activities of leaders of other countries.

Hacking, however, cannot be generally considered hacktivism. Hacking may be political in nature, but the hacks are often for fun or profit, and none of these motives are associated with activism. At the same time, hacktivism should still include a hacker component. The online activism to which we are accustomed, such as online petitions, is a kind of frontier of what can be considered activism. It should consist of both ordinary online activism and hacking operations.

It is important to distinguish between activism and cyberterrorism, because the latter is aimed directly at causing serious harm. Hactivism is aimed at changes in society and government. Thus, cyber-guerrillas should still be called hacktivists.

“We have no need for CIA help” – Ukrainian hackers of #SurkovLeaks | Exclusive interview

What have the cyber-guerillas already achieved?

The hackers began with more symbolic actions, such as hacking the website of the Presidential Administration of Belarus and publishing a protest flag there.

However, now their actions have acquired a new character. They are currently conducting Operation Heat, which can be followed on the Telegram channel. The name was chosen not by chance, but after the Ministry of Internal Affairs made a statement that their bases had failed due to abnormal heat, not due to the actions of cyber guerrillas.

During the operation, hackers broke into the traffic police automated information system “GAI-centre,” system “Passport,” the database of the police 102 service, the database of the Department of Internal Security, and the Main Personnel Department of the Ministry of Internal Affairs. According to the hacktivists, they “completely or partially paralyzed entire areas of the punitive system.”

In addition, scandalous fragments of wiretapping of phones of government officials and special services agents got into the network.

The regime’s most famous reaction to the activities of cyber guerrillas is Lukashenka’s address to the government: “If you can’t protect information on your computers, then go back to paper. Write by hand and put it in a box.” In addition, the Ministry of Internal Affairs of Belarus claims that the police have all the means and technologies to identify and prosecute those responsible for the leak. Immediately after that, the Ministry of Internal Affairs made another statement claiming that there were no mass layoffs and media leaks only “strengthened the fighting spirit.”

Belarus hacktivists dox riot police after mass detentions of Women’s March participants | Photos

Indeed, cyber guerrillas are penetrating even deeper into the personal data of the Lukashenka regime as long as it tries to pretend that nothing happens and everything is under control.

Conclusion

At present, it seems that cyber guerrillas are doing their best to prepare for new rallies and keep the regime in suspense. In a short time, they showed that they can and know how to fight. But in order to win, hackers need the support of not only protest groups but also citizens. Belarusians are tired of beatings in the streets and atrocities in detention centers, as well as the lack of changes following mass protests.

The main threat to cyber guerrillas is not the possible exposure by security forces, but the inactivity of citizens. Belarusians continue to leave the country, and this once again calls into question whether Phase X and Moment X will receive the necessary support. Also, a lot of information about the future plans of hackers is publicly available. Yes, they claim that they do not reveal all their ideas but the already available information can help the regime prepare for the day when the Victory Plan will be launched.

Anastasiia Hatsenko is an information security expert at the ADASTRA think tank

Related:

Translated by: Promote Ukraine

Ukraine needs independent journalism. And we need you. Join our community on Patreon and help us better connect Ukraine to the world. We’ll use your contribution to attract new authors, upgrade our website, and optimize its SEO. For as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support. Become a Patron!

Tags: ,