International cyberoffensive gives Russia “a sip of its own bitter medicine”

International cyberoffensive gives Russia “a sip of its own bitter medicine”

Illustrative photo 

International, Russian Aggression

Article by: Orysia Hrudka
Edited by: Sonia Maryn

Editor’s Note

An international cyber offensive on Russia is gaining steam as the collective Anonymous takes down Russian and Belarusian state websites and services. As well, the Ukrainian government has launched an “IT Army of Ukraine” in what is the first time that a state has openly called for citizens and volunteers to cyberattack another state.

At the same time, Russia’s cyberattacks on Ukraine after the full-scale invasion are surprisingly meager.

On 1 March 2022, the Minister of Digital Transformation of Ukraine Mychaylo Fedorov, who previously launched the IT Army of Ukraine, wrote:

If in the beginning we constrained many powerful cyberattacks, mainly due to the long preparation of Russia in advance, now, thanks to the common spirit of Ukrainians for freedom, we have moved to a confident offensive.

Soon after the first cyberattacks on Russia by Anonymous, an international hacker activist group – the IT army of Ukraine — was launched. While there have been a number of successful cyber attacks on Russia, Russia is much less active in cyber attacks than was expected. There are a number of possible reasons.

Anonymous declares cyberwar against the Russian government on the very day of the invasion

On 24 February, the day Russia invaded Ukraine, Anonymous, one of the largest and most widely-known hacker groups, declared it is “officially in cyberwar against the Russian government.”

The damage did not take long to be felt. The very next day, 25 February, Anonymous breached the Russian Ministry of Defence’s database and posted it online for Ukraine and the world to see.

The Anonymous mask, known from the novel and movies V (Vendetta), was first donned by England’s famous rebel Guy Fawkes, a conspirator in the 1605 Gunpowder Plot.

According to Anonymous, on 25 February they took down 1,500 websites of the Russian and Belarusian governments, including the website of the Ministry of Defense, the Kremlin, and the Federal Anti-Monopoly Service.

On 2 March, the group reported that one of their affiliated hacking splinter groups had shut down the Russian space agency Roscosmos which is responsible for Russia’s control over Russian spy satellites. It also intercepted several streams of Russian military communication.

Russian TV channels were also attacked, playing Ukrainian music and displaying national symbols. The attack brought uncensored news of the conflict from news sources outside Russia. Russia Today, the state-backed news service, was also taken down with DDoS (Distributed Denial of Service) attacks. This type of attack works by overwhelming a target website with fake traffic.

On 28 February, Russian media sites, including TASS and Kommersant, were blanked out to display “5,300,” the number of Russian troops killed by Ukraine’s army according to official data.

That same day, Anonymous addressed Russians in an ominous tweet.

“Understand that Putin has invaded a sovereign nation and the whole world is outraged. We know it’s risky to stand up to him, but if you don’t, then who will?”

A picture containing logoDescription automatically generated

Picture from Anonymous tweet

​​“DDoS alone will not bring down a regime,” a German Anonymous splinter group posted in a blog. “[But Putin] who is using hacker squads and troll armies against Western democracies, is getting a sip of his own bitter medicine. [The intention is to] keep the Russian IT apparatus busy and to provide Putin’s hacker troops … with defensive work so that they cannot do anything in Ukraine or the West. Obtaining information is also an important point and you just don’t see a lot of what activists are currently doing.

It is also important to note that Anonymous activity is highly decentralized, so it is difficult to definitively attribute all these attacks to Anonymous. However, as Jamie Collier, a consultant at US cybersecurity firm Mandiant, explained about recent Anonymous activity:

“It can be difficult to directly tie this activity to Anonymous, as targeted entities will likely be reluctant to publish related technical data. However, the Anonymous collective has a track record of conducting this sort of activity and it is very much in line with their capabilities.”

Photo: Railway station Rudziensk, Belarus. Wikimedia Commons ~

Photo: Railway station Rudziensk, Belarus. Wikimedia Commons

There are examples of other hacker groups launching cyber attacks. One is the Belarus group, Cyber Partisans. When the self-proclaimed president of Belarus, Alexander Lukashenka joined Russia’s invasion, the Cyber Partisans attacked the Belarus Railway Service website to slow down the movement of the country’s troops. As of 2 March, the Cyber Partisans report that the attack on the railway continues.

26 February: Ukraine launches IT army

On 26 February, the Minister of Digital Transformations of Ukraine Mychaylo Fedorov announced on Twitter:

“We are creating an IT army. We need digital talents. All operational tasks will be given here: https://t.me/itarmyofurraine. There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.”

Fedorov then posted on Facebook:

“We have a lot of talented Ukrainians in the digital sphere: developers, cyber specialists, designers, copywriters, marketers …”

Hundreds of people started joining the IT army immediately after this announcement – as of 2 March, there are more than ​​270,000 subscribers in the IT army chat. These subscribers are not only IT specialists but include people who are helping to inform the citizens of Russia and Belarus about the true situation in Ukraine. All media in Russia and Belarus is heavily controlled – essentially propaganda.

It is the first time that states have openly called for citizens and volunteers to cyberattack another state,said Gabriella Coleman, a Harvard anthropology professor who has charted the rise of hacktivism.

The IT army took down a technology used by one of Russia’s biggest banks, Sberbank. The main Russian money master – the Moscow Exchangecame down at the start of the workweek, 28 February.

Photo: Sberbank, Russian majority state-owned bank. Creative Commons ~

Photo: Sberbank, Russian majority state-owned bank. Creative Commons

There have been attacks on Russian official websites, as well as the web resources of Belarus. The website of Russia’s Investigative Committee, the FSB, Sberbank, and other government and critical information systems both for Russia and Belarus have been taken down.

Among the known blocked resources are

  • sberbank.ru
  • vsrf.ru
  • scrf.gov.ru
  • kremlin.ru
  • radiobelarus.by
  • rec.gov.by
  • sb.by
  • belarus.by
  • belta.by
  • tvr.by

For a country that’s facing an existential threat like Ukraine, it’s really not surprising that this sort of call would go out and that some citizens would respond … Part of it is also a signaling exercise. It’s signaling a level of commitment across the country of Ukraine to resisting what the Russians are doing, said J. Michael Daniel, head of the industry group Cyber Threat Alliance and former White House cyber coordinator for President Barack Obama

On 24 February, an attack was made on information resources and the main contractor of all state projects in information technology in Russia, Systematics. The owner of Systematics is Putin’s “right-hand” Dmitry Medvedev. The evolution of Systematics included the automated electoral system Elections that were used to legitimize Putin’s regime for years. It too was disabled.

So Russians will now vote the old way, on paper,” Nikonov suggested.

Screenshot showing that the Russian FSB website is not working. 1 March, 16:47 EET. Source: Mykhailo Fedorov, Minister of Digital Transformation of Ukraine ~

Screenshot showing that the Russian FSB website is not working. 1 March, 16:47 EET. Source: Mykhailo Fedorov, Minister of Digital Transformation of Ukraine

Nikonov added that other developments of Systematics were disabled – significantly the electronic document management systems of Russia in the territory of the Autonomous Republic of Crimea, as well as in the so-called “DNR” and “LNR”:

All files from the servers have been downloaded and already transferred to our law enforcement agencies for analysis and inclusion in the materials of criminal cases against officials of the aggressor country, as well as leaders of the so-called “D/LNR” and their henchmen. Thanks to these materials, Ukrainian law enforcement officers now know for sure every scumbag who took part in the annexation of Crimea and in terrorist acts in eastern Ukraine.”

In addition, on 25 February, the management system of the Federal Treasury of the Russian Federation was destroyed, which led to disruption of the basic mechanisms and instruments of financing the army, law enforcement agencies, executive authorities, and state-owned enterprises.

What about Russian attacks?

According to a Ukrainian senior cyber official, the government was prepared for a Russian invasion cyber attack for days. All sensitive data was to be transferred on 22 February out of Kyiv, should Russian troops move to seize the capital.

However, during the week of the Russian invasion, as an article in the Economist put it, cyber attacks by Russian hackers were “conspicuous by their absence.

The article mentioned previous successful Russian attacks in Ukraine. In 2015, Russian hackers managed to knock out power for some 230,000 customers in the west of Ukraine. In 2017, the Russian attack dubbed “NotPetia” disrupted Ukrainian airports, railways, and banks. This suggests that Russia has a vast capacity for cyberattacks. According to an analysis of leaked bitcoin addresses, Conti ransomware, which is associated with Russia’s intelligence service, has ratched up at least $2.7 billion since its inception in 2017.

There are several possible explanations as to why Russian massive cyber-attacks are not underway. One is that Russia relies on Ukrainian infrastructure and information systems to carry out attacks. In other words, they rely on Ukrainian networks.

Russia also spreads propaganda through the internet. For example, as of 1 March, the Ministry of Defence of Ukraine has been warning Ukrainians about large-scale Russian disinformation campaigns using fake news and videos about an impending capitulation by Ukraine. During 1-2 March, people in different regions of Ukraine reported frequent disruptions in their internet connection.

Experts agree that Russia’s cyberattacks are fewer than were expected, although the interpretations differ. Senate Intelligence Committee Chairman Mark Warner said 28 February:

I’ve been pleasantly surprised so far… that Russia has not launched more major cyber attacks against Ukraine. Do I expect Russia to up its game on cyber? Absolutely.

The Economist article suggests that one reason attacks are not occurring is that Ukrainian digital defenses are stronger than presumed. It is also possible that decentralized hacker group attacks, like those of Anonymous, take time for Russian hackers to resolve. As the Economist author concludes:

One of the problems with cyber attacks is that it is often hard to be sure.

Related:

Edited by: Sonia Maryn
Ukraine needs independent journalism. And we need you. Join our community on Patreon and help us better connect Ukraine to the world. We’ll use your contribution to attract new authors, upgrade our website, and optimize its SEO. For as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support. Become a Patron!

Tags: , ,