“The goal is clear, to cripple the Russian economy”: meet the new hackers serving Ukraine

Since the beginning of the total invasion of Ukraine by Russia, tens of thousands of hacktivists have taken the cause of the attacked country to heart. These new hackers tell us about their daily lives as committed hackers.

One day, the site for the Moscow region goes down. Then that of a large Russian insurance, then it is that of the Russian central bank which displays a technical problem. On Telegram, a few individuals challenge the institution and ask to send urgent files. “Impossible at the moment,” replied the central bank on March 28. A handful of Russian media will report on the bank’s computer disruptions, but none will mention the pro-Ukrainian hacktivists.

The attack is indeed claimed by the IT Army of Ukraine – the computer army of Ukraine – a collective of voluntary hackers launched by the government, on February 26, 2022, only two days after the total invasion of the country. 15 months later, the Telegram channel, the main communication network, brought together 180,000 people. It is difficult to distinguish hackers from simple subscribers, but the operations are numerous, often symbolic, and, from time to time, really critical for the victims. “Behind these attacks, the goal is clear, to cripple the Russian economy. Harassing its administrations on a daily basis, blocking banks, preventing payment for public transport“, Lists us Éric, Belgian forties and hacktivist.

Alexander Egorkin, vice-president of Gazprombank, Russia’s third-largest financial institution in terms of assets under management, reported in November that an operation successively brought down the site for individuals, then the SMS information system. and finally the company’s call center.

“Two full-time computers to attack”

In 14 months, the computer army of Ukraine puts forward more than 600 attacks. If the Russian hacktivists are also very active and constantly harass the West, the Ukrainian front is just as motivated. Éric has been contributing to these operations since the birth of the movement. This computer network specialist started at the end of March, after seeing the call from the Ukrainian Minister of Digital. “ I started a bit stupidly, without really knowing how to go about it. Like everyone else, I started with the denial of service attacks,” the hacktivist tells us. Denial of service attacks – also called DDoS – consist of launching waves of connections directed simultaneously towards a specific target. If the number of requests is high enough, the server is no longer able to process them and the target platform becomes inaccessible.

Russian administration homepages were hacked by hacktivists to display a speech by Ukrainian President Volodymyr Zelensky

“Over time, the missions have evolved, and the attacks have become more professional. The goal is to actually block services, sometimes for several days. In May 2022, the attacks intensified with a major operation against RuTube, the Russian YouTube, on the day of the commemoration of the end of the Second World War, a symbolic date in Russia. “We are facing the worst cyberattack in the history of RuTube,” said the company’s communication, paralyzed for several days.

RuTube homepage on May 10 was unavailable due to a “technical problem”

Harassing Russia is that much easier with easily accessible tools. “Today we are entitled to a large panel. There must be around thirty effective software for carrying out denial-of-service attacks. They are quite easy to use, usually just a few clicks. The IT Army of Ukraine provides them free of charge and provides links to these programs. At home, I have two computers running full-time, constantly attacking“. 

Why was Ukraine so motivated? “For the defense of the truth”, answers Eric. “I worked with the Belgian state in the fight against disinformation during the Covid period. When the invasion started, I saw the same fake news profiles and campaigns coming back to the networks. I got involved first with the NAFO movement to thwart these bots, then simultaneously against Russian organizations with the IT Army,” the hacktivist tells us.

Members from all over Europe

Like Eric, other hacker collectives have taken the Ukrainian cause to heart. Hacking4Ukraine, a group born after the invasion, confirmed to us that they currently have members in 28 countries around the world. “Many started hacking as soon as the annexation of Crimea in 2014 and the disruptions in Donetsk and Luhansk,” said one member. “We have developed our own tools with the collective. First, we slow down the targeted site, then we saturate it,” he adds.

The face of Anonymous in their profile photo on Twitter, Johnny is also part of a group organized to carry out attacks. “Many of us felt the need to help Ukraine. Some work in information technology and cyberspace, but many started learning cyber warfare and hacking after the attack. I worked in this field about ten years ago, it just gives me the impression of rediscovering this daily life,” he explains.

In April, his collective blocked the site of the Kalashnikov weapon manufacturer for more than nine hours. “Some would say that DDoS attacks don’t do much, but it’s always about how much they hurt the business, both in terms of reputation and money and even slowing down deliveries. if we’re lucky,” says Johnny. Ukraine is not the only fight. In the fall, at the height of women’s rights movements in Iran, her group repeatedly pledged to bring down Tehran’s government sites. “It’s simply a group of like-minded individuals fighting injustice using cyber warfare,” the hacker sums up.

A definition that could apply to all hacktivist collectives. The Anonymous movement, born in 2003, made the media fantasize. Twenty years later, the war between Russia and Ukraine will be the one that has trivialized hacktivism.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s