An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
The actions reported so far seem to be limited to “denial of service” (DOS) attacks, where multiple requests are sent to a website in a coordinated manner to saturate it and bring it down. Defacement actions, in which the targeted site displays a hacked page, have also been briefly observed on Russian sites.
The “cyber-army” could also ask hackers to try to identify vulnerabilities of certain Russian sites, and send that info to more seasoned specialists capable of carrying out more sophisticated intrusive actions, such as data theft or destruction, explains Clement Domingo, co-founder of the “Hackers Without Borders” group.
But he and other specialists consulted by AFP warned the hackers against participating in the activities of the “IT Army”, or other cyber mavericks like Anonymous.
‘Too much risk’
“I strongly advise against joining these actions,” says Damien Bancal, who is well-versed in the opaque world of cybercrime. “There are plenty of other ways to help Ukrainians who are suffering”, if only by relaying the testimonies that are flourishing on social networks, he adds.
[ Read: Russia, Ukraine and the Danger of a Global Cyberwar ]
For SwitHak, a cybersecurity researcher, the maverick hackers are taking “too much risk”.
“There are legal risks, for example,” he said, Attempting to attack a website or penetrate a server or network is “computer crime”.
For Domingo there is also a real risk of “hack back,” a destructive counterattack by Russian operatives.
He is particularly appalled to see that a number of candidate hackers have obviously not taken the trouble to create a special Telegram account to participate in the IT Army, at the risk of being identified by the Russian side.
In cyberspace, and in particular on forums and other discussion groups on Telegram or Discord, “you don’t know who’s who”, insists Felix Aime, another researcher at Sekoia.
Inexperienced hackers can find themselves caught up with infiltrators from the opposite camp, and end up working for the very opponent they wanted to fight, he warns.
Between the experienced hackers, who carry out ransomware attacks, the fight is on.
The Conti ransomware group, which declared its support for Russia, saw one of its pro-Ukrainian members publish more than a year’s worth of its internal communications in retaliation, offering a treasure trove of information to the world’s cyber security researchers, police and spy specialists.
The forums where cybercriminals meet “try to stay away from any debate” on the Russian-Ukrainian war to avoid attracting the attention of state services, says Sekoia analyst Tibirna.
Related: Ukraine: Worm-Spreading Data-Wiper With Ransomware Smokescreen
Related: Russia vs Ukraine – The War in Cyberspace
Related: Microsoft: Cyberattacks in Ukraine Hitting Civilian Digital Targets
Related: CISA, FBI Issue Warnings on WhisperGate, HermeticWiper Attacks
Related: Microsoft, Symantec Share Notes on Russian Hacks Hitting Ukraine
Related: Ransomware Used as Decoy in Destructive Ukraine Cyberattacks