“We are creating a digital army,” Ukrainian Minister for Digital Affairs Mykhailo Fedorov wrote on Twitter. It had been two days since the Russian invasion, and the leader promised a list of tasks for hackers of all the world. Fedorov gave a link on Telegram to an account that this week already had more than 300,000 members. Joining does not imply any type of subsequent action, but those in charge of managing it do not stop suggesting specific attacks: block Russian railways pages, analyze emails obtained through hack from members of the Russian Parliament or from Russian regional government websites. “Please give us a hand. We will have a group chat to share creative thoughts and address the information war. You can all join,” says a message on Telegram.
We are creating an IT army. We need digital talents. All operational tasks will be given here: https://t.co/Ie4ESfxoSn. There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.
— Mykhailo Fedorov (@FedorovMykhailo) February 26, 2022
The other big organized group is Anonymous. Since the beginning of the conflict, its members have been proposing and executing attacks with different success. One occurrence was filling Google Maps Russia and Belarus restaurant reviews with phrases about the invasion. Was a hack to deliver information to citizens directly. Despite having no evidence that the action had been successful, Google announced that it was limiting that service: “Due to a recent increase in the content contributed on Google Maps related to the war in Ukraine, we have implemented additional protections to monitor and prevent the content that violates our policies for Maps, including temporary blocking of new reviews, photos, and videos in Ukraine, Russia, and Belarus.
Anonymous is also credited with hacking hundreds of video surveillance cameras in Russia to launch messages against the invasion of Ukraine and “urge civilians to fight” the Kremlin, a Bloomberg reporter found. Or that in some electric car recharging stations in Moscow, messages such as “Putin is an asshole” or “Glory to Ukraine” were displayed on the screens of the pump.
Anonymous is not a structured or closed organization. To join this group you just have to want to do it or say that you are part of it. EL PAÍS has asked a Spanish-language Twitter account with tens of thousands of followers and created in 2020 if they were the “official” account. It is not the largest account, but it is the one that tweets about Ukraine on a daily basis. His response has been: “We are all a team, there is no official Anonymous”. That means that any individual or organization can operate under that name.
Go to Google Maps. Go to Russia. Find a restaurant or business and write a review. When you write the review explain what is happening in Ukraine.
idea via @Konrad03249040— Anonymous (@YourAnonNews) February 28, 2022
“They don’t have a well-defined strategy, among other things because the group’s own idea is that they don’t even know who they are. Anyone can be from Anonymous as long as they share their values”, explains Andrea G. Rodríguez, principal researcher in emerging technologies at the thinktank European Policy Center in Brussels.
A group called Cyberpartisans of Belarus, for example, announced early in the conflict that it had sabotaged train services carrying Russian troops in Belarus, to an unknown extent. Also filtered chat of more than a year of Conti, a group of ransomware (a kind of software malicious system that hijacks a system and frees it when a ransom is paid), which announced its support for the Russian invasion. Again, no one knows for sure who is behind it: the leak was through a Twitter account and in the back room there is allegedly a “Ukrainian patriot” cybersecurity researcher.
This huge amalgamation of names and actions is new and has unforeseen consequences: “It’s something without much precedent,” says Lukasz Olejnik, an independent cybersecurity researcher and consultant and former cyberwarfare adviser to the International Committee of the Red Cross in Geneva. In the case of the Ukrainian cyber army, he adds, “it appears to be somewhat directed from above, but it is not clear whether the actual effects of those activities have any significant contribution to the armed conflict effort.”
It is also not known in which countries there are more Anonymous cyberactivists or what degree of cooperation they have with each other. Regional subgroups are known. In Spain, for example, the last report of hacktivism of the National Cryptologic Center (CCN-CERT), the branch of the CNI dedicated to cybersecurity, highlights three. Anonymous Spain, Anonymous Catalonia, which since October 1, 2017 carried out several operations to disseminate sensitive information, such as the disclosure of personal data of Vox affiliates in Sabadell, and the 9th Anonymous Company, to which a separate heading. This is what the CCN-CERT calls them, although they call themselves La Nueve. “We are a finite perspective within a much broader concept such as Anonymous that escapes all delimitation. (…) We are nothing more than a questioning that seeks to put an end to so many outdated assumptions that perpetuate the empire of institutionalized violence or capitalism through the Internet”, they define themselves in an interview published on their Tumblr.
Despite the spectacular video in which Anonymous announced the launch of Operation Russia, their actual capabilities are relative. “They are more spoilers than anything else. On paper they do not have the means to carry out a strong cyberattack, such as entering the Kremlin’s systems, blocking an electrical network or taking over the Russian control center of the military drones used in Ukraine,” Rodríguez stresses.
“It seems that so far there are no high-impact cyberattacks,” adds Olejnik. “Except for perhaps two events, one of which is the alleged disablement of the KA-SAT satellite internet on the day of the start of the invasion. The other significant effect is the interruption (supposedly) of the processes of refugee flows due to the cyberattack that wiped out the border control computer systems” the day before the invasion, he adds.
The CCN-CERT report considers that the reality hacktivist in Spain “it is made up of individual identities with little or no technical training such as cyber threats, with weak or non-existent collectivization or group identity, and fundamentally motivated by achieving notoriety through mentions on social networks”. From the point of view of this organization, the threat is equally decaffeinated in the international arena.
And if there is a government behind?
groups of hacktivists they have a halo of vigilantes from cyberspace that causes respect among the community hacker and even among the population not initiated in computing. It is no coincidence that Anonymous, the most famous group, has as its image the Guy Fawkes mask used in the film v for Vendettaa symbol for the generation millennial of resistance to tyranny.
That prestige can be sweet for those who want to carry out very specific actions in cyberspace without revealing their identity. Because, in addition to their reputation, the fact that they remain anonymous makes it easier to impersonate them. It is unknown if the secret services of any country have ever posed as a group of hacktivists to cover up a cyber attack. What is known is that at least one APT has done it, the organized groups of hackers professionals allegedly sponsored by governments.
It happened in 2017 in the same scenario that all the spotlights are currently directed towards: Ukraine. The Russian group Voodoo Bear, which that same year launched the NotPetya virus in the country, originally designed to affect the software of accounting most used in Ukraine and that later spread throughout the world. Voodoo Bear is known to have carried out a series of attacks aimed at sabotaging communications networks under the name of F Society, a fictional group of cyber activists drawn from the series. mr robot. That was the first time that this APT carried out a false flag attack, according to what Adam Meyers, head of intelligence at CrowdStrike, told EL PAÍS.
A decade earlier, in 2007, Estonia suffered a series of cyber-attacks that shut down the country’s digital architecture when authorities decided to move a Soviet monument to a less visible part of the capital Tallinn. Although the attacks started from hundreds of personal computers located in dozens of countries and were coordinated on Internet forums, NATO suspects that Moscow was behind the operation. The Kremlin always denied it.
You can follow THE COUNTRY TECHNOLOGY on Facebook and Twitter or sign up here to receive our weekly newsletter.
