Russia is on the receiving end of an unprecedented series of hacking attempts by Ukraine’s “IT Army”. From their channel on Telegram, a new list of targets is generated every day for its volunteer army to attack, wave after wave of DDoS strikes have knocked countless Russian websites offline since the beginning of the war. Government department websites, online payment platforms, even streaming services have experienced disruption.
But this is also just Ukraine’s IT Army. But what about their supporters across the world? Since the very start Hacktivists from the international community have pledged their support by attacking Russia and its businesses. The majority of these attacks are DDoS but apparently researchers have also seen ransomware attacks. There are also supporters going on bug hunts, looking for potential vulnerabilities and reporting them back to the collective.
This is especially rich, as Russia is often seen as a place where cyberattacks originate. Russia, naturally, has been fighting back since the very beginning; trying to disrupt power systems and disruption attacks against the Ukrainian government. But what makes Pro-Ukraine attacks different is the length of the attacks and how innovative they are. For example, using the puzzle game 2048, Ukrainian software engineers have been able to crowdsource DDoS attacks simply by players playing the game. Methods like this increase the pool of supporters(and numbers of attacks), regardless of their level of technical expertise. Instead of lasting minutes some attacks have been going for hours, with the longest clocked out at 177 hours over a week.
A bug bounty program has also been created to entice hacktivists to find security flaws in Russian sites. So far, over 3,000 reports have been made of leaked databases, login information, and instances where code could be run remotely in systems. This is to say nothing of the hundreds of gigabytes of data and millions of emails already obtained by Ukraine supporters.
Altogether, pretty impressive stuff. It’s not going to turn the tide of the war or anything but it will hurt Russia the way its hurt the world. Russia itself seems to be outwardly in denial about the Distribute Denial of Service attacks, but what else is new. If Russia becomes more honest about these efforts then it might push the country further toward internet isolation, creating a walled-off internet like China. How’s Russia doing at the moment, by the way?
Cyberwar is very ominous as a new weapon in war and any innovations we see now, we can expect to see come back at us. So while I applaud these efforts, it does mean that it becomes fair games for other states and non-state actors to use down the road. Collectivized crowdsourced DDoS attacks, enthusiastic incentivized bug hunts, there’s nothing special about Russia where that can’t be used against us.
Welcome to Thursday! Please be excellent to each other in the comments. The Mayor McSquirrel Rule remains in effect. As the Covid-19 pandemic continues, if you have not been vaccinated please consider finding time to get an appointment. If you have had only one dose of the Moderna or Pfizer vaccine, do not forget about the second dose! THIRD DOSES are now available for anyone over the age of 18! You can get any type of shot you like, provided you have already been double vaccinated. Even if you are vaccinated, please continue to maintain social distancing measures, wear masks in public areas in accordance with CDC guidelines in regard to your own vaccination status. EVEN VACCINATED INDIVIDUALS CAN STILL GET AND SPREAD IT.