When Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she said. She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.
Belarusian Cyber Partisans, meanwhile, are doing their part to overthrow Lukashenko by leaking government secrets and attacking the computer systems of enterprises that support the dictator’s regime. Shemetovets, who moved to New York City a few years ago to study political science, has participated in anti-Lukashenko protests for more than a decade. During that time, she witnessed brutal repression of civilians and saw her friends detained for protesting unfair elections and police brutality.
During protests in 2020 when throngs took to the street to protest a rigged national election, around 5,000 criminal cases were initiated and more than 35,000 people were detained on Lukashenko’s orders. After long interviews with leaders of the Cyber Partisans, Shemetovets eventually decided to join the movement: “I thought I would not forgive myself if I didn’t do everything possible to stop Lukashenko’s terror.” This decision came with a cost. The Belarusian government listed Shemetovets as a terrorist, and now she could face imprisonment or the death penalty if she returns home. She also cut ties with her family and some friends, because they were at risk as well. “Now I just live one day at a time,” she said. “You never know what the next target of the Belarusian regime will be and how it will try to stop the Belarusian opposition.”
As a spokesperson, Shemetovets does not engage in “hacking,” her main job is to explain to the world who the Belarusian Cyber Partisans are and why their work is important. Although made up mostly of young tech specialists and activists, the Cyber Partisans resemble an amateur intelligence service: they have a political agenda, clear goals, and put a lot of effort into collecting and analyzing sensitive data. Researchers have said that they have “taken hacktivism to the next level.” Instead of making money with hacking, they accept donations in cryptocurrency to maintain costly servers and develop new hacking tools and mobile apps for activists.
During the war in Ukraine, the Cyber Partisans doubled in size and now has 60 members. “It’s still not enough to accomplish all our goals,” according to Shemetovets. People inside Belarus are tired of resistance, so Cyber Partisans recruit the most motivated and loyal activists.
The group aims to create a different Belarus: free, democratic and independent from Russian influence. Before the protests, Belarus had a booming tech industry, and Cyber Partisans, who worked in local tech companies and startups, want to revive it, by improving cyber defense, attracting foreign investment and creating something like a national Silicon Valley, according to Shemetovets.
The Cyber Partisans were founded in the wake of the mass protests in August 2020 against Lukashenko’s presidential election, which the US and other countries have deemed rigged. The group started with a small handful of anonymous tech specialists who had to learn hacking from scratch. Most of the group’s members are based outside Belarus. During the protests, many Belarusian techies fled the country as law enforcement raided firms belonging to people opposed to the regime, and reportedly blocked internet in the country.
Like many Belarusian opposition activists, Cyber Partisans communicate via Telegram, which they reprogrammed for their needs using the app’s open-source code. The Partisans’ Telegram is more secure than the original, according to Shemetovets. Its users can set a fake password that automatically deletes selected chats and channels once entered. The Cyber Partisans’ Telegram is also used by some people who live in Ukrainian territories that have been occupied by Russia. “Russian law enforcement can detain them and check whether they follow Ukrainian news channels,” she said.
The Cyber Partisans put a lot of thought into personal security. “I do not know Cyber Partisans’ real names and don’t want to know for my safety and theirs,” she said. “Of course, I would like to meet and hug everyone, but it’s not time yet.” Despite their “remote work culture,” the Cyber Partisans are highly organized. They have no hierarchy within the group – decisions on strategies and common goals are made by general voting.
Each member of the group works on different tasks: data analysis, app development, PR, and cyberattacks. The latter is the most sensitive part of the work, so it is not discussed with other members. “Someone can write scripts for an attack, but not know where it will be applied,” according to Shemetovets. It is safer to distribute the work in this way in case someone is detained and is going to be questioned, she said.
Analyzing and storing data is also a big part of Belarusian hacktivists’ work. Among their biggest hacks: a passport database that reportedly contains personal details of every Belarusian citizen and a police database with sensitive information about the work history of every police officer in the country.
The Belarusian Cyber Partisans co-created a project called Black Map, a repository with personal data of law enforcement agencies, government officials, and other supporters of Lukashenko’s regime. If they ever face prosecution, an international court could use these records as evidence against them, according to project founders. “We use modern methods of data storage and expensive servers because Lukashenko’s regime did not do enough to protect the data of Belarusian citizens,” according to Shemetovets. To analyze the huge amount of data they steal from government databases, Belarusian hacktivists turn to “trusted” investigative journalists and researchers, such as from Bellingcat and Belsat. The hacktivists provide a chunk of the information journalists need for their investigations but do not provide access to the entire database.
In November 2021, the Cyber Partisans got hold of Belarus’s border crossing records. Using those records, Bellingcat published an exposé last month about Russian spy Olga Kolobova posing as a Latin American jewelry maker. During the war in Ukraine, hacktivists have used leaked data to identify spies and track the movement of Russian military equipment in Belarus, which has a 650-mile border with Ukraine. The war has multiplied the group’s workload, as the Cyber Partisans are collaborating with Ukrainian hacktivists.
While Lukashenko’s regime is known for its despotism and violence, hacktivists do not demonize the dictator — they make fun of him and his allies. Hacktivists have created animated movies based on leaked phone calls and post memes on their Telegram channel, which has over 48,000 followers. In their opinion, big attacks like one on the national railway’s computer systems, or the publishing of a database showing the country’s true COVID-19 mortality rate, undermines the confidence in Lukashenko’s power not only in Belarus but also among Western countries. Lukashenko once said that “cyberweapons are more terrifying” than nuclear weapons. Yet, he doesn’t want to admit that he is being attacked by a bunch of techies, according to Shemetovets. “It humiliates him,” she added.
Hacktivist attacks also show how weak cyber defense is in Belarus. “The computer systems of the Belarusian railway used Windows XP!” Shemetovets claims. The group does face obstacles, though, as the regime tries to fight back. Moreover, Belarusian hacktivists don’t have as many tools as Russian groups, nor as much support as Ukrainian ones. Many foreigners also don’t understand who the Cyber Partisans are, and are not ready to support them as they consider cyberattacks to be illegal, according to Shemetovets. “I have to explain to them that this is how we fight against a dictatorship when no one from the Western world supports us,” she said.
But foreign activists and cybersecurity experts have not objected to the group’s activity, Shemetovets said, because their attacks don’t harm civilians. “We have a rule: to publish data only about those people who are connected with the dictator’s regime and committed crimes against the Belarusian people. We do not target their families and children,” Shemetovets said. An effective attack, according to Belarusian activists, is one that creates pressure on the regime and disrupts the work of enterprises that serve it. For example, the attack on the Belarusian railway was successful because it disrupted the supply of Russian weapons to Ukraine. Hacking databases is also effective, as this information can be used by journalists and opposition groups, according to Shemetovets.
The Cyber Partisans understand that cyberattacks alone are not enough to topple a regime that has existed for decades. “We also need people who are not afraid to protest on the ground,” according to Shemetovets. The war in Ukraine diverted attention from the 2020 democratic protests in Belarus, and now the Western media is portraying Belarus as Ukraine’s enemy, with Lukashenko doubling down on his partnership with the increasingly authoritarian Russian President Putin. The Cyber Partisans are doing their best to damage this friendship. They understand that when Putin loses in Ukraine, his next target could be Belarus — an important zone of influence for the Kremlin.
During the hacktivists’ cyberattack in early September on the transport infrastructure facilities in the Belarusian city of Gomel, they distributed leaflets with an appeal to join the fighting in Ukraine and the Belarusian opposition movement. They also left a message: “As long as the dictator remains in power and political prisoners aren’t released, any regime’s department and enterprise can be subjected to cyberattacks.”
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings