An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other "hacktivists" to stay out of a potentially very dangerous computer war. According to Livia Tibirna, an analyst at the European cyber security firm Sekoia www.sekoia.io, nearly 260,000 people have joined the "IT Army" of volunteer hackers, which was set up at the initiative of Ukraine's digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies, and institutions, for the hackers to target. The actions reported so far seem to be limited to "denial of service" (DOS) attacks, where multiple requests are sent to a website in a coordinated manner to saturate it and bring it down. Defacement actions, in which the targeted site displays a hacked page, have also been briefly observed on Russian sites.
The "cyber-army" could also ask hackers to try to identify vulnerabilities of certain Russian sites and send that info to more seasoned specialists capable of carrying out more sophisticated intrusive actions, such as data theft or destruction, explains Clement Domingo, co-founder of the "Hackers Without Borders" group. A new non-governmental organization (NGO), Hackers Without Borders/Hackers Sans Frontiers, officially launched on4 February 2022 with the aim of providing security support to those in need. The Paris-based NGO will offer a range of pro bono cyber protection services to help defend against threat actors.[1]
Industry experts have warned that there are legal risks for the volunteers, attempting to attack a website or penetrate a server or network is still a computer crime. For Domingo there is also a real risk of "hack back," a destructive counterattack by Russian operatives. He is particularly appalled to see that a number of candidate hackers have obviously not taken the trouble to create a special Telegram account to participate in the IT Army, at the risk of being identified by the Russian side. In cyberspace, and in particular on forums and other discussion groups on Telegram or Discord, “you don't know who's who.”
Inexperienced hackers can find themselves caught up with infiltrators from the opposite camp and end up working for the very opponent they wanted to fight, he warns. Between the experienced hackers, who carry out ransomware attacks, the fight is on.
The Conti ransomware group, which declared its support for Russia, saw one of its pro-Ukrainian members publish more than a year's worth of its internal communications in retaliation, offering a treasure trove of information to the world's cyber security researchers, law enforcement and intelligence agencies.
See: https://redskyalliance.org/xindustry/resurgence-of-conti-ransomware
The forums where cybercriminals meet "try to stay away from any debate" on the Russian-Ukrainian war to avoid attracting the attention of state services. It will be interesting for cyber threat investigators to see which groups will try to expose opposing hacker groups. What a great opportunity of researchers to gain an inside view of these groups’ strategies, tactics, software and identified members.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
Comments