How Hacktivists Are Fighting Russia With Their Keyboards
(Bloomberg Opinion) -- Wars are no longer just fought on battlefields or streets, but in cyberspace, too. The Ukrainian government has actively sought the help of volunteer hackers — and hundreds of thousands have answered the call. The global hacktivist collective Anonymous has meanwhile gone after Russian state media posting anti-war messages on the websites of state media channels. Another group recently disabled EV charging stations in Russia, reprogramming them to display messages like: “Glory to Ukraine.” But what are the risks of retaliation from Russian state-backed hackers, and could this turn into a full-on cyberwar?
Parmy Olson hosted a Twitter Spaces with Bloomberg reporter Ryan Gallagher and Yuliana Shemetovets, a spokesperson for Belarusian Cyber-Partisans — a group of “hacktivists” who appear to have disrupted trains transporting Russian soldiers through Belarus. Here is a lightly edited transcription of their conversation.
Parmy Olson: Ryan, you’ve been covering hackers and hacktivism for a number of years now. What’s been your reaction to this latest activity around the Russian invasion, compared to what we’ve seen in the past?
Ryan Gallagher: There has been a real explosion in different hacktivist operations carried out, not just by Ukrainians, but by people in North America and Europe. There are parallels to the past. In 2011, the hacker collective Anonymous was launching cyberattacks on Tunisian and Egyptian government websites during the Arab Spring. They also leaked Syrian government emails during the uprising there in 2012, which were later published by Wikileaks. So we have seen similar campaigns in the past, but this one is a bit different.
The key distinguishing feature is that Ukrainian hacktivists are supported by Ukraine itself. The government has been openly soliciting help from hacker groups to help to combat Russia’s invasion in any way they can, such as targeting critical infrastructure or banks and government websites. They’ve been actively asking for anyone to submit cybersecurity vulnerabilities that affect Russian companies and organizations. In a sense, what we’re seeing is a government-orchestrated, crowdsourced hacktivism campaign.
Parmy: Yuliana, you’re a spokesperson for the Belarusian Cyber-Partisans. Can you tell us a little bit about the group?
Yuliana Shemetovets: Cyber Partisans is a highly organized collective, which is part of a bigger coalition called Suprativ. Cyber Partisans’ members are all Belarusian, trying to overthrow Lukashenko’s regime. They’re fighting the oppression of people in Belarus, and now they’re trying to help Ukrainians. They’re not professional hackers, they all worked in the IT sector and only started their hacktivist work after the protests in 2020. I don't know where they reside right now, I hope they’re not in Belarus.
Parmy: That must be a very unusual situation for you as a spokesperson. You don’t know who the founders of Cyber Partisans are, if I’m not mistaken, but you do communicate with them?
Yuliana: I’m in touch with them everyday, but yes, I don’t know exactly who they are.
Parmy: How many of them are there?
Yuliana: There are about 30 people, but all these people have different levels of access. Only the founder members actually conduct the attacks in most cases, and are the only ones who have access to the databases they obtain. Many other people provide some help with information and develop applications for safe communication in Belarus and elsewhere. Now, I know that since the war began, five more people joined and there are more people who Cyber Partisans are verifying.
Parmy: For the sake of protecting people within the group, they must be very wary of taking new members in?
Yuliana: Yes, it’s hard to trust people. A lot of KGB officers try to infiltrate the group.
Parmy: Ryan, how much do you see groups like Cyber Partisans and others coordinating with one another?
Ryan: As far as I understand it, the Cyber Partisans are collaborating with the Ukrainian hackers who are waging their own cyberattacks on the Russian government. That’s one of the difficulties some of these people are facing at the minute — how do you coordinate it? There are so many people all across the world who want to help and contribute to these hacking campaigns. Trying to do that in a coherent way is very difficult. You also have trust issues: Someone could be presenting as a supporter of the cause, but might actually be a Russian military intelligence officer who’s trying to infiltrate your group.
Some of the people I’ve talked to try and limit it to people they can verify. They’re organizing in encrypted chat rooms. Then there are larger groups that are more publicly accessible. It’s really kind of a chaotic situation, but I’m sure we’ll see some leaked documents and emails coming out in the days and weeks ahead as a result of this sort of collective action.
Parmy: I remember Anonymous, when they were carrying out their attacks 10 years ago, were communicating on internet relay chat channels, both public and private. How are hacktivists communicating with one another today?
Ryan: People are using encrypted chat messengers such as WhatsApp and Signal. Also Telegram, which is generally understood to be less secure, but nonetheless, it’s a very popular method that people in Russia and Ukraine have used for years and continue to do so. I don’t think the hardcore hacking is being coordinated as publicly as it might have been 10 years ago. People have got savvier about information security.
Parmy: It strikes me that, for both hackers and hacktivists, a common trait is opportunism. You look for a vulnerability and if you find it, then you can exploit it and claim victory afterwards. I wonder if that’s perhaps a characteristic of the chaotic nature of some of the of the attacks that we’re seeing now. Do either of you think there needs to be more intention in some of the targets that these activists are going after?
Yuliana: We don’t know how other hacktivist groups are working, but in Cyber Partisans’ case, it’s more about strategy because the group acts as part of a larger coalition. Representatives from all three groups get together and decide what to do. For example, they might decide that the railway is a key infrastructure that will definitely be used by Russian military troops, and therefore that should be a target.
Parmy: Could you just elaborate on the larger coalition that Cyber Partisans is part of?
Yuliana: Suprativ consists of Cyber Partisans, the People’s Self-Defense Brigade and Flying Storks. It’s a political coalition. We understand that, to some extent, you can’t overthrow the regime only using computers. You need people on the ground, you need the support of the population. It’s more efficient to coordinate and to work with some other groups, political representatives and people inside the country.
Parmy: Ryan, just on that point of opportunism versus focused intention, what’s your thought on that?
Ryan: There’s obviously a lot of opportunism, because it comes down to where the vulnerabilities are and that can be quite random. Also every hacker is different. Some of them will be actively seeking vulnerabilities in systems. They have certain tools where they can scan different computer networks in order to find computers running old software which is perhaps vulnerable to attack. Others will try and get into a target by using social engineering where they use their skills as a communicator to literally trick someone into maybe giving them a password or a username and then use that account to gain deeper access into a system.
Parmy: I do wonder about potential blowback. Given that Russian propaganda for Russian citizens is twisting a lot of the truth around sanctions and telling viewers that Russia’s being victimized and bullied by the rest of the world, what are the consequences of some of these cyber assaults that end up hurting Russian citizens? Doesn’t that only feed into that narrative?
Yuliana: In the case of Cyber Partisans, they try not to affect ordinary citizens so they don’t risk losing the support from people in Belarus. But now, there is a war and we’re fighting a really strong opponent, Russia, who has the ability to attack not only Ukraine, but other European countries, too. So in that sense, yes, it’s dangerous, but also I’ve had feedback from people in Russia and Belarus saying: “Yes, this isn’t convenient, but Ukrainians are being bombarded and dying.” So they seem willing to suffer a bit for the better cause.
Parmy: What are the risks of retaliation from Russia in all this? The Conti ransomware gang in particular came out in the last few days saying that they would retaliate against any kind of attack on Russian infrastructure. Is there a risk that there could be more tit-for-tat cyber skirmishes happening all over the place and spiraling out of control? Hacktivists and hackers are very good at hiding themselves, but corporations and other organizations are still vulnerable.
Ryan: There’s definitely concern. I’ve spoken to people in the corporate world in the last few days about this, and they are very worried about the danger of blowback. Russians have massive cyber-capability from the government side, and a huge number of criminal gangs that have always been given a safe haven in Russia over the years. These people are all quite skilled, with a lot of expertise at causing massive disruption and I don’t think they’re just going to be sitting on their hands right now. They’re going to be planning.
People have predicted some sort of cyber-apocalypse — an absolute onslaught from Russia. That hasn’t happened, but people shouldn’t be complacent because we know from history that they have a massive capability and are not afraid to use it. I do worry personally about the ramifications. We’re just at the beginning of something here and the sensible thing is to prepare for the worst, frankly.
Yuliana: We definitely should be careful, but I think the main difference between Russian soldiers and Russian hackers is that Russian soldiers, in many cases, don’t have access to the internet. They just don’t know what’s going on. Russian hackers, however, do have access. They can see what’s going on in Ukraine and I don’t know if it will work, but at at least some people might not decide to join the cyberattacks because they can see that Russia crossed a line this time.
Parmy: Can you tell us a little bit about the future for Cyber Partisans?
Yuliana: So we never discuss any future plans, but I can say that several parties are focusing on Belarus and Russian military troops in the Belarusian territory right now.
- Beware an Isolated Russia’s ‘Splinternet’: Parmy Olson
- How the Average American Can Help Punish Putin: Alexis Leondis
- The U.S. and Russia Still Need To Get Along In Space: Adam Minter
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
Parmy Olson is a Bloomberg Opinion columnist covering technology. She previously reported for the Wall Street Journal and Forbes and is the author of "We Are Anonymous."
©2022 Bloomberg L.P.
