-
Ukraine’s IT army says it has carried out thousands of attacks on Russian organizations.
-
The group was founded shortly after the Russian invasion of Ukraine and has members from all over the world.
-
Experts told BI that there are risks involved in placing so much responsibility on citizens.
Shortly after Russia launched its full-scale invasion of UkraineThe Ukrainian government has called on techies around the world to use their skills to help combat the invasion.
“We are creating an IT army. We need digital talents,” said Mykhailo Fedorov, then-Deputy Prime Minister of Ukraine, wrote on X at the time.
Enthusiastic volunteers quickly responded to the call and within a month the group’s Telegram channel had about 300,000 subscribers.
As membership grew, so did the IT Army’s activity and by the end of May the group had already launched an estimated 2,000 cyberattacks on Russian organizations, Ukraine’s Ministry of Digital Transformation reported on Telegram.
A spokesperson for the group, who goes by Ted, told Business Insider that they are “currently seeing tens of thousands of devices and potentially thousands of people behind them.”
“While we are experiencing a steady decline in subscribers (on the military’s Telegram channel), the number of active devices involved is increasing,” Ted added.
While the exact location of the participants is unknown, the military has an international reach, Ted said.
The IT Army website provides detailed resources explaining in Ukrainian and English how volunteers can help, including guides on how to install the “IT Army Kit”, which contains the necessary tools to carry out cyber attacks.
Volunteers can even use the toolkit to run the attacks in the background, so that tasks do not disrupt their daily activities.
Scoreboard statistics are also placed to gamify the process, increase engagement and stimulate competition between users.
Russian organizations are vulnerable to cyber warfare, experts say
Russian organizations are particularly vulnerable to things like a distributed denial-of-service (DDoS) attack, an attempt to overload a website or network.
In the West, there are a number of services that help protect businesses from DDoS attacks, Alan Woodward, a professor at the Surrey Centre for Cyber Security at the University of Surrey, told BI.
In Russia, however, “they have the expertise, but not necessarily the service providers that are facing organizations to detect and mitigate DDoS attacks,” Woodward said.
In June, the IT Army reported that it had carried out a major DDoS attack on Russian banks, including VTB, Gazprombank, Sberbank and several others, as well as on the Russian payment system Mir, the Russian equivalent of Visa or Mastercard.
According to Woodward, the incident “certainly raises the impression that the group is capable of carrying out large-scale attacks.”
The IT army and other hacktivist groups have also managed to attack Russian media.
In June 2023, Russian state television and other channels were targeted by hackerswith a video broadcast in Ukrainian warning viewers: “The hour of reckoning has come.”
According to Stefan Soesanto, senior researcher at the Center for Security Studies at ETH Zurich, cyberattacks like these play a “very important role” in Ukraine’s cyber defense.
“While most of their DDoS efforts only cause short-term disruptions, they are persistent when it comes to specific Russian companies and platforms,” he said. “They will attack them again and again.”
Roskomnadzor, Russia’s federal censorship agency, said it had fended off nearly three times as many DDoS attacks in the first quarter of 2024 than in all of 2023, the Russian news website reported Kommersant reported.
Such attacks could also help “support the defensive movements of the Ukrainian army,” said Vasileios Karagiannopoulos, a senior lecturer in cybercrime and cybersecurity at the University of Portsmouth.
They can “help counter attempts at misinformation and facilitate cyberespionage,” he said.
“It also helps to symbolically create an image of vulnerability that can impact the morale of the opponents and in turn boost the morale of Ukrainian troops and civilians,” Karagiannopoulos added.
The Ukrainian government may want to keep its distance from the group
The IT army has an internal team, some of which are experts to believe was taken over by Ukrainian intelligence and the country’s Ministry of Defense.
“The IT army is controlled by the SBU and the Ministry of Defense of Ukraine,” said Soesanto, adding that they receive support from the Ukrainian Ministry of Digital Transformation.
“The volunteers who are in the IT army today don’t know which sites, IP addresses and services they are targeting with a DDoS attack,” he said, adding that it was all “centralized, with a handful of people making the decisions about the targets.”
Ted told BI that “the Department of Defense is not in charge of the IT military, but there is collaboration to ensure that efforts are aligned.”
The Ukrainian Ministry of Defense did not respond to a request for comment from BI about the nature of its relationship with the IT Army.
According to Woodward, the Ukrainian government likely wants to “keep the group at bay.”
“Or at least organize things in such a way that the Ukrainian government can deny the attack if it has unwanted, albeit unintended, consequences,” he added.
One of the biggest risks for police, Karagiannopoulos said, is that volunteers sometimes “do not follow instructions” and “organize their own attacks,” potentially affecting people “in different countries and networks.”
It is also unclear “whether these individuals can be classified as combatants by the Russian military, as they are directly participating in the hostilities,” he added.
Nevertheless, the IT army is a “world first,” Karagiannopoulos continued. “We have an explicit call from government officials for people to join,” but these hackers are not formally part of the Ukrainian military.
This will set a precedent for future conflicts as cyber warfare becomes more common, he added.
Read the original article at Business insider
