Volunteer hackers have been a major source of manpower for Ukraine in its cyber war against Russia.
Robin* remembers the start of Russia’s invasion of Ukraine very clearly. “It was like watching Hitler’s invasion of Poland live on television,” they said.
The head of cybersecurity at a major company in Stockholm, Robin had a deeply-rooted suspicion of Russia and a particular set of skills they wanted to put to use to help Ukraine.
In the months since the invasion, the Swede joined the ranks of a large guerrilla network of global hackers who are taking on Russia from their keyboards. Due to the illegal nature of their actions, they spoke to Euronews Next on the condition of anonymity.
Robin’s involvement began on Signal, an encrypted messaging app. They were added to several Signal groups that gathered highly-skilled cybersecurity professionals in Europe to discuss the cyber developments in the unfolding war.
But when the invasion took place, Robin wanted to do more than talk.
“For me, that was important; knowing that through all this until now, I have done something,” they told Euronews Next, looking back on their actions earlier this year.
“Whatever happens, even if we go into nuclear winter, I know I tried something to help”.
As a penetration tester, someone who is hired to test system vulnerabilities by hacking into them directly, Robin said they wanted to take direct action against Russia in the wake of the invasion.
“I noticed someone in one of these groups wrote something oddly specific, so it seemed clear they had connections to Ukraine,” Robin said.
“I decided to just go for it and posted that I’m willing to do something offensive, and asked if anyone is doing anything offensive in here”.
Shortly after, they were contacted by a person known only as “PR,”* who wanted to get a sense of what kind of skills Robin could bring to the table.
Paranoia, vetting, and first targets
“My immediate concern was that this might be a Russian spy,” Robin said. “So, I reached out to a few Swedish cybersecurity specialists I knew and they both said they knew this person and that this was legit”.
They found out PR was a prominent Ukrainian security researcher specialised in Industrial Control Systems, the digital devices that control critical infrastructure, manufacturing, and industry.
I don’t think Russia as a whole was prepared for the idea that they would become a cyber training range for every hacker in the world once they started this invasion.
Robin*
Swedish cybersecurity specialist who attacked Russian cyber targets
The vetting went both ways. PR asked Robin questions about their background (ex-military, offensive cyber operations), what skills they had (hacking, security) and what sectors they were familiar with (telecoms).
Once they were both satisfied, PR sent Robin a message: “Can you sabotage systems?”
Hackers can get into computer systems relatively easily through a weakness in a file sharing programme run on Windows operating systems, Robin says.
So, the first thing they did was start targeting Russian IP addresses through this vulnerability and deleting everything they could find.
“It was broad spectrum, like a trawling net,” Robin said.
“I had several scripts running that would delete everything and leave just one text file, saying something like ‘you might not support this war but this will keep happening until you stop your dictator'”.
Many times, Robin says, the Russian systems had already been wiped by another hacker who had gotten there first, breadcrumbs indicating the flurry of cyber activity sparked by Russia’s invasion.
A cyberstorm brewing
The spike in cyberattacks against Russia was condemned in a rare Anweisung in April by the Russian Foreign Ministry, which said it observed hundreds of thousands of weekly attacks coming mainly from North America, EU member states, and Ukraine.
It accused the West of supporting the attackers and warned them against “flirting with the hacker community”.
“Whoever sows the cyberwind will reap the cyberstorm,” the statement read.
Around the same time, Microsoft’s Digital Security Unit released a Bericht detailing multiple cyber operations Russian government hackers carried out against Ukraine up to a year before the ground invasion began.
From February 27 to April 8, Microsoft’s researchers found evidence of “nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine”.
It’s not unusual for Russia to use destructive cyberattacks against its enemies. While tracing individual cyberattacks to a state actor is nearly impossible, a 2007 cyberattack by Russian hackers against Estonia is widely recognised as the first instance of a cyber weapon being used by one state actor against another.
In recent years, Russian hackers were also widely suspected of being behind efforts to disrupt elections in Western countries including the United States, Germany, and France.
‘Delay and create chaos’ in Russia
Robin’s second task was more specific and strategic. PR said there was an operation to stop Russia from using its state-owned railway to transport equipment to the frontlines.
“We need to interrupt their business processes and prevent them from using railways,” PR wrote in a message on February 28, seen by Euronews Next. “The goal would be intrusion and wiping out internal IT infrastructure”.
Whatever happens, even if we go into nuclear winter, I know I tried something to help.
Robin*
Swedish cybersecurity specialist who attacked Russian cyber targets
PR sent Robin a comprehensive file on Russian Railways, with information exposing owners, IP addresses, locations of data centres, and more. Every time Robin got access to an admin system, they would drop the database, and subsequently, delete any files on the system.
“This was just to delay and create chaos,” Robin says. “It would never stop the invasion, but it would delay and make it harder”.
Robin says they never got any feedback on the result of these tasks from PR or their Ukrainian contacts. But around this time, videos began emerging on social media showing Russia’s military struggling to restock their ammunition and fuel, which Robin hoped could have been partly due to their actions.
“I don’t know how many it helped, if it helped,” Robin said. “Maybe delaying that railway another month gave civilians another window to get out. That’s enough for me”.
Overestimating Russia
As Robin continued receiving tasks from PR, from gathering information on Russia logistical companies to cracking surveillance cameras to give Ukrainian forces more eyes in occupied territories, they said they were surprised to find how easy it was to get into Russian systems.
“I don’t think Russia as a whole was prepared for the idea that they would become a cyber training range for every hacker in the world once they started this invasion,” Robin said.
“Everything was so undefended, so open. And that was strange because cyber warfare has been going on for so long”.
Since the start of the invasion, pundits and commentators have repeatedly overestimated Russian capabilities on and off the battlefield.
“It’s one of the big lessons of the war in Ukraine,” said James Lewis, Senior Vice President and Director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS). “The Russians aren’t as competent as we thought”.
But in overestimating Russia, the West also underestimated Ukraine, and all the lessons Kyiv has learned over years of dealing with its hostile neighbour.
https://www.euronews.com/next/2022/11/13/even-if-we-go-into-nuclear-winter-i-know-i-tried-to-help-a-volunteer-hacker-on-waging-cybe
