Scenes of the Russo-Ukrainian war dominate the news, and photos of destroyed buildings and military vehicles are scattered all over the internet, but hidden in this network are two teams of hackers, each belonging to one of the two sides of the conflict, on trying several ways to give preference to one side over the other.
But there are some differences that the observer can only see through the balance of power, and U.S. intelligence officials say they believe the hackers working in Russia and Eastern Europe are now divided into at least two camps.
While some, such as the Conte Hacking Group, a ransomware hacker group, have faithfully promised Russian President Vladimir Putin; Others, mostly from Eastern Europe, were offended by the Russian attack and sided with the government of Ukrainian President Volodymyr Zelensky.
The Russians are waiting for the last battle
Russian hackers have been targeting Ukrainian government websites since before the war. In January, they installed “wiper” malware that permanently deletes data from computer networks.
More recently, Russian hackers appear to have launched attacks that could have cut off electricity or disrupted military communications, but many have been thwarted, according to U.S. officials.
He believed that the conflict in Ukraine would begin with large-scale Russian cyber attacks on Kiev’s military command and control, air defense, civilian communications and critical infrastructure networks.
The rationale was that these operations would offer significant military benefits, fall within Russia’s known electronic capabilities, and would not pose a significant threat to the attacker.
While the early hours of the war included a hack by the American communications company Viasat, limited “wiperware” and “widespread denial-of-service” attacks, known as DDoS, the cyber attack The Expected did not come true.
Russian state-backed hackers have also carried out a number of cyberattacks in Ukraine since the start of the war, targeting government agencies, telecommunications infrastructure and utilities. They relied heavily on destructive malware to wipe out data and disrupt the operations of critical infrastructure companies, but they sometimes used burglary and leak tactics.
Much of Russia’s burglary effort has focused on the destruction of critical infrastructure. Last week, Ukrainian officials said they had halted a Russian cyber attack on Ukraine’s power grid that could cut off electricity to two million people. Ukraine’s Security and Intelligence Service said a Russian military intelligence unit was responsible for the attack.
But was this failure of cyber-attacks due to the technical weakness of Russian hackers, or the strength of Ukraine’s infrastructure and Western aid?
Previously, Russian hackers used deadly attacks such as the NotPetya worm in Ukraine, but this attack eventually spread around the world and caused at least $ 10 billion in damage, including within Russia; This may have persuaded Russian President Vladimir Putin not to use similar attacks.
This means that the Russian pirates can save their power for a final battle, which may not be the only victim of the Ukrainian state, which has nothing more to lose, but rather the attack is so devastating that many of the Western protection tower falls force them to sit down and negotiate.
Perhaps Russia will provide the pirates’ card for the last strike, to bring about what its conventional forces could not bring, namely surrender or negotiation.
Ukrainian hackers rely on the media
Ukraine-sympathetic hackers, whether Ukrainians or groups they sympathize with – according to a report in the New York Times – claim to have broken into dozens of Russian institutions over the past two months, including the Kremlin’s internet censor and one of his major intelligence services By leaking emails and internal documents to the public, in a remarkably visible hack-and-leak campaign.
The break-in comes as the Ukrainian government apparently launched a parallel attempt to punish Russia by publishing the names of alleged Russian soldiers who worked at Bucha (the site of the massacre of civilians) and agents of the Russian intelligence agency. .
In early April, Military Intelligence released personal information from Russian soldiers allegedly responsible for war crimes in the Busha suburb, where investigators say Russian forces have launched a campaign of terror against civilians.
The device released identifying information such as birth dates and passport numbers, and it is unclear how the Ukrainian government obtained these names and whether they were part of the hack.
Some data from previous leaks could also be recovered and presented as new, researchers said, in an effort to artificially increase the hackers’ credibility. Or some can be manufactured, something that happened before in the ongoing cyber conflict between Russia and Ukraine, which dates back more than a decade.
It seems that the efforts of the Ukrainian pirates focus on the media and moral aspect, to make the work of Russian spies abroad very difficult, and to sow seeds of fear in the minds of the soldiers that they may be held accountable for human rights violations.
There is good reason to maintain healthy skepticism about the reliability of some leaks, said Dmitri Alperovich, founder of the Silverado Policy Accelerator, a Washington think tank and former chief technology officer of cybersecurity firm CrowdStrike.
But, he added, the hacking campaign “can once again prove that in an era of pervasive cyber intrusion and the generation of massive amounts of digital information by almost everyone, no one is able to hide and acknowledge serious war crimes for long. do not evade. “
Ukrainian Electronic Army
The leaks also show Ukraine’s desire to recruit amateur crackers in its cyber war against Russia. In early March, Ukrainian officials mobilized volunteers for burglary projects, and the Ukrainian government published information about its opponents on official websites.
It also created a channel on the telegram messaging platform, which lists targets for volunteers to hack that have more than 288,000 members.
But the disclosure of personal data is closer to information warfare than to electronic warfare, and it reflects Russia’s tactics in 2016, when hackers backed by a Russian intelligence agency data from the Democratic National Committee and from individuals working on the then US presidential committee. has, stolen and leaked. candidate Hillary Clinton’s campaign. .
These violations are intended to embarrass and influence political outcomes, rather than to destroy equipment or infrastructure.
Ukrainians use ghosts
Experts have warned that the involvement of amateur crackers in the conflict in Ukraine could lead to confusion and incite more state-sponsored piracy, as Russia will try to defend itself and respond to its attackers.
Last Wednesday, the Cyber Security and Infrastructure Security Agency warned that “certain cybercrime groups have recently pledged public support to the Russian government”, and these groups are responsible for previous cybercrimes involving Western actors.
The term “ghost pirates” refers to burglary groups who do not know to which country they belong, nor their true goals. Some of them may be volunteers, and others may be affiliated with certain countries, and one of their goals is to become a dual agent.
The entry of this type of cyber hacker is introducing a new pattern and a new strategy by technologically advanced countries like Russia. This means that this country is under attack and that its target bank will expand to include a wider region and countries on the internet, so that the arena of cyber warfare is larger than the arena of traditional warfare.
Imagine, for example, that the New York subway train stopped due to a fault in computer security devices, or the internet in London slowed down due to an intense attack on service providers.
Of course, all these scenarios are now present on the screens of several professional hackers, who are waiting for the order to launch these attacks to turn the Ukrainian conflict arena into a global war zone.
Therefore, US officials have repeatedly warned US companies that Russia could carry out similar attacks against them, urging them to step up their cyber defenses.
The governments of Australia, Britain, Canada and New Zealand have also issued similar warnings.