Pro-Ukrainian hackers target Russia following invasion

According to a Financial Times report, Dmitriy Sergeyevich Badin sat atop the FBI’s most wanted list. The Russian government-backed hacker has been suspected of cyber attacks on Germany’s Bundestag and the 2016 Olympics, held in Rio de Janeiro.

A few weeks into Russia’s invasion of Ukraine, his own personal information — including his email and Facebook accounts and passwords, mobile phone number and even passport details — were leaked online.

Another target since the war broke out two months ago has been the All-Russia State Television and Radio Broadcasting Company, known as a voice of the Kremlin and home to Vladimir Solovyov, whose daily TV show amplifies some of the most extreme Russian government propaganda.

On 30 March, almost a million emails spanning 20 years of the broadcaster’s history were leaked on to the internet.

The unveiling of their secrets was part of a widespread assault taking place in cyber space, as Russian companies and government bodies were swarmed by hordes of pro-Ukrainian hackers, many of them new and previously unknown players to cyber security experts.

The result has been hundreds of millions of documents spilling out from targets as varied as Transneft, a huge oil pipeline operator close to the Russian government; Russia’s Ministry of Culture; Belarusian power supplier Elektrotsentrmontazh; and an arm of the Russian Orthodox Church that has backed the war in Ukraine.

According to Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, Russia is being hacked at an unprecedented scale by a lower tier of attacker, and there are tens of terabytes of data 'that’s just falling out of the sky'.

"Historically, [Russia] was being systematically popped by a higher tier — the Five Eyes [intelligence alliance comprising the US, UK, Canada Australia and New Zealand] and Chinese government — but right now, the breadth of leaks is just breathtaking," Guerrero-Saade said.

VIEW ALL

For more than a decade, the Ukrainian government, financial and other systems were pummelled by Russian state-backed hackers. Only in recent years — with the backing of the US government, the intensive training of its own security agencies and the support of a volunteer army of local computer programmers — have Ukrainian defences matched Russian aggression.

Now, Russia itself is being hunted in the cyber arena by pro-Ukraine hackers, opportunistic criminal groups and, as some security researchers suspect, government-backed entities from Western countries.

Some have banded together in relatively simple “denial of service attacks”, which bombard Russian websites with traffic in order to take them down. In response, Russian companies from banks to railway ticketers and media outlets temporarily fenced themselves off the global internet, ensuring their sites could only be accessed from within Russia.

Other hackers have targeted the databases of the Russian government and those close to the Kremlin, stealing decades worth of data, documents and messages and letting them loose into the wild, while boasting of their exploits in the darker corners of the internet.

Estimating the full scale of these attacks is almost impossible. Some of the leaks have emanated from obscure units of the FSB or from secretive companies that are unlikely to publicly decry being hacked.

Lorax B Horne at Distributed Denial of Secrets, a whistleblower news site seen as a successor to WikiLeaks, added the quality and the quantity of datasets being submitted anonymously to the group [have] built into an “avalanche”.

"We've seen more data from Russia that is of higher value than we have seen before," Horne said.

Referring to almost a million emails, Horne further revealed that attachments and files from Petersburg Social Commercial Bank as one example.

"We haven’t seen this before — the variety of data, the amount of different data and groups."

Distributed Denial of Secrets, which has helped uncover corruption and wrongdoing around the world, releases information it deems to have public interest — with the caveat that amid the increased tempo of the Ukraine war, it cannot guarantee the data dumps are not hiding malware or manipulated documents.

According to Yuliana Shemetovets, a US-based spokeswoman for the group, one hack by a Belarusian dissident group called the Cyber Partisans was modelled on the sabotage of Nazi railway lines in the second world war. It combined electronic subterfuge with physical damage to slow freight trains carrying Russian war equipment through Belarus to northern Ukraine in the first days of the invasion.

At one point, the slowdowns in the rail network, which targeted the automatic signalling systems for freight trains and the ticketing system for passengers, were sufficiently widespread that Western intelligence officials credited the disruption with bogging down Russian forces en route to Ukraine’s capital, Kyiv.

The hack had been planned even before the war began, such as by deleting some databases that required railway employees to manually check all freight. The Cyber Partisans subsequently decided to exploit the strategy to help the Ukrainians.

Shemetovets further explained that this was in order to "remind people" that the Belarusian regime of Alexander Lukashenko "is just as bad as Putin’s, and that the Belarusian issue is important, especially if you don’t want tanks on the borders with Poland and Latvia".

The widespread assault on Russian targets has had the unintended result of disturbing a carefully maintained equilibrium between the world's major cyber powers — the US, China and Russia — according to Guy Golan, a former Israeli military intelligence officer.

Golan, who now runs Performanta, a cyber security company, outlined the three countries had for decades penetrated the computer networks behind each other’s civilian infrastructure but had not attempted more widespread disruptions.

The sudden onslaught of cyber assaults on Russia threatens that détente.

"These armies of hackers will be a great story to tell our children years from now, but it is dangerous as hell," Golan said.

"They may think they are doing a heroic thing, but imagine a general in Russia who has to respond to losing water supply to Moscow? Suddenly, that level of equilibrium can be disturbed in a disastrous way."

[Related: Biden signs Better Cybercrime Metrics Act into law]