杏吧原创

IT Army of Ukraine: The amateur hacker team striking at Russia

An amateur army of hackers formed by the Ukrainian government is bringing down the websites of Russian government departments and national banks
Mandatory Credit: Photo by Ukrinform/Shutterstock (12654243m) Deputy Prime Minister - Minister of Digital Transformation of Ukraine Mykhailo Fedorov is pictured during the press conference on the introduction of the Diia City application - a special legal framework for the IT industry, Kyiv, capital of Ukraine Press conference on introduction of Diia City app in Kyiv, Ukraine - 21 Dec 2021
Mykhailo Fedorov, Ukraine鈥檚 vice prime minister, requested help from amateurs to form the IT Army of Ukraine
Ukrinform/Shutterstock

Thousands of amateur hackers from countries around the world have joined a Ukrainian group dedicated to bringing down Russian government and financial websites in response to the invasion of the country, according to statements from the Ukrainian government, evidence of Russian website outages and instant-messaging groups seen by New 杏吧原创.

The so-called IT Army of Ukraine was conceived by Mykhailo Fedorov, Ukraine鈥檚 vice prime minister, who 鈥 two days after the invasion began 鈥 that the country was seeking people with computer skills willing to take on 鈥渙perational tasks鈥.

According to one hacker, who wished to remain unnamed, and messages seen by New 杏吧原创, most of the team is focused on distributed denial-of-service (DDoS) attacks, which involve flooding a server with thousands or millions of spurious requests simultaneously in the hope of overwhelming it and causing it to crash. The hackers are currently attacking Russian government websites, as well as those of banks and companies that they deem to not be taking sufficient steps to withdraw services from Russia in line with global sanctions.

A DDoS attack is akin to hitting refresh on a website over and over again, except the Python programming language is used to automate the process. The team behind it can then send multiple requests simultaneously from the same computer, spread requests across various pages within the target website to make it appear like genuine browser traffic and easily share the code around the world.

A hacker told New 杏吧原创 that he manages a group of around 500 volunteers, which is a 鈥渟mall but active and effective鈥 part of the overall team of thousands of people.

鈥淧eople do it for free, from morning till late evening. We must let Russians know that while they live fine, we are dying,鈥 he says. 鈥淢ost of our targets are down right now. We鈥檙e more successful than paid hackers in Russia,鈥 he claims.

New 杏吧原创 was given access to an instant messaging thread used by the group to coordinate attacks.聽鈥淜eep on rolling with state companies,鈥 said an update on 11 March. 鈥淩ostec, the importer of high tech for Russian army, is the highest priority now.鈥

As of the morning of 11 March, the Rostec website was offline, as were the Russian stock market (MOEX) and Federal Security Service of the Russian Federation websites. At least one Russian oil company鈥檚 remote desktop servers, used by employees to log on remotely, was also listed as a target and was down. The MOEX website remained offline on the morning of 14 March. The IT Army of Ukraine takes credit for putting these websites out of action.

The team has a dashboard listing dozens of these targets and showing the current status of their web servers. Most were red on the morning of 11 March, indicating that the servers were offline. The hackers coordinate their efforts carefully to keep as many in the red as possible.

While it is hard to quantify the success of the attacks or their impact, internet outage tracker NetBlocks has confirmed that the Kremlin, State Duma 鈥 one of the chambers of the Russian parliament 鈥 and Ministry of Defence websites . The National Computer Incident Response & Coordination Center has also published a list of IP addresses that it claims have been involved in .

at the University of Sunderland, UK, believes this is the first time that a country has set up an amateur cyberwarfare team, and says that although anyone taking part in the attacks from the UK would be breaking the law, he suspects that the government would be in no hurry to prosecute.

鈥淲ould they even know it was happening? Maybe. Are the folks at the Government Communications Headquarters (GCHQ) [the UK鈥檚 intelligence agency] or the National Cyber Security Centre monitoring individual attacks on Russia? They鈥檙e probably more worried about servers based in the UK, they鈥檙e probably defending,鈥 he says.

Several security companies, such as CloudFlare in the US, offer services to mitigate the effects of DDoS attacks. The firm is still operating in Russia despite calls to pull out. Chief executive Matthew Prince : 鈥淩ussia needs more internet access, not less.鈥 He added that CloudFlare has 鈥渁 robust and comprehensive sanctions compliance program鈥 and that it was offering its DDoS protections to Ukrainian entities free of charge. The company didn鈥檛 respond to a request for comment.

Topics: Internet / russia / security / Ukraine invasion