A spate of cyber attacks has affected Ukraine’s digital systems since Russia’s invasion began. It soon became clear Russia’s “boots on the ground” approach would be supplemented by a parallel cyber offensive.
Last week Ukraine called on its citizens to take to their keyboards and defend the country against Russia’s cyber threat. At the same time, a campaign was underway among the hacktivist collective Anonymous, calling on its global army of cyber warriors to target Russia.
Who is Anonymous?
Anonymous is a global activist community that has been operating since at least 2008. It brings a potential for significant cyber disruption in the context of Russia’s invasion of Ukraine.
The group has previously claimed responsibility for acts of hacktivism against a wide range of targets, including against big businesses and governments. Anonymous’s activities are often aligned to major events, and the group claims to have an “anti-oppression” agenda.
The collective has no defined structure or leadership. Acts are simply undertaken under the banner “Anonymous”, with some reports of limited rules of engagement being used to guide actions (although these are likely fluid).
As Anonymous is a movement, with no formal legal status or assets, responsibility for actions shifts to individuals. But there remains a fundamental issue of attribution in cyber security incidents, wherein it’s difficult to determine a specific source for any attack.
What are they threatening to do?
On February 16, Anonymous TV posted a video message with a series of recommendations and threats. Leaning on the stereotypical “hacker” image, the masked speaker issues a serious warning to Russia:
If tensions continue to worsen in Ukraine, then we can take hostage […] industrial control systems. Sole party to be blamed if we escalate on that will be the same one who started it in the very first place with troop buildups, childish threats and waves of unreasonable ultimatums.
The attacks have leveraged the same distributed denial of service techniques used in many previous cyber attacks, including attacks on Ukrainian banking and government websites. In such attacks, the attacker knocks targeted websites offline by flooding them with bot traffic.
Further incidents have included the theft and publication of Russian Department of Defence data, which may contain sensitive information useful to fighters in Ukraine. Emails from Belarusian weapons manufacturer Tetraedr and data from the Russian Nuclear Institute have also reportedly been accessed.
It’s too early to determine how useful these data may be. Most of the stolen information will be in Russian, which means translators will be needed to help examine it.
Russian TV channels were also attacked and made to play Ukrainian music and display uncensored news of the conflict from news sources outside Russia.
It’s hard to be certain that Anonymous did carry out the cyber attacks for which it has claimed responsibility. The movement is founded on anonymity, and there are no viable means of verification. But the tactics, targets and theatrics on show are consistent with previous attacks claimed by the group.
Also, even if some attacks are not a direct consequence of Anonymous’s actions, one could argue this doesn’t really matter. Anonymous is all about being perceived as having an impact.
Will it make a difference?
It’s unlikely the cyber attacks claimed by Anonymous will have a significant impact on Russia’s intent or military tactics. That said, these actions could provide key intelligence about specific tactics Russia is using, which would be valuable to the Ukrainians and their allies.
A further benefit is that the impact of the invasion on Ukrainian people is getting more publicity – especially within Russia, where news is significantly censored. This could help counter Russia’s domestic propaganda machine, and present a more balanced view of events.
Cyber attacks will likely continue to escalate on both sides, involving both state and non-state actors. Russia’s National Computer Incident Response and Coordination Center has raised its threat level to “critical”, indicating concerns about Russian infrastructure being targeted through cyber attacks.
Alongside Anonymous, large numbers of Ukrainian cyber professionals have volunteered to assist with Ukraine’s cyber defence. The volunteers are being organised through Telegram channels and other encrypted apps.
Their goals include defending Ukraine’s critical infrastructure, helping the government with cyber espionage, taking down Russian disinformation from the web, and targeting Russian infrastructure, banks and government websites.
But despite reports of some 175,000 joining the cyber army’s Telegram channel, its impact so far remains unclear.