In Ukraine, hacktivists fight back with data leaks

The video opens with 3D-rendered text and Guy Fawkes masks flickering over images of street protest.

Greetings, world! A distorted voice says we are Anonymous.

The video was shared to 7.8 million followers of YourAnonNews on the social networking site, and was cited as the moment that Anonymous declared war on Russia. A lot of internet bystanders were getting ready to make trouble for Russia, and they were going to use the mantle of Anonymous to do it.

It hasn't materialized for reasons that are difficult to pin down, but many expected a more organized cyber-offensive from Russia. The reality has been chaotic. Smaller incidents are more favorable for Ukraine, but they are qualitatively different from military operations. The consequences of the Anonymous campaign are hard to predict, but they have been quietly running in the background.

On February 26th, Mykhailo Fedorov, who is also minister for digital transformation, announced the creation of a volunteer-led cyber army.

The cyber volunteers were in a new area. More than 300,000 people have joined the so-called IT Army through a Telegram channel, which was both distributed and centrally directed to plot a new line between hacking and digital activism. The IT Army embarked on a new kind of cyberwarfare, but Anonymous's #OpRussia was more chaotic.

The IT Army has used a variety of tactics, but the most important one has been stealing data. In one case, groups operating under the names Anonymous Liberland and the Pwn-Bär Hack Team obtained over 200GB of emails from a defense weapons manufacturer, which have been made available through a leak website.

A hacking group leaked files online that appeared to include descriptions of lunar missions, after breaching a website belonging to Russia's Space Research Institute. A group called Against The West, which was previously known for leaking data from the Chinese Communist Party, released a trove of files purportedly obtained from an energy company.

The Federal Service for Supervision of Communications, Information Technology, and Mass Media, or Russia's primary censorship agency, was the subject of a major leak on March 10th. The leaking of the data is a serious embarrassment to the agency and could be more damaging if the information is accurate.

Hacktivist groups aligned with Ukraine have been leaking information against Russian targets in order to strike blows against Russia. It is hard to contain and there may be consequences if this information is released. DarkOwl, a dark web intelligence company, is one organization that has been tracking data leaks tied to the Ukraine invasion. A DarkOwl analyst told The Verge that information contained in corporate leaks could be valuable for spearphishing or surveilling.

You have sensitive corporate information here. The analyst said that there were also photographs andScreenshots that have been taken. It can be used in more strategic espionage activity by a nation state actor in the future.

Many of the leaks contain large volumes of information about companies and their clients, most of which are ordinary Russians with little connection to the elite interests that have waged the war. That information could endanger them.

The flurry of action that we see right now is basically to vandalize and create as much chaos as possible. A lot of innocent Russian people may be targeted by default because of the anger.

It is harder to verify what is happening at a given moment because of the amateur nature of hacktivist support for Ukraine. In one case, an Anonymous info channel claimed that an affiliated group had shut down the main control system for Russian satellites; in another, a group that claimed to have hacked into the cameras inside of a shopping mall.

Other plausible hacks have been hard to confirm. On February 26th, some social media users shared footage that allegedly showed Russian TV channels hacked to broadcast pro-Ukrainian messages and inform watchers of the truth about the Ukraine invasion. The news media in Russia is heavilycensored, even more so after Putin signed a fake news law that could lead to up to 15 years in prison for people who spread information about Russian war losses.

Fowler's research partner had observed a hijacked Russian TV broadcast and it was possible that it had happened many more times. When researching Russian media agencies, Fowler found that they had file systems that were easy to change.

Fowler said you could take a video of some of the war footage. The audience is going to see something else when the software pulls from that source. The system knows the file has the same name.

Someone hacked into Russian state TV channels. They feature Ukrainian music and national symbols.



Internet users suspect that this may be another action by the hacker group #Anonymous, which declared a cyber war to Russia in connection with the attack on #Ukraine. pic.twitter.com/XaoclymVTs

— BECZKA ✌️ (@beczka_tv) February 26, 2022

Fowler said that he had seen evidence of numerous Russian company databases that had been accessed by outsiders, with data deleted, or files rewritten to say "stop this war" Fowler said that there was no way to know who had access to the databases.

Jon Clay, vice president of threat intelligence at Trend Micro, said that some people who support Ukraine may be involved in criminal activity.

Clay said that a lot of these cyber patriots may be part of a cybercriminal group. It's going to be difficult to draw the line because they can quickly pivot to the cybercrime component of their business.

Clay said that groups involved in pro-Ukraine hacks could implant back doors into computer systems that they could reactivate for future exploits, with stealthier actors able to remain undetected for months or even years. He said that these groups might sell user data for profit.

There is a possibility that some of the most sophisticated cyber threat actors are operating under cover of hacktivism, if the battlefield is still blanketed in what has been called the fog of cyberwar.

Costin Raiu, the director of global research and analysis at Kaspersky, said in a Thursday seminar that some cyber activity in Ukraine had the hallmark of an Advanced Persistent Threat group.

It's very dangerous for people when you can't see the invading forces.

Civilians aren't prepared to do that effectively.