While Ukrainian soldiers and civilians resist Russia’s horrific invasion on the battlefield, in the streets, and in the skies, an online army uses Telegram chats and Facebook groups to push back against Russia in cyberspace.
It’s called the IT Army of Ukraine and comprises a mix of Ukrainian and international IT professionals, computer enthusiasts, and keyboard warriors who answered the government’s call to arms.
Typically there are two types of operations conducted by the IT Army of Ukraine: distributed denial of service (DDoS) attacks, and social media campaigns targeting brands and influencers.
The former is coordinated through messaging app Telegram on which the IT Army has, at the time of writing, around 302,000 subscribers.
Every day a new list of targets is posted by admins who are working in concert with the government.
“We don’t communicate on the person-to-person level with any one specific person or group, we just put a task into a room, and they execute it,” Deputy Minister for Digital Transformation Oleksandr Bornyakov recently told TechCrunch.
“Just a couple of minutes after, some infrastructures go down. Any infrastructure that we ask them to, they destroy it.”
On Friday it was a specific list of IP addresses and port numbers used by Russian airliner Aeroflot and the Russian National Guard among others.
The next day the IT Army was directed to target websites of 12 oil and gas trading companies.
When four of the websites remained online on Sunday, the channel’s admins encouraged the IT Army to “focus all your efforts on them”.
Inside comments to each post is a mix of responses in English and Ukrainian as would-be volunteers ask for help setting up their own machines to run DDoS attacks, and more experienced operators share their wins as they claim to turn idle computers into malicious web traffic.
Amid the madness typical of a popular chat room are instructions and tools: links to GitHub repositories, advice about running a VPN from a Russian server, and specific advice for configuring DDoS attacks.
Keyboard warriors
Ukraine’s cyber efforts aren’t solely focused on DDoS attacks. Inside the IT Army telegram channel and associated Facebook groups they list petitions for users to sign and begin coordinated social media campaigns aimed at pressuring corporations into halting their business in Russia.
The group already claimed responsibility for boycotts from Visa, Mastercard, and PayPal, and began sicking its thousands of followers onto the social media managers of fast-food chain McDonald’s on Monday.
“Already many international companies have supported us so let's get from the American McDonald's office closing restaurants in the aggressor country,” a Facebook post said.
It included instructions to inundate McDonald’s YouTube videos and Twitter mentions with calls to close Russian stores.
Sure enough, the comments soon flooded in.
“You are feeding the Russian occupiers,” one YouTube comment reads. “And they are committing a bloody massacre of humanity in Ukraine.”
The effectiveness of these social media campaigns is difficult to quantify.
Cyber chaos
Outside the IT Army, known hacker groups have been claiming responsibility for all manner of online infiltration and espionage.
Security firm Check Point Software recently debunked a handful of these claims coming from both pro-Ukraine and pro-Russian so-called hacking groups.
One group posted online to say it hacked a Russian nuclear reactor – but proceeded to share information that was already publicly available.
A pro-Russian group claimed to have brought down the official website of hacking collective Anonymous which, lacking a central authority, doesn’t even have an official website.
Lotem Finkelstein, head of Threat Intelligence at security firm Check Point Software, said there was no shortage of bogus success stories floating around at the moment and that people ought to be skeptical about hacktivist stories.
“For the first time in history anyone can join a war,” he said. “We’re seeing the entire cyber community involved, where many groups and individuals have taken a side, either Russia or Ukraine.
“It’s a lot of cyber chaos. We’re seeing a flood of information from hacktivists making all sorts of claims.
“Many of these claims are fake. Some of these claims are using old or public information. Hacktivists are designing claims of cyber attacks to gain popularity or glory.”