Research questions potentially dangerous implications of Ukraines IT Army - CyberScoop
2022-06-22 20:23 (EST) - AJ Vicens
Written by AJ Vicens
The European Union and NATO are not fully grappling with the potential consequences of Ukraines IT Army, a volunteer group that executes cyberattacks on Russian targets, a Center for Security Studies researcher argued Wednesday.
Stefan Soesanto, a senior researcher with the Zurich-based think tank with previous positions at the European Council on Foreign Relations and RANDs Brussels office, wrote in a 32-page paper that the public side of the IT Army serves as a vessel for volunteer distributed denial-of-service attacks on Russian government and private company websites. Such attacks flood a website with fake traffic to knock it offline.
A non-public in-house team likely maintains deep links to or largely consists of the Ukrainian defense and intelligence services, he said.
Taken together, the conduct of both Kyiv and the Ukrainian IT community at large ... has collapsed entire pillars of existing legal frameworks regarding norms and rules for state behaviour in cyberspace and has taken apart the illusion of separating the defense of Ukraine from Ukrainian companies and citizen[s] living abroad.
Western governments treat the IT Army as a collection of random volunteers conducting meaningless DDoS attacks against Russian websites, he argued, and are failing to see the complications the activities raise. For better or worse, continuing to ignore the essence of the IT Army will wreak havoc on the future stability of cyberspace and with it the national security landscape of Europe and beyond. A spokesperson for the U.S. National Security Council did not immediately answer questions about how or if the IT Army activities have been discussed.
The government of Russia which itself is responsible for not only the brutal military assault on Ukraine but also a plethora of cyberattacks, hacking campaigns and influence operations on targets in Ukraine and around the world in support of its war has said the IT Armys actions are part of a cyberwar waged by the U.S. and other NATO experts and often border on terrorism.
The IT Army emerged in the days after Russia launched its military assault on Ukraine, as the countrys government and private sector cybersecurity officials called on volunteers to help in any way they could. Mykhailo Fedorov, Ukraines minister of digital transformation, tweeted Feb. 26 that We need digital talents, and linked to a Telegram channel were tasks would be given out.
In the months since the effort has been active, its Telegram channel has listed at least 662 Russian targets for potential DDoS attacks, Soesanto wrote, while also carrying out non-public attacks that show at least some coordination or cooperation with intelligence services. He points to the early-March hack and defacement of Gazprom , a Russian state-owned energy company as one of several examples.
Over time, Soesanto notes, Fedorov and other parts of the Ukrainian government have, at least publicly, kept a distance from the IT Army. Earlier this month, after an inquiry from CyberScoop regarding the FBI takedown of a one-time IT Army partner accused of facilitating DDoS attacks, a spokesperson for Fedorovs ministry said the ministry doesnt represent [IT Army] but that we are partners and have the one enemy.
The spokesperson did not respond to a request for comment about Soesantos conclusions.
Victor Zhora, the deputy chairman of the State Service of Special Communications and Information Protection of Ukraine the agency responsible for cyberdefense in Ukraine told reporters in March he was grateful for IT Army volunteers cyber-activities. Zhora has consistently said that his agency has nothing to do with the IT Army activity or any offensive operations, and a spokesperson for his agency did not respond to a request for comment Wednesday.
Some observers note that Ukrainians are defending themselves however they can, and sometimes problems come from that.
For Ukrainians, it is their war, and weapons in their arsenal may include cyber capabilities, said Alex Holden, the founder of Hold Security. However, like any army there may be corruption, atrocities and marauders. Plus, participation from citizens of other countries may drag their respective countries into the war.
Holden added that this not the first time cyberwarfare is a part of a war, but this is the most significant instance that may define future rules of engagement in cyber wars.
Soesanto who as part of the research process reviewed public websites, Twitter posts, media articles and reviewed hundreds of Telegram channels and chats where IT Army activities are planned closed his paper with a series of open questions, particularly for private companies whose technology wittingly or unwittingly enables IT Army activity, such as Google, Cloudflare, Microsofts GitHub, Clearview, Starlink and others.
