Ukraine Wants Volunteers for Its anti-Putin Hacker Army. Don't Join

Unless you’re an experienced hacker, answering Ukraine’s digital cry for arms is a bad idea and may actually turn you into a Russian target

רן בר זיק - צרובה
Ran Bar-Zik
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Pro-Ukrainian forces outside of Kiev. Many are answering Ukraine's call for help, including online, with many hacktivists joining the Ukrainian call for cyber attacks on Russia.
Pro-Ukrainian forces outside of Kiev last week. Many are answering Ukraine's call for help, including online, with many hacktivists joining the Ukrainian call for cyber attacks on Russia. Credit: POOL/Reuters
רן בר זיק - צרובה
Ran Bar-Zik

Ahead of its ground invasion of Ukraine, Russia launched a cyber prestrike with the hopes of disrupting Ukrainian infrastructure and various other vital systems.

Russia, a known cyber force, has been honing its digital skills for years, and neighboring Ukraine is at a disadvantage in this arena. But just as countries and even individuals volunteered to help, so did people from the fields of cyber, information security and even hackers, who rallied around the Ukrainian flag by launching initiatives of their own. The hacker group Anonymous, despite its dubious reputation, joined the fighting almost immediately. It reported various successes, but as usual when it comes to Anonymous, not all are verified and it is hard to sort digital fact from fiction.

Ukraine also issued a call to arms of its own: digital minister and deputy prime minister Mykailo Fyodorov called on people with background in IT to fight for Ukraine in the cyber arena. On social messaging platforms like Telegram, official Ukrainian channels published a bank of Russian targets. Those answering the call began targeting the Russian sites on the list - including trade, financial and infrastructure sites.

List of Russian sites published as a target bank on Ukrainian Telegram groups for volunteer hackers Credit: Screen capture

Minutes after the list’s release, most of the sites on the listed ceased to function. The reason: there was worldwide mobilization and these attacks are easy to carry out and are not especially sophisticated hacks. They are what is termed denial of service attacks - in which a website is flooded with requests and traffic, causing it to fall. All they require is prior coordination and when the targeted server is overloaded it simply collapses.

This is a simple, effective move that is hard to thwart, at least when the attackers are experienced data security people who know how to conceal their moves. However, when less experienced people join, they risk exposing their details to the target and endanger themselves further down the line.

For example, let’s take a look at the site Play for Ukraine. Users are invited to play a game, and while they do so, their movements send out data to different Russian targets. At face value, this sounds wonderful: A simple and enjoyable way to attack Russia. There are quite a few other sites promising automated attacks against Russia. But in fact, no one can assure us that the site is really attacking Russian sites, and most of the people using it lack the technical knowledge to verify that. They could find themselves, for example, attacking legitimate sites or even Ukrainian targets, unknowingly.

Sites like Play for Ukraine aim to automate DDoS attacks on Russia. But participating may put you at riskCredit: Screen capture

More importantly, perhaps, is the risk it poses for those who think they are helping. People who use such sites expose themselves to the sites they attack and to the Russian government. If user participate in such attack websites from their work computer, there’s a chance the company they work for, especially if it’s multinational, will find out and will most likely not approve of it and may even sanction workers misusing corporate computers for political ends. In view of Russia’s precarious public status this seems unlikely. However, it’s certainly possible that after the war, the victims of these attacks will try to take measures against the sources of attacks they identified.

This has happened before. In September 2010 Anonymous declared a payback campaign against organizations that were cracking down on pirated content. Individuals were asked to download software called Low Orbit Ion Cannon, which offered the same basic service as Play for Ukraine, allowing nonhackers to easily participate in a DDoS attack. But some of those who downloaded the program and wanted to aid a worthy cause, found themselves becoming targets: The attacked companies filed criminal charges and civil suits against Americans and others around the world who had participated in the attacks against them.

Alongside the threat of Russian retribution, the legal concern is no small issue. Though the long arm of Israeli law – at least in digital matters – is not so long as to deter hackers, it’s not at all certain that current automated attacks target only Russian sites, and local and legitimate sites who can be protected by local authorities may get caught up in the digital crossfire. Even if such attacks do target Russian sites, these may be using joint and foreign infrastructure, like Amazon, for example, which could lead to trouble with them or with local law.

So if you don’t know what you’re doing, it’s better to avoid sites offering to participate in automatic denial of service attacks.

Click the alert icon to follow topics:

Comments

SUBSCRIBERS JOIN THE CONVERSATION FASTER

Automatic approval of subscriber comments.
From $1 for the first month

SUBSCRIBE
Already signed up? LOG IN

ICYMI

Charles Lindbergh addressing an America First Committee rally on October 3, 1941.

Ken Burns’ Brilliant ‘The U.S. and the Holocaust’ Has Only One Problem

The projected rise in sea level on a beach in Haifa over the next 30 years.

Facing Rapid Rise in Sea Levels, Israel Could Lose Large Parts of Its Coastline by 2050

Prime Minister Yair Lapid, this month.

Lapid to Haaretz: ‘I Have Learned to Respect the Left’

“Dubi,” whose full name is secret in keeping with instructions from the Mossad.

The Mossad’s Fateful 48 Hours Before the Yom Kippur War

Tal Dilian.

As Israel Reins in Its Cyberarms Industry, an Ex-intel Officer Is Building a New Empire

Queen Elizabeth II, King Charles III and a British synagogue.

How the Queen’s Death Changes British Jewry’s Most Distinctive Prayer