“Pirates are ghosts” and “mop” programs may turn the Russian-Ukrainian conflict into a global cyber war

Scenes of the Russian-Ukrainian war dominate the news, and pictures of destroyed buildings and military vehicles are scattered all over the Internet, but hidden in this network, two teams of hackers, each belonging to one of the two sides of the conflict, are trying in various ways to give preference to one side over the other.

But there are some differences that the observer can only see through the balance of power, and US intelligence officials say they believe that the hackers working in Russia and Eastern Europe are now divided into at least two camps.

While some, such as the Conte Hacking Group, a ransomware hacking group, have pledged allegiance to Russian President Vladimir Putin;

Others, mostly from Eastern Europe, were offended by the Russian attack and sided with the government of Ukrainian President Volodymyr Zelensky.

The Russians are waiting for the last battle

Russian hackers have targeted Ukrainian government websites from before the war.

In January, they installed "wiper" malware that permanently erases data from computer networks.

More recently, it appears that Russian hackers have launched attacks that could have cut off electricity or cut military communications, but many have been thwarted, according to US officials.

Russian hackers targeted Ukrainian government websites before the war (Reuters)

He believed that the conflict in Ukraine would begin with large-scale Russian cyberattacks on Kyiv's military command and control, air defense, civilian communications, and critical infrastructure networks.

The rationale was that these operations would provide significant military advantages, fall within Russia's known electronic capabilities, and would not pose a significant threat to the attacker.

While the early hours of the war included a hack of US communications company Viasat, limited "wiperware" and "distributed denial-of-service" attacks, known as DDoS, the cyberattack The expected was not fulfilled.

Russian state-backed hackers have also carried out a number of cyber attacks in Ukraine since the war began, targeting government agencies, telecommunications infrastructure, and utility companies.

They have largely relied on destructive malware to erase data and disrupt the operations of critical infrastructure companies, but they have occasionally used hacking and leakage tactics.

Much of Russia's hacking effort has focused on destroying critical infrastructure.

Last week, Ukrainian officials said they had halted a Russian cyberattack on Ukraine's power grid that could have cut off electricity to two million people. Ukraine's Security and Intelligence Service said a Russian military intelligence unit was responsible for the attack.

But was this failure of cyber-attacks due to the technical weakness of Russian hackers, or the strength of Ukraine's infrastructure and Western aid?

Previously, Russian hackers used lethal attacks like the NotPetya worm in Ukraine, but this attack eventually spread around the world and caused at least $10 billion in damages including inside Russia;

This may have persuaded Russian President Vladimir Putin not to use similar attacks.

This means that the Russian pirates may save their strength for a last battle, which may not be the only victim of the Ukrainian state, which has nothing left to lose, but rather the attack is so devastating that many of the Western protection towers fall to force them to sit down and negotiate.

Perhaps Russia will provide the pirates' card for the last strike, to bring what its conventional forces could not bring, namely surrender or negotiation.

Russian hackers may save their strength for a final battle, in which the Ukrainian state may not be the only victim (Getty Images)

Ukrainian hackers rely on the media

Ukraine-sympathetic hackers, whether they are Ukrainians or groups sympathetic to them - according to a report in the New York Times - claim to have broken into dozens of Russian institutions over the past two months, including the Kremlin's internet censor and one of its main intelligence services. By leaking emails and internal documents to the public, in a remarkably visible hack and leak campaign.

The hacking comes as the Ukrainian government appears to have launched a parallel effort to punish Russia, by publishing the names of alleged Russian soldiers who worked at Bucha (the site of the massacre of civilians) and agents of the Russian intelligence agency.

In early April, the Military Intelligence released personal information of Russian soldiers allegedly responsible for war crimes in the Busha suburb, where investigators say Russian forces launched a campaign of terror against civilians.

The device released identifying information such as dates of birth and passport numbers, and it is unclear how the Ukrainian government obtained these names and whether they were part of the hack.

Some data from previous leaks may also be recycled and presented as new, researchers said, in an attempt to artificially increase the hackers' credibility.

Or some could be manufactured, something that has happened before in the ongoing cyber conflict between Russia and Ukraine, which dates back more than a decade.

It seems that the efforts of the Ukrainian pirates focus on the media and moral aspect, to make the work of Russian spies abroad very difficult, and to sow seeds of fear in the minds of the soldiers that they might be held accountable for violating human rights.

There is good reason to maintain healthy skepticism about the reliability of some leaks, said Dmitri Alperovich, founder of the Silverado Policy Accelerator, a Washington think tank and former chief technology officer of cybersecurity firm CrowdStrike. .

But, he added, the hacking campaign "may prove once again that in an age of pervasive cyber intrusions and the generation of massive amounts of digital information by almost everyone, no one is able to hide and evade recognition of egregious war crimes for long."

"Ghost hackers" are a name given to hacking groups whose true goals are unknown (Getty Images)

Ukrainian Electronic Army

The leaks also show Ukraine's desire to rally amateur hackers in its cyberwar against Russia.

In early March, Ukrainian officials mobilized volunteers for hacking projects, and the Ukrainian government was publishing information about its opponents on official websites.

It also created a channel on the messaging platform Telegram, which lists targets for volunteers to hack that has more than 288,000 members.

But the disclosure of personal data is closer to information warfare than to electronic warfare, and it mirrors Russia’s tactics in 2016, when hackers backed by a Russian intelligence agency stole and leaked data from the Democratic National Committee and from individuals working on then-US presidential candidate Hillary Clinton’s campaign. .

These breaches are intended to embarrass and affect political outcomes, rather than destroy equipment or infrastructure.

Ukrainians use ghosts

Experts have warned that the involvement of amateur hackers in the conflict in Ukraine could lead to confusion and incite more state-backed piracy, as Russia will seek to defend itself and respond to its attackers.

Last Wednesday, the Cybersecurity and Infrastructure Security Agency warned that "certain cybercrime groups have recently publicly pledged support to the Russian government", and these groups are responsible for previous cybercrimes involving Western actors.

The term "ghost pirates" refers to hacking groups that do not know which country they belong to, nor their true goals. Some of them may be volunteers, and others may be affiliated with certain countries, and one of their goals is to be a double agent.

The entry of this type of hacker imposes a new pattern and a new strategy by technologically advanced countries such as Russia. It means that this country is under attack and that its target bank will expand to include a wider region and countries on the Internet, so that the arena of cyber war is larger than the arena of traditional war.

Imagine, for example, that the New York subway stopped due to a malfunction in computer security devices, or the Internet in London slowed due to an intense attack on service providers.

Of course, all these scenarios are now present on the screens of several professional hackers, who are waiting for the order to launch these attacks to turn the Ukrainian conflict arena into a global war zone.

Therefore, US officials have repeatedly warned US companies that Russia may carry out similar attacks against them, urging them to tighten their cyber defenses.

The governments of Australia, Britain, Canada and New Zealand also issued similar warnings.