"Identities are known, we must detain": how the "Ukrainian Cyber Alliance" is waging war with Russia with the help of the SBU

According to Russian cybersecurity specialists of the Internet Search company, the Ukrainian Cyber Alliance group began to be formed in 2015.

According to the information provided by them, the alliance was formed as a result of the merger of several independent hacker associations - FalconsFlame, Trinity, RUH8 and CyberHunta.

Now the group is credited with dozens of successful hacks and Internet attacks on the websites of Russian departments and critical infrastructure facilities, as well as the theft of databases with personal information of Russians.

Experts believe that the "Ukrainian Cyber Alliance" was created with the direct participation of the special services of Ukraine. It was supervised, presumably, by an SBU officer Dmitry Zolotukhin.

Also on the russian.rt.com Hackers RaHDit told about the service of the accused in the murder of Dugina Vovk in the National Guard of Ukraine

Open sources mention that since 2009 Zolotukhin has been engaged in information wars and competitive intelligence. Later, he was assigned the direction of cyber intelligence.

In 2017, he was appointed Deputy Minister of Information Policy of Ukraine. According to some reports, now Zolotukhin lives in the UK. Whether he cooperates with the SBU so far is unknown.

Coming out of the shadows

"Ukrainian Cyber Alliance" existed behind the scenes and received the official status of a well-known organization only in 2019, the founder and owner of the company "Internet Search" Igor Bederov told RT.

The central office of the "Ukrainian Cyber Alliance", according to an extract from the Unified State Register of Ukraine, is located on the outskirts of Kyiv, at vasyl Zhukovsky Lane, 15, building 3.

However, according to the interlocutor of RT, this address can be used by hackers nominally - only to obtain registration: in addition to hackers, in this low-rise, small building there are more than 40 other organizations.

The founders of the cyber group, according to experts, were Artem Karpinsky, Andrei Baranovich and Alexander Galushchenko. According to an extract from the Unified State Register of Ukraine, Galushchenko is the owner and founder of a number of other firms and commercial organizations related to the IT sphere, including commercial ones. He began to engage in this business before 2014.

Andrei Baranovich openly calls himself a "press secretary of CyberAlliance" and is responsible for community PR.

Also on the russian.rt.com "Huge Database": why Russian special services suspect e-mail services of aiding the Armed Forces of Ukraine

Pirates of the XXI century

The head of the "Internet Search" Bederov told RT how the relationship of hackers with the state is formed and on what basis.

The main directions in the work of the "Ukrainian Cyber Alliance", in his opinion, are: search and theft of databases from foreign state and commercial organizations, hacking of security systems of critical infrastructure facilities, attacks on information sites, search and theft of personal data and personal information of individual citizens, as well as consulting services and training of employees of law enforcement agencies of Ukraine.

But this is only the work that hackers perform on the order of the law enforcement agencies of Ukraine, the expert explained. According to him, the group is self-sufficient, earns on ordinary crime and not only provides security forces with its services, but also shares with them criminally acquired income.

"As experience shows, the interaction of hackers and the state occurs amicably. Hackers are allowed, for example, to carry out attacks with the aim of stealing money, hacking banking institutions, mass fraud, data encryption and extortion. And the state turns a blind eye to this, "says the founder of Internet Search.

Individual curators charge hackers money for this service. At the same time, it is argued that they solve important tasks in the information field.

According to Bederov, there are no more than twenty programmers and hackers who are engaged in professional work in Cyberalliance. Basically, these are hackers of the old school: they are now on average 40-45 years old and all their names are known. This is confirmed by Baranovich himself.

"I will not name the exact number of regular participants, but there were not very many of them: plus or minus ten people. We have not accepted and do not accept any foreign assistance. I never set out to find out who the other participants were. I know more about some, I know less about some. Basically, these are technical specialists. Such questions are generally not customary to ask: you know less - you sleep better, "the press secretary of Cyberalliance said in 2021.

Generation of Cyber Anarchy

According to The Internet Search, Baranovich is also involved in other hacker groups. Disguised as a SeanTownsend profile, he administers the Telegram channel of the C.A.S hacker group (Cyber.Anarchy.Squad). This is a relatively new community that joined CyberAlliance after the CBO began.

Representatives of this group are much younger than their eminent colleagues, but already have the necessary skills and experience. They specialize in hacking the databases of Russian departments and large commercial companies.

Now Russian IT specialists are engaged in establishing the identities of hackers of the C.A.S. group and collecting evidence of their involvement in specific crimes. The results are already there, but while the investigation is ongoing, they are not disclosed.

Also on the russian.rt.com Ransomware on outsourcing: how cybercrimes in Russia are connected with Ukrainian special services

Starting in 2022, it was C.A.S that began to take responsibility for hacks and attacks on a variety of Russian commercial companies and government agencies. The results of the attacks are published in their Telegram channel. If you believe these data, only in 2023 the hackers of this group contributed to the leakage of personal data in a number of large Russian companies.

Overseas interest

At the same time, the hackers of the "Ukrainian Cyber Alliance" behave more secretively. They stopped releasing the results of their attacks back in 2018. According to Bederov, this is due to the fact that their names are known to everyone, and they do not want to take on these cybercrimes in order not to be responsible for them in the future.

Before the beginning of the SVO, the relationship between hackers and security forces was of a completely different nature: the SBU and the Ministry of Internal Affairs of Ukraine periodically exerted pressure on the group. So, in February 2020, the SBU conducted searches at the leaders of the association, they were charged with hacking the information system of the Odessa airport.

It was about the events of October 2019, when on the central scoreboard of the air harbor, unknown persons posted an image of the Swedish activist Greta Thunberg, accompanying it with obscene expressions in English addressed to her.

During this scandal, accompanied by the arrest of the personal IT equipment of a number of leaders of CyberAlliance, it became known about the consulting services that hackers provided to the security forces. This was stated in the Ukrainian press by Oleksandr Galushchenko.

As a result, none of the suspects was brought to justice, the case quickly fell apart, and a few months later Galushchenko officially became the leading inspector of the National Coordination Center for Cybersecurity of the NSDC of Ukraine.

Also on the russian.rt.com "I write against the SBU": French journalist Laurent Bryard about his work

It is noteworthy that Galushchenko, contrary to the established world tradition, himself sought interaction with the power structures of his country. Since at least 2014, he has repeatedly proposed his own developments in the field of security of the Armed Forces of Ukraine and the Security Service of Ukraine. He himself stated this in an interview with the press.

In particular, Galushchenko boasted that he had created a so-called WiFi monitor, with which you can detect all electronic devices, including military ones, within a radius of eight kilometers. But, according to him, the development was not needed by the Armed Forces of Ukraine due to lack of funding.

However, in 2015, one of Galushchenko's projects interested foreign buyers.

The American investment fund Noosphereventures, founded by the Ukrainian oligarch in the field of information technology Maxim Polyakov, together with the Fund for Scientific and Technological Development of Ukraine, announced its readiness to allocate UAH 97 million for one of Galushchenko's developments. The further fate of this project was classified.

The interest of foreign representatives in the developments and skills of Ukrainian hackers was no longer advertised.

Cyber Army of the Simple-Minded

It is impossible to calculate the damage caused to Russia by the activities of cyberalliance at the moment. How to assess losses from the suspension of the work of the agency's website or from the leakage of personal data of a citizen?

Catching and convicting hackers is also not the easiest task. Even after establishing the identity of the hacker and collecting evidence of his involvement in specific cybercrimes, it is not necessary to hope that he himself will appear in court.

Also on the russian.rt.com Specialist Bederov told how to protect a website or service from DDoS attacks

According to cybersecurity expert Pavel Sitnikov, in order to catch hackers, it is necessary to adopt international experience.

"They do not need to be identified, they are all known. But how to catch? It is necessary to act like the Americans - to detain on the territory of third countries and deliver to us, "the IT specialist believes.

In addition to highly skilled hackers, hundreds of thousands of ordinary Ukrainians are engaged in the war against Russia in cyberspace, says Igor Bederov.

According to him, on February 26, 2022, with the support of the Minister of Digital Transformation and First Vice Prime Minister of Ukraine Mikhail Fedorov, a volunteer association IT-Army of Ukraine was created.

Its participants conduct offensive and defensive operations in cyberspace. To coordinate their activities, they use Twitter and Telegram, in which targets for attacks are published daily.

"The total number of subscribers of various social groups and chats of the IT-Army exceeds 650 thousand users, which makes it the largest such association," says Bederov.

However, according to experts, the level of training of the vast majority of participants is extremely low. As a result, the IT-Army was most effective only in the field of massive low-skilled DDoS attackson Russian companies and state-owned enterprises.

The vast majority of these Internet warriors do not have curators either in the Center for Information and Psychological Operations, or even more so in the SBU.

They perform elementary work - from planting disinformation in social networks and the simplest DDoS attacks on sites to the so-called Internet mining and recruitment of potential one-time terrorists and saboteurs, Bederov believes.

In 2019-2022, Ukrainian teenagers used e-mail to massively send threats about the alleged mining of Russian schools, courts, hospitals, and infrastructure. According to media reports, they are now actively posting advertisements for rewards for attacks on military recruitment offices and the destruction of police cars.

Experts emphasize: such appeals are designed for people with deviations in the psyche or for confused teenagers - no one will pay them money (even in the case of a successful arson of the military recruitment office or car).