Fighting Russia with computers, not rifles

Ukrainian cyber officials claim half a million people from around the world have volunteered to be part of a pick-up cyber force they call the IT Army of Ukraine. While much has been made of its volunteer efforts to hack Russia, little has been revealed about how it works, or whether it is actually effective. 

In the hacktivism campaign against Russia, the Ukrainian IT Army is just one of many groups, including Squad303 from Poland, Cyber Partisans in Belarus, and Anonymous. 

In the latest episode of CLICK HERE, The Record’s Dina Temple-Raston spoke with purported members of this IT Army, whom we found through Telegram. One was an IT professional in Finland named Jani. He talked about the coordination problems inherent in such a rag-tag force and how people who don’t know what they’re doing should stick to joining botnets. The interview has been edited for clarity.

Dina Temple-Raston: Can you tell us what you do?

Jani, member of Ukrainian IT Army: Obviously, I can’t tell you too much about what I do. Let's just say that I'm an IT professional, and I'm trained in cybersecurity.

DTR: Where do you live?

Jani: In Finland. That's all you’re going to get from me now.

DTR: Where were you when Russia invaded Ukraine? How did you learn about it? 

Jani: I was basically at home working as I normally do. I see the declaration of the special operation, military operation or whatever Putin called it. And after that, I've been following up on the news. And basically once I started hearing about civilians and children and women and elderly getting bombed and killed and starved is when I decided I have to do something. I'm not going to just watch and stand idly by and, you know, let this happen. 

DTR: And how did you come to join the IT Army?

Jani: I got the invite link to the Telegram group, and from there on, I basically joined in and have been a part of the Telegram channels that aren't available to the public. 

DTR: What was the sign-up process like? Or was there one? 

Jani: There wasn't any. That’s one of the big problems here. Basically anybody can join in and start doing whatever. There are, like, kind of tutorials and people aren't that tech savvy, if you know what I mean. They don't know what they're doing. They get told please don't try anything that you don't understand. And I want to stress this: When you do something like trying these things [like breaking in servers] on a scale like this, you don't have chances for mistakes.

DTR: How do you make sure some script kiddie or somebody who doesn't know what they're doing doesn't break something?

Jani: Let’s just say that when you're a professional, you kind of get the idea if someone else is a professional or not. So basically there are direct messages and you can add people to the groups and whatever.

DTR: Would it be right to say that there are sort of different levels of Telegram channels? Like, [some people are] really good at what they're doing and [some] are sort of pretending to be better than they are?

Jani: Yeah. There are also other platforms that are not in Telegram. Those kinds of things that are usually used by the normal black hat hackers, I guess you would say. It's basically a kind of an open-source teams platform. 

DTR: What we're seeing from the outside seems chaotic, but it sounds like what you're telling me is that they realize that there's a problem with tens of thousands of people coming in and saying, Hey, let me hack, too…?

Jani: For example, this morning, there were a couple of threads where people are trying to do DDoS [distributed denial-of-service] attacks on multiple freelance websites, for example. I was just watching it and trying to get people to actually focus on something more important, for example, and it just didn't work. The Telegram front, or whatever, was just an unorganized mess of basically willing participants of botnets. That's basically all. It’s only this.

DTR: It's almost like in Ukraine, they're handing guns to everyone and a lot of them probably don't know how to shoot... 

Jani: Yep, it is the same sort of thing. I mean, there are people who have set up scripts like automatic websites and whatever. There are these tools that are basically easy to use and there are tutorials in which you can basically participate in the botnet. That in itself is a good thing. Of course, that means more traffic, more load on the targets. But people should be wary of going any further than that.

DTR: So join the botnet, but don't take it upon yourself to do something more? Have you seen stuff and sort of slapped your forehead and said, ‘Oh my goodness, how did that happen?’ 

Jani: Yeah, I was actually trying to get into this one file server. I actually had an administrator screen open in front of me and I was trying to brute force the system and then [IT Army] people went and took it down.

DTR: It's the left hand and the right hand not really knowing what they're doing?

DTR: There's only the small groups — you know, the inner, inner circle. They're actually communicating between each other and trying to brainstorm ideas and ways to get into their systems with non-violent vulnerabilities and whatnot.

Jani: To explain it to a person who doesn't know anything about penetration testing, per se, it is basically just trying a bunch of different things and basically slamming your head against the wall as many times as it takes to get inside, that's the bread and butter. There are times when you get lucky like, for example, these railway systems [in Russia], let's just say that they're a couple of months behind in updating their systems. 

DTR: So are you given a list of targets? Or do you just use your imagination and say, ‘Hmm, to be helpful, I should take down the railway system.’

Jani: No, it's more of a focused effort. There's multiple different small groups and there's always one particular kind of leader, I guess you could say. And after that, it's just basically broad brainstorming in which we say, How do we get in this? These parts are open. They have these systems running on it. How do we get in? That's basically all of this. 

DTR: Are you concerned that you may have some blow back from doing this? Or having the Russians hack you back?

Jani: Well, that's why I'm using a proxy and incognito and everything. But on the subject of this being against the law, well, how I think about it is that if they want to persecute me, they can come and get me. And that's why I take…what's the word? 

DTR: Precautions. 

Jani: Yeah, to not let that happen. 

DTR: Did you ever imagine that you'd be doing something like this? 

Jani: Not really, not after my teenage years. The motivation here is very clear to pretty much everyone. But after this conflict is over, what's the motivation? That’s the question. I guess there might be some groups that get launched because of this, but, let's just say that I wouldn't think about that right now. 

DTR: Right. 

Jani: Or I wouldn't focus on that because I think there's more important things to worry about.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Dina Temple-Raston

Dina Temple-Raston

is the Host and Managing Editor of the Click Here podcast as well as a senior correspondent at Recorded Future News. She previously served on NPR’s Investigations team focusing on breaking news stories and national security, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were You Thinking.”