This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions.
Cyber Unit Technologies, a Kyiv-based cybersecurity firm, has been particularly outspoken — on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100,000 to the program.
A senior executive from the company spoke to The Record about the initiative and how security specialists are using their skills in the ongoing conflict. Although some criminal gangs have expressed their allegiances on Twitter, the Cyber Unit Technologies representative emphasized that the company only seeks to work with professional white-hat hackers. “The people who joined our initial [efforts] are all regular security experts, and everyone is known locally in the community. This is to protect everyone and make sure there are no foreign Russian agents.”
The Record is not printing the executive’s name, due to the possibility that it would make him a target. The interview has been lightly edited for clarity.
The Record: Tell me about your company — what do you do, when did it start, where are you based, etc?
Cyber Unit Technologies: We started in 2015. Our base and origins are in Ukraine, but a good part of the team is distributed. Besides Kyiv, we have offices in Asia Pacific. We are not at freedom to discuss our customers, but our specialty is protection of critical infrastructure, training, and attack security. Especially in 2021 we have focused on critical infrastructure protection for governments and on personal security for employees as that is where most attacks are concentrated. In Ukraine in 2021 we have worked with 50+ different ministries, agencies, state organizations of all sorts.
We are just an IT company with an extremely valuable set of skills and an elite cybersecurity force. We use the skills for a wartime effort to defend freedom and democracy, just like companies did in World War II. We are completely independent, neutral and apolitical. We are not affiliated with any government, any political movement, any view, or even any vendor.
TR: Where did the idea for this new program — offering bounties to take down Russian websites — come from?
CU: First, we would like you to understand the "national spirit" of Ukraine. Ukraine is not a top-down country — it is completely and fully opposite of Russia. "Freedom" is not just a right in the constitution, it is deeply and irreversibly enshrined in how everything works in Ukraine. Ukraine has had two political revolutions against Kremlin-backed corruption and dictatorships in the last 20 years. Historically, Ukrainian people have an extreme distrust of state institutions because it is the legacy of Soviet times.
Ukraine has been at war with Russia since 2014. Our company has been a community leader and a respected voice in the country. We have taken an active interest in not just growing the skills of the IT community, but we worked hard on values and community support so that people with high levels of IT skills do not become lost loaded weapons. When people are part of a group, the government and different IT communities start talking with each other and reduce their distrust, everyone can channel their energy and skills for the good of the society. It is extremely important. Young kids with high IT skills are almost all fully self taught when they are discovered, which makes them unguided weapons. We have worked hard to be a guiding force in the community so that everyone is a positive contributor because today a lone evil hacker is a danger to entire nations. We grow good citizens first.
Prior to the start of the war, we proposed to organize volunteer IT groups to protect the country in case Russia attacks. This has been picked up at all levels of the society in Ukraine, from Parliament MP's to the Ministry of Defence and various IT communities. Our company was just a seed. Our idea was then picked up fully by the Ministry of Defense after the war started — the Ministry of Digital Transformation "publicized it" and it snowballed from there.
I repeat, we are not a head of some movement. We are just a seed, a thought, and part of the decentralized force. The entire idea is that the movement cannot be killed. There is no head to cut off. What we did was to plant the seed and then create a system to grow it so that IT activists can feed their families in these tough times while benefiting the nation.
TR: What has the feedback been like so far?
CU: The decentralized movement has achieved great victories which are all over the news. The beauty is that the movement is decentralized and anonymous. Russia has no chance.
TR: Has anyone collected a bounty yet? How much do you expect to payout in total?
CU: We are not free to discuss collections — there are great victories and people will be rewarded according to their impact to the common mission, which is stopping the war crimes in Ukraine. Our company has contributed the initial $100,000, but we see participation and contribution from all over the world. The amounts are very, very significant and might be one of the biggest bounties ever, maybe the biggest "unofficial" bounty.
TR: What would you like to tell hackers who are interested in taking a stance politically?
CU: We are not interested in politics. We are interested in democracy and freedom. The West is now discovering that Ukraine is a beacon and a symbol of freedom and the West absolutely cannot let Ukraine fall — there will be extremely dire and long lasting consequences for democracy and freedom.
We never promote achievement of political goals — we promote the defense of our values, which is democracy and freedom against an evil and corrupt dictator illegally invading the country. We desire to stop Russian state-sanctioned terrorism and crimes against the human population in Ukraine. We repeat — what we do is completely apolitical and we are not interested in whatever political view someone might have. We want our kids to be able to go to school safely and not under evil dictators. We invite people who consider themselves as activists for freedom with excellent IT skills to protect this freedom. Once the decentralized movement has achieved its mission, it will disband and people will go back to their normal lives.
TR: Are you worried that this program will make you a target? How are you preparing for that?
CU: Please understand that Ukraine has been at war with Russia since 2014. It just went from de facto to de jure — the world just closed its eyes to try to appease a dictator with nuclear weapons. A disproportionately large number of Russian "hackers" are state sanctioned or state supported. They are pressured into working for the Russian state because of threats to their safety and safety of their families by the local public security institutions in Russia. It's either "work for us or you and your family goes to prison" type of thing. In this way Russia can always disavow knowledge or presence of these disposable "tools" of war and terror.
What else can they do to Ukraine which they have not already done? Except maybe nuclear weapons. Everything else has been used already profusely, but people should stop fearing this. Russia thrives on fear — any sign of weakness empowers their psyche. Russia is corrupt to the bones, but they are adept at using fear to terrorize the world. Ukraine has no fear. The West has to stop fearing.
Russia or their hackers cannot decapitate a monster with no head. We are not a head because there is none. We are just one of the seeds. If they try to remove a seed, another will be planted. They have zero understanding of how Ukrainian society works because it is not top down at all. Freedom is the most valuable thing Ukrainians have. Our movement is global, Ukraine is just the symbol now. Russians have no idea what they got themselves into. They are finished, it is a matter of time.
Adam Janofsky is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.