Ukraine's IT army is a 'world first' in cyberwarfare — but it's a major gamble for the government, experts say

Cameron Manley
·5 min read
2

  • Ukraine's IT army says it has launched thousands of attacks on Russian organizations.

  • The group, formed shortly after Russia's invasion of Ukraine, has members from around the world.

  • Experts told BI that there are risks with putting so much responsibility in civilian hands.

Shortly after Russia launched its full-scale invasion of Ukraine, the Ukrainian government issued a clarion call to tech wizzes around the world to use their skills in the fight against the invading nation.

"We are creating an IT army. We need digital talents," Mykhailo Fedorov, Ukraine's then-deputy prime minister, wrote on X at the time.

Eager volunteers quickly responded to the plea, and within a month, the group's Telegram channel counted around 300,000 subscribers.

As the number of members increased, so did the IT army's activity, and by late May, the group had already launched an estimated 2,000 cyberattacks on Russian organizations, Ukraine's Digital Transformation Ministry said on Telegram.

A spokesperson for the group, who goes by the name Ted, told Business Insider that they "currently see tens of thousands of devices and possibly thousands of people behind them."

"While we experience a constant decline in the number of subscribers [to the army's Telegram channel], the number of active devices involved is growing," Ted added.

Though the exact location of participants is unknown, the army is international in reach, Ted said.

The IT army website provides detailed resources that explain in Ukrainian and English how volunteers can help, with guides on how to install the "IT Army Kit," which contains tools required for conducting cyberattacks.

Volunteers can even use the toolkit to set up the attacks to run in the background, preventing tasks from disrupting their daily activities.

Leaderboard statistics are also posted to help gamify the process, increasing engagement and promoting competition among users.

Russian organizations are vulnerable to cyberwarfare, experts say

Russian organizations are particularly susceptible to things like a DDoS (distributed denial-of-service) attack — which is an effort to overload a website or network.

In the West, there are a number of services that help protect companies from DDoS attacks, Alan Woodward, a professor at the Surrey Centre for Cyber Security at the University of Surrey, told BI.

In Russia, however, "they have the expertise but not necessarily the service providers who sit in front of organisations to detect and deflect DDoS attacks," Woodward added.

In June, the IT army said it had launched a major DDoS attack against Russian banks, including VTB, Gazprombank, Sberbank, and a number of others, as well as the country's Mir payment system — Russia's equivalent of Visa or Mastercard.

A man walks past VTB Bank at the Gum Building.
A VTB bank.SOPA Images/Getty Images

Woodward said the incident "certainly left the impression that the group is capable of mounting significant attacks."

The IT army and other hacktivist groups have also managed to hit Russian media outlets.

In June 2023, Russian state TV and other channels were targeted by hackers, with a video broadcast in Ukrainian warning viewers: "The hour of reckoning has come."

Cyberattacks such as these play a "very important role" in Ukraine's cyberdefense, Stefan Soesanto, a senior researcher at the Center for Security Studies at ETH Zurich, told BI.

"While most of their DDoS efforts only cause short term disruptions, they are persistent when it comes to specific Russian businesses and platforms," he said. "They will target them over and over again."

Roskomnadzor, Russia's federal censorship agency, said it had repelled almost three times more DDoS attacks in the first quarter of 2024 than in all of 2023, Russian news website Kommersant reported.

Such attacks may also help "support defensive movements of the Ukrainian army," said Vasileios Karagiannopoulos, an associate professor in cybercrime and cybersecurity at the University of Portsmouth.

They can "help with countering misinformation efforts and facilitate things at a cyberespionage level," he said.

"It also helps to symbolically generate an image of vulnerability that can impact on the morale of the opponents and respectively boost the morale of Ukrainian troops and citizens," Karagiannopoulos added.

Ukraine's government may want to keep its distance from the group

The IT army has an internal team, which some experts believe was taken over by the Ukrainian intelligence service and the country's Ministry of Defense.

"The IT Army is managed by the SBU and the Ukrainian MoD," Soesanto said, adding that they receive support from Ukraine's Ministry of Digital Transformation.

"The volunteers who are nowadays participating in the IT Army do not know which sites, IP addresses, and services they are DDoS [attacking]," he said, adding that it had all been "centralized, with a handful of people making the targeting decisions."

Ted told BI that "the MoD does not run the IT army, but there is collaboration to ensure efforts are synchronized."

Ukraine's Ministry of Defense did not respond to a request for comment from BI on the nature of its relationship with the IT army.

The Ukrainian government likely wants to keep the group "at arms length," Woodward said.

"Or at the very least organise matters such that there is plausible deniability by the Ukrainian government if an attack results in unwelcome, albeit unintentional, consequences," he added.

One of the main risks with the force, Karagiannopoulos said, is that sometimes "volunteers might not follow instructions" and "organize their own attacks," potentially impacting people "across different countries and networks.

It is also unclear "whether these individuals could be targeted by the Russian military as combatants when they are considered to take direct part in hostilities," he added.

Nonetheless, the IT army is a "world first," Karagiannopoulos continued. "We have an explicit call from government officials for people to join," yet these hackers are not a formal part of the Ukrainian military.

This will set a precedent for future conflicts as cyberwarfare becomes more common, he added.

Read the original article on Business Insider