Inside Ukraine's cyber guerrilla army
March 24, 2022
Before heading to his day job in "just another city" in Denmark, Jens spends around an hour of the morning defending Ukraine in cyberspace.
First, the IT professional in his mid-40s checks the messenger app Telegram for a list of websites of Russian organizations and companies. Then, he activates a program that automatically bombards the pages with fake requests.
Throughout the day, as he goes about his work, Jens regularly makes sure the software does what it is supposed to: overwhelm the websites with so much traffic that they collapse.
When he goes to bed, he knows he will do the same again the next day — silently. His wife, friends and colleagues have no idea.
"I am doing this to punish the Russians for their war crimes," Jens told DW over an encrypted voice call. Like all hackers interviewed for this article, he spoke on the condition of anonymity because his activities are illegal.
He is one of potentially thousands of pro-Ukrainian cyber guerrillas spread around the world who have launched attacks on targets in Russia or with links to the country.
No one knows exactly how many there are. They have different motives, and they use different cyber weapons, from simple tools for online vandalism to sophisticated cyber operations. But they are united in their goal: to support besieged Ukraine.
"Everybody is helping out every way that they can," said a Netherlands-based activist affiliated with the Anonymous hacking collective.
For decades, countries have deployed cyber operations to sabotage their enemy, obtain sensitive information or sow confusion and thicken the fog of war.
But the war in Ukraine has given rise to an unprecedented form of online guerrilla warfare. Large groups of non-state participants can operate simultaneously without one central authority coordinating their efforts, interviews with hackers and experts suggest.
"That is the nature of the beast," the Anonymous activist said.
Core of the IT army
The idea to recruit a volunteer cyber army was born when the war broke out in late February.
As the first missiles hit Ukraine, civilian experts from the country's cybersecurity industry approached the government to offer help, said entrepreneur Yegor Aushev, the co-founder of the Ukrainian cybersecurity company Cyber Unit Technologies.
"Our only motive is to stop this war," Aushev told DW by phone from a location close to the capital, Kyiv. When they encouraged other cyber experts to join them on social media, hundreds answered their call. One month into the war, their number has grown close to a thousand people, he estimates.
They can be considered the inner core of Ukraine's IT army, working closely with the country's government, according to Aushev. Most of its members have years of expertise in cybersecurity; only those who find other experts to vouch for them are granted access.
Their goal is to collect intelligence about the war and potential targets in Russia, which they share with the Ukrainian government, Aushev explained.
Enter Anonymous
Another powerful player in Ukraine's cyber guerrilla army is the hacking collective Anonymous — a loose international movement of hackers. Shortly after Russia launched its invasion of Ukraine, the hackers announced on Twitter that they were now "in cyberwar against the Russian government."
Since then, Anonymous has claimed credit for several incidents such as hacking into Russian state TV channels.
Two Anonymous members told DW they estimated that "hundreds" of people were running advanced hacking operations. Additionally, many more less-skilled volunteers have been involved in activities to spread information about the war among Russians, they said. For example, they use a website that allows internet users to send texts, WhatsApp messages and emails to random people in Russia or call them.
This site was built by Squad 303, a collective with links to Anonymous, that started in Poland and now says it counts more than 100 members around the world, including Japan, Estonia, Germany and France. A Squad 303 member told DW that during the first month of the war, their website made it possible to send over 40 million messages to people in Russia.
Government call to action
There is also a growing number of what insiders call "script kiddies" — volunteers with little experience in cybersecurity who run hacker programs without fully understanding how they work.
Many of them joined the cyber guerrilla effort after Ukraine's digital transformation minister took to Twitter to urge users to take action, adding a link to a Telegram channel with instructions in Ukrainian and English. Every day, this channel's administrators publish a list of IP addresses and encourage group members to make the websites collapse.
It is this Telegram channel that Danish IT professional Jens checks every morning for new targets. One month since the war began, it has over 300,000 subscribers.
Criminal activity — which could backfire
While Ukraine's government has embraced the activities of the cyber guerrilla, experts warn the efforts could backfire. They say the hackers might accidentally damage unintended targets, or prompt counterattacks by technically superior nation-state hackers.
"Every one of those attacks escalates the situation further," said Dennis-Kenji Kipker, a professor for IT security law at the University of Bremen, "and this will get us nowhere."
He added that not all cyber guerrillas seemed to be aware they were breaking the law. But Jens, in Denmark, said he knows what he is doing is illegal.
"I am a very law-abiding person, I don't even run a red light — I am an ordinary person with an ordinary job in an ordinary city," he said. "In peacetime, I would never do this."
But in mid-March, when he saw images of a bombed theater in the Ukrainian city of Mariupol with the word "children" written in Russian on the pavement outside, he decided to get involved.
"There's a war going on, and I consider myself to be a participant in the war, like many people in Ukraine's IT army," Jens said.
Edited by: Rina Goldenberg
While you're here: DW editors round up what is happening in Germany and the world in several email newsletters. You can sign up here.