Hackers Wanted—Ukraine Government Calls up its ‘Cybercommunity’

The Ukrainian Defense Ministry is asking for infosec help from its citizens. It’s calling up volunteers to join a “cyber force” that would defend against Russian attacks.

There will also be offensive actions, we’re told. And international hacktivist groups are also answering the call—such as Anonymous and the Belarusian Cyber Partisans.

Welcome to the future. In today’s SB Blogwatch, we quietly hum Ще не вмерла України і слава, і воля.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The Ghost of Kyiv.

Conscript Hackers

What’s the craic? Joel Schectman and Christopher Bing report—“Ukraine calls on hacker underground to defend against Russia”:

Late in the game
The government of Ukraine is asking for volunteers from the country’s hacker underground … according two people involved in the project. … Requests for volunteers began to appear on hacker forums on Thursday morning.

Yegor Aushev … wrote the post at the request of a senior Defense Ministry official. … Aushev’s firm Cyber Unit Technologies is known for working with Ukraine’s government on the defense of critical infrastructure. … Aushev said the volunteers would be divided into defensive and offensive cyber units.

The effort to build a cyber military force is coming late in the game. … A Ukrainian security official said earlier this month that the country had no dedicated military cyber force.

Want more info? Charlie Osborne effects some—“Ukraine calls for volunteer hackers”:

Cyberespionage
Defensive volunteers would focus on protecting critical assets, including energy and water utilities. … Ukraine experienced a cyberattack against its power grid in 2015, causing hundreds of thousands of Kyiv residents to lose access to electricity for roughly an hour.

On February 23, Ukraine’s State Service of Special Communications and Information Protection said that a number of government websites experienced outages due to a wave of distributed denial-of-service (DDoS) attacks. Websites impacted reportedly included the Ukrainian Ministry of Foreign Affairs, Ministry of Defense, and Ministry of Internal Affairs. Wiper malware was also discovered.

What about these “offensive” units? Laurens Cerulus hazards an educated guess—“Hacktivists come to Ukraine’s defense”:

Websites were unreachable
Groups of pro-Ukrainian hackers are organizing to hit Russia with cyberattacks targeted at Moscow’s command, control systems and government infrastructure. … The global hacktivist group Anonymous [said] it was “officially in cyber war against the Russian government” and claimed it had taken down the website of Russia’s state-controlled media network RT.

Another, Belarusian, hacktivist group opposing the Russian regime called the Belarusian Cyber Partisans said it had created a “tactical group of Belarus” to work with volunteer hackers to help Ukraine’s military fight back in the cyber domain. … In January [it] claimed it had encrypted parts of the Belarusian Railway organization in an effort to slow down troop deployment in Belarus.

Several Russian government websites were unreachable … including the website of the Ministry of Defense, the Kremlin’s website and the parliamentary Duma’s website, as was the website of the state-owned Sberbank, the country’s biggest bank. … Ukrainian government websites were hit with similar attacks twice in the past two weeks.

And what about us? David Rothkopf addresses that very question:

Why stop with Ukrainian hackers? The world hacker community should mobilize. What we need is the e-version of the Abraham Lincoln brigade.

Is that legal, though? HWR_14 opines an opinion:

It’s probably legal for you to fill out the application as a US citizen, as the Ukrainians are also asking for defensive help. If you have or want a US security clearance there may be issues in helping a foreign power, but absent that you can probably stay on the right side of the line. Obviously, you’d want a real legal opinion.

I do wonder at what point the US just declares Russian computer systems beyond the protection of US law. At some point, that happens, right?

But what about offensive action? IWantMoreSpamPlease has some cross-cultural experience:

Give them a bloody nose
Russians understand and respect only one thing: a raw display of power. Anything else is seen as a sign of weakness to be exploited. This has been my experience in my years of interacting and dealing with them.

As [a] CIA director once said, “you have to give them a bloody nose.” Otherwise they will get back up again and try again and again.

Nothing to worry about, promises birdyrooster:

There are plenty of independent clandestine attackers from the US and they interact with the US government through DISA [the Defense Information Systems Agency], which might confuse you if you take their name literally. The government is looking the other way and isn’t looking or trying to bring their domestic hackers to justice.

And the ultimate sanction? Unplug Russia, suggests Aighearach:

A new Cold War
China unplugged itself from the internet, time for the world to unplug Russia. They can continue on with their own network, no problem. Pull the plug.

Arrest Russian agents in foreign countries that originate attacks there. Unplug countries that refuse. This is a new Cold War, which is obvious to anybody who listens to Putin’s morning rant.

Meanwhile, baybal2 is much amused:

Somebody just hacked a TV station in Vladivostok, and put a documentary about Putin’s golden toilet on loop.

And Finally:

Ace in a Day: Retired naval aviator recounts yesterday’s story

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: UP9 (cc:by-sa; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 596 posts and counting.See all posts by richi