Following large-scale cyber attacks, Ukraine moved to increase its cyber warfare capabilities on Feb. 26 with its announcement of a new volunteer “IT Army” — a move experts fear could escalate the Russo-Ukrainian War.
Ukraine’s deputy prime minister and minister for digital transformation, Fedorov Mykhailo, made the announcement on his official Telegram channel. He later tweeted, “We are creating an IT Army. We need digital talents.” Within hours, the army had received hundreds of applications, all of which are now being vetted for connections to Russian interests.
Administrators have so far asked a Telegram channel of 170,000 volunteers to launch DDoS attacks on more than 25 Russian websites, including vital infrastructure services like Gazprom energy and Roskomnadzor communications. Other potential targets include Russian government, banking, and news websites.
According to Ukraine, the move comes in response to “an intensifying wave of hacks aimed at the country” just prior to Russia’s invasion.
On Feb. 23, two separate DDoS attacks targeted banking systems and took down multiple government websites, including the Ukrainian foreign ministry and state security office. Meanwhile, hundreds of personal, government, and banking computers were infiltrated by a destructive data-wiping software.
Although the perpetrator is unknown, the attacks’ proximity to the invasion place heavy suspicion on Russia. The Kremlin has denied its involvement, but has a history of cyber offensives against Ukraine, including a 2015 hack that left more than 225,000 people without power.
In a Feb. 25 Facebook post, Ukraine also relayed evidence of third attack originating from the Belarusian Ministry of Defense, which targeted military personnel and their private messages.
A former Ukrainian official “with knowledge of the IT Army’s organization” said, “Our country didn’t have any forces or intentions to attack anyone. Therefore, we made a call. We already know they [Russians] are quite good at cyberattacks. But now we will find out how good they are in cyberdefense.”
Experts around the world have expressed growing concern over such retaliatory attacks. More sophisticated strikes, like a self-propagating worm attack, could spread uncontrollably and cross onto unintended targets.
J. Michael Daniel, head of the Cyber Threat Alliance and former U.S. cyber coordinator, said worm attacks “could take down anything from emergency services, health care systems, or other things offline without meaning to. Which has an immediate impact — you could hurt civilians.”
More sophisticated attacks could also magnify the conflict, according to Daniel. He said unintended targets “could inadvertently escalate things if the Russians perceive that as a direct order of the Ukrainian government, and they escalate and respond in kind.”
According to Tim Stevens, senior lecturer in global security at King’s College London, well-intentioned third-party hackers could also escalate the conflict — like the recent Feb. 24 attack against Russia. The hacktivist group Anonymous has since claimed responsibility for the attack as “response to Kremlin’s brutal invasion of #Ukraine.”
Stevens said, “What concerns me is if there are non-Ukrainians and Russians involved in this, the cyber aspect of this conflict could be treated by either combatant as a de facto escalation of the conflict beyond Ukraine’s borders.”
The Russian ransomware group Conti echoed this possibility in an official announcement, warning that a cyber attack against Russia would result in the group using its full capabilities “to deliver retaliatory measures” against “Western warmongers”.
On Monday, A NATO official also responded to the threat of cyber escalation, stating that a cyberattack against a NATO member state could be “considered an armed attack” and therefore trigger NATO’s collective defense clause.
U.S. Press Secretary Jan Psaki expressed similar warnings at a press conference in January, stating that the Biden administration is “prepared to respond” in the event that “Russia attacks the United States or our allies through asymmetric devices, like disruptive cyberattacks.”
Although countries appear well-prepared for cyber escalation, Stevens said that the novelty of cyber warfare makes it impossible to predict. Other experts believe that Ukraine’s IT Army will serve as a defensive strategy — not an offensive one.
Jake Williams, cyber incident responder and former hacker for the U.S. National Security Agency, said, “The idea that this ragtag group of folk [is] going to somehow hack into the Kremlin’s networks and get valuable intelligence that’s going to change the course [of the war], that’s fantasy. DDoS and defensive is probably more important for Ukraine.”
Daniel agreed the IT Army could have other purposes. He said, “Part of it is a signaling exercise. It’s signaling a level of commitment across the country of Ukraine to resisting what the Russians are doing.”
Regardless, for the thousands of Ukrainians now involved, the IT Army is just one of many strategies being used to fend off an existential threat. “If Ukraine falls, and they didn’t do everything possible to stop that,” said Williams, “why would you leave anything on the table?”