When the Russian military invaded Ukraine in a blitzkrieg of heavy weaponry, pro-Ukraine hacktivists looking to take down www.mil.ru met with something unexpected: a 418 error in which a server declares it cannot complete your request because it is a teapot.
The teapot error is a decades-old April Fools’ joke occasionally repurposed to tell would-be hackers that their efforts have been foreseen and blocked. “It’s almost like giving a middle finger," Amit Serper, the director of security research at Akamai, told BuzzFeed News. Akamai, like its competitor Cloudflare, runs much of the plumbing that supports the internet.
A few days later, the teapot error vanished, and mil.ru and websites of prominent Russian banks such as Gazprombank went dark for most internet users outside Russia. The government had geofenced key websites — meaning those outside the country couldn’t access these sites, and so couldn’t hack them.
“I assume the Russians realized that pretty much whatever they are trying to do to everyone else, the same thing can be done to them,” Serper said. “By geofencing you are making it impossible for someone outside Russia to reach all those targets.”
In other words, Russia had expected retaliation for its invasion of Ukraine and had already preempted the cyberattacks it suspected were coming — and come they did.
A day after the invasion began, Reuters reported that a prominent Ukrainian entrepreneur was working closely with his government to assemble a phalanx of volunteers for cyber offense and cyber defense. While the offense would conduct espionage operations, the defense would secure critical infrastructure such as Ukraine’s power plants and water treatment facilities that have been targeted by Russia in the past.
Then Ukrainian Vice Prime Minister Mykhailo Fedorov called for volunteers to join a Telegram channel for the IT Army of Ukraine. “There will be tasks for everyone. We continue to fight on the cyber front,” Federov said.
Since then, social media accounts associated with hacker collectives and pro-Ukraine Telegram groups claim that groups such as Anonymous have taken some Russian websites and servers offline. Yet the Russian geofence and Russia’s own long history of spreading disinformation has made it difficult to confirm the extent to which these websites were hacked, and if so, how long it took before they were restored.
Yet even if the claims of hackers are true, security experts are circumspect about the consequences of crowdsourced attacks.