You've successfully subscribed to Adlive Content Hub
Great! Next, complete checkout for full access to Adlive Content Hub
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.
Russian vigilante hacker: 'I want to help beat Ukraine from my computer'

Russian vigilante hacker: 'I want to help beat Ukraine from my computer'

"This site can't be reached."

That was the message greeting visitors to dozens of Ukrainian websites on Wednesday afternoon.

From 16:00 local time webpages for banks and government ministries started going down.

Naturally, fingers quickly pointed towards Moscow - Russia's cyber army once again accused of hacking to spread fear and confusion online as troops massed on Ukraine's borders.

But the BBC has learned that at least some of the cyber-attacks that afternoon and since have come not from the Kremlin but from groups of so called "patriotic" Russian hackers.

They work in small groups without direct orders from the Russian state and are intent on adding to the chaos in cyber-space.

By day, Dmitry (not his real name) works for a respectable Russian cyber-security company.

On Wednesday afternoon he finished work helping protect his customers from malicious hackers and went home for the night.

But while watching the unfolding cyber-attacks against Ukraine, he decided to assemble his hacking team and get stuck in.

"Considering everyone is attacking Ukraine servers. I am thinking we should cause some disruption too?" he posted on social media.

He says his team of six hackers then temporarily brought down a number of Ukrainian government websites, by flooding servers with distributed denial of service (DDoS) attacks.

The BBC witnessed the crew temporarily take one Ukrainian military web page offline.

Dmitry says they communicate on encrypted channels and "never speak in person" even though two of them work at the same cyber-security firm.

"If my employer found out I would not have a job," he says.

The vigilantes claim to have hacked live dashboard cameras of "rapid response teams" in Ukraine

This wasn't the first bit of vigilante hacking the group had done in recent days.
In the past week, Dmitry says they have carried out DDoS attacks, emailed 20 bomb threats to schools, hacked into the live dashboard feeds of an unidentified Ukrainian "rapid response team" and found a way to set up official emails using a Ukrainian government email service.

The BBC was able to confirm that they have control of at least one email address ending @mail.gov.ua. The hackers say they plan to use it to carry out targeted phishing attacks.

More attacks coming

They are also warning of more disruption and distress as they release stolen undisclosed data.

"This is just the beginning," says Dmitry, over an encrypted call, using a voice distorter. "You've got to understand we are being careful and watching what we do at the moment. We could launch ransomware but we haven't yet."

Ukraine's Minister of Digital Transformation, Mykhailo Fedorov: "DDoS attacks cost millions of dollars, and their key goal is to sow panic."

Ransomware attacks which scramble the data on computer networks are far more serious than the sorts of things Dmitry's team have done so far.

Ethical hacker and cyber-security lecturer Katie Paxton-Fear has looked over the material the hackers have shared.

"These hackers appear to be targeting known vulnerabilities. It's like they've got a huge pair of binoculars and are trying to find weak points in any Ukrainian system they can find.

"The hacking they are doing isn't very sophisticated, but that doesn't mean their attacks won't cause a potential distraction to security teams who are already very busy and stressed."

Ukraine has been repeatedly hit by low level cyber-attacks since the start of the year.

Cyber attacks at a glance:

  • On Friday 14 January about 70 government websites were hit with a DDoS attack. Some displayed a message warning Ukrainians to "prepare for the worst". Access to most of the sites was restored within hours. Kyiv blamed Russia for the attacks.
  • On 15 and 16 February more DDoS attacks temporarily took down websites for two banks and the Ukrainian army. The UK and US said that the Russian Main Intelligence Directorate (GRU) was almost certainly involved".
  • On Wednesday 23 February websites for numerous government ministries and financial services organisations were hit with another wave of DDoS attacks. Security researchers also discovered a more serious 'wiper' tool being used on a small number of computers to wipe all data from them.
  • On Friday 25 February Ukraine's cyber defence force issued a warning on social media about a widespread attempt to infect citizens with malicious software: "a phishing attack has started against Ukrainians! Citizens' e-mail addresses receive letters with attached files of uncertain nature." The authorities blamed Russian-allied Belarusian hackers.

Dmitry would not confirm his exact age or where he lives.

He says members of the crew are not worried about being caught and that, in fact, they hope that the Russian cyber-military is watching.

Ukraine's cyber-security defence says the country is under continual attack

"I think there are certain people in our government who will be very pleased with what we're doing.

"I would like to work with Russian cyber-authorities, but I would need to think about it first. I can tell you that one mistake could cost you your life when you work for them."

He says he is motivated by the war and wants to "help beat Ukraine from behind my computer whilst they die in the streets".