Can Ukrainian civilian hackers against Russians cause more harm than good?

Ukraine's civilian hackers have divided cybersecurity experts - one side argues it's a normal defensive response in light of Russia's attacks, and the other fears it may go out of control.

The international movement of hackers, Anonymous, announced they are in a "cyberwar against the Russian government".
Reuters

The international movement of hackers, Anonymous, announced they are in a "cyberwar against the Russian government".

As the first missiles hit Ukraine, thousands of civilian cyber experts banded together to create an “IT Army,” claiming to have engaged in cyber operations that blocked access to several Russian government and media websites.

The group works closely with the Ukrainian government in collecting intelligence about the offensive and potential targets in Russia. 

They also conducted cyber operations to counter Russian censorship of the attack. 

Another group in Ukraine’s cyber army is the hacking collective called Anonymous. 

The international movement of hackers announced on Twitter that they are now in a "cyberwar against the Russian government".

READ MORE: Ukraine calls on hackers to help cyber defence against Russia

No one knows their identities, what tools and skills they possess, and how they conduct those cyber operations, but they are united against their common enemy: Russia. 

While some government and cyber officials have embraced those cyber operations against Russia, making it an exception in Ukraine, experts warn the efforts could do more harm than good and might accidentally hurt innocent people. 

Ukraine is a signatory to the Budapest Convention that commits countries to enact domestic laws on unauthorised access to computer systems and digital communications.

At the same time, Ukraine has a right to self-defence under the UN Charter, and that can include activities in cyberspace to respond to Russia’s aggression.

“If this activity is defensive - protecting Ukrainian networks, for example, then there should be no issues with doing that,” Quentin Hodgson, senior researcher at RAND corporation focusing on cyber operations, cybersecurity, homeland security and critical infrastructure protection, told TRT World. 

“The challenge comes when civilians - non-combatants - engage in operations to respond against Russia and conduct those cyber response actions against Russian systems and networks,

“That can expose those people to additional risk, including personal risk if the Russians identify them and choose to retaliate.”

According to recent polls conducted by The Washington Post’s column, The Cybersecurity 202,  47 percent of experts said such hacks were justified under the extraordinary circumstances of the Russian attack on Ukraine. About 53 percent thought they were not. 

A common argument from experts that defend Ukraine’s cyber activities is that the civilians are fighting back against Russian attacks. 

“In a real war, those defending their sovereign nation should not always be asked to justify their actions to those of us sitting safely at home with our families.” Marten Mickos, CEO of HackerOne, told The Washington Post’s Cybersecurity 202.

However, those against it say that offensive hacking leaves everyone less safe. 

“Even though my career was on the defensive side, I was highly aware of and at times considered the offensive side of the spectrum,” Matt Coons, former Sergeant of US Marine Corps who served five years Active Duty as a 2651 Special Intelligence Systems Administrator, told TRT World. 

“All that being said, I do think there are serious ramifications when civilians are overtly attempting to attack, disrupt, and destroy the IT infrastructure of another company or country.”

In early February, Russia launched a series of distributed denial of service (DDoS) attacks, targeting the country’s banking and defence websites. They were reportedly launched by the Russian military intelligence agency GRU. 

On March 1, Anonymous “declared war” against the Russian state and targeted sites run by Russian state-owned media. The group also breached the systems of Roskomnadzor, the Russian agency responsible for monitoring and censoring media. It leaked over 360,000 files, including guidance on how to refer to the conflict in Ukraine.

The IT Army, on the other hand, targeted the websites of Russian banks, power grids and the railway system.

The group also launched widespread DDoS attacks against Russian targets of strategic importance.

Coons, who also served as a cyber security analyst within the US Defense Intelligence Agency, said that distributed denial of service (DDoS) attacks on IT Infrastructure need the utmost careful consideration in order to limit the scope and damage.

“There are very few instances where you can tailor a DDOS attack or other hacks and not harm innocents in the middle,” he said.

Last year, a female German patient suffering from a life-threatening illness died after the University Clinic in Dusseldorf was hit by a ransomware attack. 

The hospital was unable to admit her because its systems were out of order due to a cyber attack.

“Often, the intended targets are relying on the same data and financial services as everyone else,” Coons said.

“And to go after those hard targets ends up leaving a lot of harm along the way.”

Thousands of non-Ukrainians have also reportedly joined the IT Army from the US or the UK, where experts say they could be breaking the cyber laws in those countries, such as the Computer Fraud and Abuse Act in the US and the computer misuse act in the UK.

In February, The Guardian quoted Western officials as warning amateur hackers against joining the IT Army amid fears that cyberattacks might get out of control. 

“Depending on what country they are operating from, their actions could contravene domestic law on unauthorised access and interference with systems and networks,” Hodgson said. 

“It is not clear, however, that law enforcement in those countries will take action to identify and pursue legal action against them.”

Route 6