'Unintended consequences': Officials warn amateurs against hacking Russia

More than 300,000 people have joined the so-called 'IT Army of Ukraine' on Telegram

Image:
More than 300,000 people have joined the so-called 'IT Army of Ukraine' on Telegram

Amateur hackers should not join the 'IT army of Ukraine', officials in government have said, over concerns that they could breach the law or start attacks that would eventually spiral out of control.

Since the start of the Ukraine crisis, thousands of hackers from around the world have come forward to show their support for Ukraine.

Many of them claim to have taken down Russian government websites, posted anti-war slogans on the home pages of Russian media outlets, and published information obtained from rival hacking groups.

Last week, cyber actors claiming to represent the Anonymous hacker collective said they had breached Rosneft Deutschland - the German subsidiary of Russian energy company Rosneft - and stole 20 terabytes of data from its systems.

The hackers said they attacked Rosneft because of the company's significant lobbying efforts against sanctions for Russia over the country's invasions of Ukraine.

Anonymous has also claimed responsibility for many other attacks against Russian organisations in recent days, including against Russian state TV and streaming services to show footage of the conflict to ordinary Russians.

Hackers are organising on Telegram under the name 'IT Army of Ukraine'. More than 300,000 people have joined the group so far, from multiple countries.

The call for the 'IT army' came last month, when Mykhailo Fedorov, the country's deputy prime minister and minister for digital transformation, announced the effort on Twitter.

However, these moves have blurred the lines between state-sponsored hackers and patriotic amateurs, making it difficult for governments to determine who is attacking them and how to respond.

As a result, Western officials are cautioning private citizens against joining such groups.

"We wouldn't encourage criminality in any way, shape or form," one official told The Guardian last week.

"We would strongly discourage people from looking to get involved in those kinds of activities."

Participating in Ukrainian cyber-attacks from the USA or the UK could violate local laws, such as the Computer Fraud and Abuse Act in the US and the Computer Misuse Act in the UK.

"Whilst I totally understand the sentiment behind the actions of many in this IT army, two wrongs do not make a right," noted Alan Woodward, a professor of cybersecurity at Surrey University.

He added that "not only might it be illegal" but also runs the risk of playing into Putin's hands, who could use the attacks to spread anti-Western rhetoric.

Cyber experts have also expressed concerns about the possibility of detrimental, unforeseen consequences, which could spread to unintended regions.

The Ukrainian government has so far fared well against cyberattacks in the conflict.

DDoS assaults and 'wiper' operations have been launched against the country, but have had little effect.

Western nations have aided a "successful" Ukrainian cyber-defense, officials said.

"Behind the scenes [there has been] … a massive international government effort to support our Ukrainian allies in this space," one official said.

They added that the UK and Western allies have not observed a spike in hostile Russian cyber-activity since the start of the invasion.

"We are not seeing a heightened threat to the UK or generally to allies. It's fair to say that the level of cyber-activity we see is not significantly up or down," said one official.