- The Washington Times
Wednesday, March 9, 2022

LVIV, Ukraine — From an apartment on a quiet street in Lviv in the still-unscathed western reaches of Ukraine, two childhood friends now in their early 20s have been waging a quiet invasion deep within Russia’s borders.

With intense shelling and ground battles playing out in cities throughout eastern Ukraine, Marco, an information technology consultant, and Roman, who works in graphic design and marketing, see themselves as foot soldiers in a fierce information war. Fighting the war, they said, are hundreds of thousands of ordinary Ukrainians who have come together to hack Russian websites and present to the Russian people the reality of the raging ground war that the Kremlin has banned official media from reporting.


“The point of this is to create a distraction to deal with inside their own country instead of sending a lot of military to our country,” said Marco, who, like Roman, requested that his real name be concealed. “So when Russia’s nuclear plant management system is down, they may think about fixing it instead of sending a lot of troops to die here.”

After responding to a call for “digital talents” from Ukrainian “Minister for Digital Transformation” Mykhailo Fedorov, Marco and Roman are part of the “IT Army of Ukraine,” a ragtag group of hackers operating inside and outside Ukraine. The hackers attack official and unofficial Russian websites and design information campaigns that they distribute through text messages and on social media.

Official numbers of those involved in the cyberoffensive are difficult to pin down. The “IT Army of Ukraine” Telegram chatroom, used to distribute “operational tasking” to the hackers, has more than 300,000 subscribers.

“List of Russian oil and gas and energy companies,” says one post from Wednesday that includes URLs. “Let’s make these resources inaccessible! Take it down please!”


SEE ALSO: Strike on Ukrainian hospital that killed 3 draws outrage; diplomats to meet in a Turkish resort


Other targets include municipal websites and major Russian state media sites.

Marco said he works with about 50,000 people dedicated to distributed denial of service attacks. Although DDoS attacks require coordination, they can be carried out by swarms of people without significant technical acumen.

“The main concept of a DDoS attack is creating a huge load on the site,” Marco said. “Like hundreds of thousands of people entering the site at one time.”

Little equipment or software is needed. A DDoS attack can essentially be carried out from any laptop or cellphone with a web browser.

It is difficult to gauge how effective the group of amateur hackers has been. Although DDoS attacks have knocked several Russian government websites offline, they are generally thwarted through countermeasures.

A need to coordinate

James Knight, a cybersecurity consultant for U.S.-based cyberwarfare, said the massive decentralized effort raises legal questions and could cause more problems for professionals in the intelligence community. The uncoordinated attacks could thwart intelligence-collection activities of friendly countries, he added.

“The trouble is that there is a lot of real hacking that is going on within governments like the U.S. government, for instance,” he said. “Generally, they don’t take something down unless they have to.”

When an uncoordinated attack takes down a site, he said, the opportunity to use that site for other purposes is off the table.

“So in the intelligence world, what we see is that these people who are doing this cause more problems than they fix,” he said. “The best thing they could do is try and get hold of U.S. intelligence who would be coordinating with other agencies and kind of coordinate with them before they start doing these things.”

Still, he said, such coordination is nearly impossible when hundreds of thousands of people are volunteering in the middle of a hot war.

The Ukrainian hacker army has also waged an all-out assault on what it says are the Kremlin’s efforts to hide the truth about the war from the Russian people.

“Basically, there is so little information in Russia that Russian moms of troops that are dying or captured here don’t know their sons are even here,” Marco said. “They contact their military service, and they say, ‘Hey, everything is all right,’ after her son calls her and tells her, ‘I’m captured. You need to help me.’ They’re basically lying to the moms of those troops, and I’m pretty convinced their moms don’t want to be lied to.”

Roman said he began compiling lists of thousands of Russian phone numbers where he sent text messages with death toll numbers and pictures of captured soldiers.

“I think we just want for people to understand what’s actually happening so they can go out and demand their rights,” Roman said. “Mothers are being told not to criticize the army, and they’re not being told anything about their sons.”

The Russian government quickly caught on to the campaign, Marco said, and began manually reviewing text messages.

Since then, the group has changed tactics. It now posts ads on social media and includes pictures and updates from the war in unlikely places such as Google reviews for restaurants in Moscow.

Roman said the group monitors responses to their posts and adjusts messaging to reach a broader audience. More recently, he said, the Ukrainian hackers have focused on messaging around the economic impact of sanctions on Russia and the number of popular U.S. and Western commercial brands abandoning Russia. He said engagement has been through the roof.

“Russians don’t really care how many people are dying here,” he said, but the economic fallout sparks a major reaction.

The two said they expect Russia to crack down on their activities soon, and they are planning campaigns to rally support from Western countries. 

“Specifically, we really want them to demand action from their officials on shutting down the sky,” Marco said. “The more [countries] involved in this, the quicker this ends and the more people who will be safe.”

• Joseph Clark can be reached at jclark@washingtontimes.com.


Copyright © 2022 The Washington Times, LLC.