Ukraine deserves an IT army. We have to live with the fallout

Join today’s leading executives at the Data Summit on March 9. Register here.

While you have to sympathize with Ukraine’s desire to do everything it can to hinder Russia, Ukraine’s military IT initiative raises some big questions and could have serious unintended consequences, cyber experts told VentureBeat.

“I think it’s important to recognize that Ukraine is in a dire situation, which may call for unprecedented action,” said David Kuder, senior cyberthreat intelligence analyst at Critical Start.

At the same time, Kuder said, “It’s hard to ignore the potential risks and outright dangers of this effort.”

Ukraine’s IT military was announced by Deputy Prime Minister Mykhailo Fedorov last Saturday, two days after Russia’s unprovoked invasion of the country. The initiative focused primarily on forcing Russian websites offline using distributed denial-of-service (DDoS) attacks. DDoS falls on the simpler end of the cyber-attack spectrum, but can still be disruptive.

And the Ukrainian IT army – which has more than 290,000 subscribers to its Telegram channel – has been quite successful in its work: more than half of the sites they have targeted have experienced partial or complete outages in Russia. , according to data provided by security professional Chris Partridge.

“I believe the data shows that the galvanized crowd can clearly cause costs and chaos at many targets,” Partridge, who follows the IT military’s activities on GitHub, said in a message to VentureBeat.

At the latest audit, numerous government, financial and media websites targeted by Ukraine’s IT military saw 0% or 10% uptime in Russia, Partridge’s data shows.

Meanwhile, the group expanded its tactics on Thursday by targeting SIP servers, he said. The servers are used for internet-based voice calls and are considered more difficult to defend against cyber-attacks.

‘This is the blueprint’

Everyone in security should pay attention to what’s happening with Ukraine’s IT military because it’s a sign of things to come, Partridge said.

“This is the blueprint for future cyberwar,” he said. “It seems inevitable that future conflicts would try to replicate the passion of this.”

Still, Partridge said he recognizes there are potential risks that cannot be ignored — and many others agree.

“There’s no question that vigilantes hacking into wars can have unintended consequences,” said Chris Grove, cybersecurity strategist at Nozomi Networks.

For example, cyber weapons can come off target and eventually hit services that normal citizens depend on. “Our supply chain ecosystem is so intertwined that attacking one link elsewhere can have unplanned consequences,” Grove says.

Casey Ellis, founder and CTO at Bugcrowd, said that while he can understand Ukraine’s motivation for doing this, “it certainly adds to the fog of war that exists in the cyber realm surrounding this conflict.”

Participating in these types of endeavors is also extremely risky for a person, Ellis said.

“Aside from direct Russian retaliation, for example, a well-meaning hacktivist in the state of Missouri is likely to be violating both state and federal laws by ‘helping’ — even if the target is the socially accepted ‘bad guy’ in this equation,” he said.

In other words, a social call to arms won’t change local laws, Ellis said.

“I’ve been telling some eager newbies over the past week that they haven’t done anything stupid — as well as trying to work with people to minimize the potential harm of participating to participants,” he said.

Attribution Risk

Misattribution for the attacks carried out by the IT military is another huge threat, mentioned by Ellis and a number of other experts at VentureBeat.

“It’s difficult, if not impossible, to quickly determine where an attack came from, or who was behind the attack,” said John Dickson, vice president at Coalfire. “It can get messy quickly. And the risk of cyber attacks from the Russians targeting the US and the west is becoming more likely.”

Looking ahead, Dickson said, “I fear that what Ukrainian volunteers are doing is more likely to amplify a cyber war outside Eastern Europe than have a tangible effect on the Russians.”

There’s also a chance their efforts could interfere with Western countries’ intelligence gathering, several experts said.

“With a public appeal to anyone who wants to help Ukraine defend itself against cyber-attacks during a physical conflict, we are entering unprecedented territory,” said Drew Schmitt, chief threat intelligence analyst at GuidePoint Security.

And yet, the attack on Ukraine is a terribly tragic situation that is getting worse by the minute. And if Ukraine thinks the IT military is helpful, isn’t that really up to them to decide?

“Everything is a matter of perspective,” said Kevin Gonzalez, director of security at Anvilogic.

fight back

Ukraine is using whatever resources it can muster to fight back against Russia – be it in the streets or in the cyber realm – and “who can blame them?” said Gonzalez.

While unintended consequences are certainly possible, he noted that the US and many other countries already have their own offensive cyber operations. Those are just a lot more under the radar than the Ukrainian IT military is currently.

“Ukraine deems this group necessary for their survival, just as the US has deemed the CIA and NSA essential to our survival against evolving threats,” Gonzalez said.

At some point, however, launching cyber-attacks that aren’t actually coordinated with broader military targets can be little more than vandalism, said John Bambenek, principal threat hunter at Netenrich.

That said, “the conflict is a war of attrition,” Bambenek said. Will Kiev fall first, or will the pressure on Putin be so great that he pulls out? In that sense it is all additive – and [the IT army] can help. Time will tell, really.”

“Ukraine considers this group necessary for their survival.”

Kevin Gonzalez, Director of Security, Anvilogic

future implications

In the longer term, much will depend on how the international community reacts to these events in retrospect, Schmitt said.

For example, it will be critical to see whether hactivism in support of Ukrainian cyber operations is ultimately considered a criminal offense, as it normally would be, he said.

But with the outcome of that being very unclear at this point, joining the IT military creates “dangerous territory for an adventurous soul with an Internet connection to enter,” said Tim Wade, deputy CTO at Vectra. “It’s not one to be taken lightly.”

It also remains to be determined where this style of warfare – involving both ha activists and cybercriminals – will come from here. SightGain CEO Christian Sorensen, who was previously operational planning team leader for the US Cyber ​​Command, noted that Ukraine’s IT military is far from alone in what it’s doing right now. The ha activist group Anonymous appears to have been particularly “impacted” so far in its cyber efforts to help Ukraine, he said.

Ultimately, “whether or not these groups should be doing this kind of activity,” Sorensen said, “it seems like a new way of war.”

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post Ukraine deserves an IT army. We have to live with the fallout

was original published at “https://venturebeat.com/2022/03/04/ukraine-deserves-an-it-army-we-have-to-live-with-the-fallout/”