Ukraine’s IT military does well, hitting Russia with ‘cost and chaos’

Join today’s leading executives at the Data Summit on March 9. Register here.

Whatever you think about the risks posed by the Ukrainian IT military – and there are a few – the available data shows that the initiative is in fact having an impact on Russia.

Ukraine’s IT military is also beginning to expand beyond basic attacks, known as distributed denial-of-service (DDoS), and into cyber-attacks that may prove more difficult for targeted Russian sites to defend against.

My source on this is security professional Chris Partridge, which has tracked the status of Russian internet properties targeted by the Ukrainian IT military. Every day since Sunday – the day after the initiative was announced – Partridge has been posting data on GitHub about what percentage of targeted Russian sites were still online.

Bottom line for the findings: More than half of the Ukrainian IT military sites have experienced partial or complete outages in Russia, based on the samples collected.

In other words, the Ukrainian IT military has been a success so far – at least insofar as it pursues its goal.

“IT Army’s stated goal is simply that people should use all possible force to disrupt these sites,” Partridge said in a message to VentureBeat. “In that sense, they’ve moved a huge number of people into action, and I believe the data shows that the galvanized crowd can clearly cause costs and chaos at many targets.”

Outside of Russia, the percentage of targeted sites that have gone offline is “much higher,” he noted. While the potential impact of this is smaller, it’s still disruptive.

Build an army

As you know, Ukraine is trying to fend off an unprovoked and deadly attack from an attacker with much superior resources, both in terms of traditional military means and cyber capabilities.

As part of that effort, Mykhailo Fedorov, the Deputy Prime Minister of Ukraine, announced the Ukrainian IT Army Initiative on Saturday at Twitter

“There will be tasks for everyone,” Fedorov tweeted. “We will continue to fight on the cyber front.”

At the last count, the Ukrainian IT military had 288,696 subscribers to its public Telegram channel, believed to include a significant number of people who are not from Ukraine.

Add Goals

The IT military adds new targets every day, sometimes several times a day. As the target list has grown, the percentage of targeted sites that go offline has decreased, but not by much, according to Partridge’s data. As of his last sample on Thursday, about 44% of targeted sites were offline — compared to 56% of sites that were offline during his first sample on Sunday, when far fewer sites were being targeted.

Partridge made a caveat, as any good researcher would, that the project doesn’t necessarily tell the full story, because he didn’t make a point of checking targets right after the IT military announced them. “It’s possible that more sites were disabled, but recovered quickly thanks to good anti-DDoS practices,” he said.

But even if that is the case, it only reinforces the idea that the Ukrainian IT military is doing a good job, rather than contradicting it.

Partridge acknowledged that he is questioning some elements of the initiative, such as whether some of the target choices were really that tactical (several were not, he says). It is also questionable whether some of the attacks can be made more powerful. “The tools some people have written to make contributing to this DDoS ‘easy’ don’t maximize the potential of the systems they run on,” Partridge said.

However, those complaints “completely dwarf the little effort Ukraine has to put in itself to achieve the results,” he said. “To have an audience of 250,000 overnight — and reportedly DDoSing in the terabit-per-second range at no upfront cost to Ukraine in building out these offensive cyber capabilities — the efficiency of this is staggering.”

new tactics

And Ukraine’s IT military is also starting to improve its game, according to Partridge.

The group has traditionally focused on the “front door” — public web applications for businesses and government agencies, he said. However, the effectiveness of DDoS against sites generally declines over time on a site-by-site basis — as the operators of targeted sites deploy anti-DDoS protections or improve their current security, Partridge noted.

Crucially, Ukraine’s IT military selected SIP servers on Thursday, which are used for internet-based voice calls, he said.

“Defenders may have a harder time protecting” [those servers] and will need to keep them online for business functionality,” said Partridge.

Partridge, who works for Amazon but does this project in his spare time, said on his GitHub page for the project that he’s taken this on because it’s an important issue for the security community to follow. And having independent data is critical to accurately assessing what the Ukrainian IT military is doing.

“All cybersecurity professionals should pay attention to this,” he wrote on the GitHub page.

‘This is the blueprint’

In his posts to VentureBeat, Partridge explained that “this is the first time we see two countries that rely heavily on technology and resolve a direct conflict.”

“This is the blueprint for future cyberwarfare, and hacktivism alone has sparked so much international engagement that it seems inevitable that future conflicts will try to emulate the passion of this,” he said. “A lot of people took to this, myself included, expecting Russia to compete fiercely in cyberspace. They are still a force to be wary of, but I think it falters a bit how quickly Ukraine retaliated without comparable mature and well-equipped operations.”

However, it’s worth acknowledging that “this also sets a somewhat dangerous precedent – where I think a lot of people are going to do hacktivism, feel empowered by doing hacktivism, and then continue doing hacktivism in the future without really internalizing that CFAA.” (or other regional laws) hit hard and have been used against hacktivists before,” said Partridge.

“This may be something that security professionals need to support, even without preparing for conflict,” he said.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post Ukraine’s IT military does well, hitting Russia with ‘cost and chaos’

was original published at “”