Ukrainian “hacktivists” are creating trouble for the Russian internet with a simple and unsophisticated attack.
While President Joe Biden is telling American companies to brace for a potentially sophisticated cyberattack by Vladimir Putin, “ordinary” Ukrainian hackers are mucking with the Russians using one of the oldest cyber-tricks in the book. It’s known as a Distributed Denial of Service attack or DDoS. And while such attacks usually do not do much damage, they can be perpetrated fairly easily.
NBC News recently told the story of “M,” whose name they withheld to protect him from Russian reprisals. M is a Ukrainian engineer in his early 20s. He told NBC that he was not healthy enough to enlist in the military. So every day, he sits down at his computer to do what he can as part of Ukraine’s “IT army,” an informal group of volunteer hackers whose job it is to wreak as much havoc on Russian websites as possible.
“I try to do whatever I can, whatever I can reach to end the war, to stop it, to stop killing Ukrainian people,” said M.
M’s tool is a simple one, flooding Russian websites with fake web traffic, an old and basic cyberattack more commonly known as a distributed denial of service, or DDoS. He can execute it from the computer in his bedroom in Lviv, Ukraine.
Though unsophisticated, the DDoS attack has had a renaissance during the opening weeks of Russia’s invasion of Ukraine. And though the attacks do not tend to do much damage — many websites can either mitigate the attacks or come back online quickly — they’re away for almost any hacktivist to participate.
“They’re quite an easy task that most people can do on their phones and their laptops,” M said.
The DDoS attacks are the most conspicuous part of a hacktivist-driven cyberbattle around Ukraine, with little evidence of more advanced, state-based cyberattacks — at least so far.
Shane Huntley, the head of Google’s Threat Analysis Group, which tracks hacking trends, said that DDoS attacks are appealing to novice hackers because widely available programs make them easy to deploy.
“DDoS is the easiest thing to do. It’s one-click now. If you’re a teenager anywhere in the world, you can participate,” he said. “It has the lowest barrier to entry.”
They also can make a visible, immediate impact, he said.
“DDoS is the most obvious of all attacks, so it’s really easy to see this activity, versus espionage or subtler destruction attacks,” Huntley said. “It’s very clear when a site goes offline.”
Metrics on the size of DDoS attacks and their impact on Russian companies and agencies can be difficult to come by, but Russia has given some indications that they’ve become a serious hindrance. A number of Russian sites have recently made themselves available only to computers with a Russian IP address, meaning someone has to be in Russia or use a virtual private network to route their internet connection through the country to access it.
Russian state news outlets have also said that Ukraine’s IT army is responsible for some of the largest and most sustained DDoS attacks Russia has seen in years. Russia’s Ministry of Digital Development and Communications reportedly declared last week that the volume of DDoS attacks in the country had become “unprecedented,” and the agency noted on its Telegram channel that it had offered assistance to banks that were under attack.
Outside of Ukraine’s IT army, hackers from around the world have also lent their efforts to foil the Russians. Some hackers who have self-designated as Anonymous — a hacktivist label that now points more toward a statement of purpose than a discrete group — have claimed to have hacked Russian TV networks, forced printers in Russia to spit out anti-war sentiments, and recently threatened to target companies that still do business in Russia.
While DDoS attacks appear to be by far the most visible way that hacktivists are trying to support Ukraine, some hacktivists have also defaced Russian websites or leaked alleged Russian government or corporate files.
Emma Best, the co-founder of Distributed Denial of Secrets, a group that curates leaked material, said the group has so far released 15 different sets of Russian information provided by people who identified as hacktivists and had received even more. However, NBC News said that it had not verified the authenticity of those leaked documents.
Huntley of Google’s Threat Analysis Group, said that while DDoS attacks are the most visible, they’re a fraction of the cyber conflict happening between Russia and Ukraine and their supporters.
“There’s more happening than any individual observer will be able to pick up,” he said. “Denial of service is the one that people are going to immediately notice.”