Ukraine’s IT Warriors

As the Ukrainian army fights Russia’s invasion on the ground, a parallel war unfolds in cyberspace.

Ukraine’s IT Warriors

As the Ukrainian army fights Russia’s invasion on the ground, a parallel war unfolds in cyberspace.

When Russia invaded Ukraine on February 24, 30-something Mykyta felt compelled to help his country. Passionate about computers but with no formal IT training, he nonetheless joined a growing number of hacktivists who aim to use their keyboards as weapons.

Mykyta is one of about 310,000 people who have come together as the IT Army of Ukraine to fight back against Ukraine’s invasion of Russia. Organised via a group on the chat app Telegram and operating under the aegis of the ministry of digital transformation, the group assigns tasks and attacks to be conducted in cyber space.

Like Mykyta, many volunteers have no IT background, so detailed instructions are posted for newcomers. A special web-game for launching a distributed denial-of-service (DDoS) attack - which overwhelms a target with a flood of online traffic - has been launched for non-experts with instructions in English and Ukrainian and the motto, “play and help to stop the war.”

“I searched for instructions on how to launch a DDoS attack, and so I’m here,” Mykyta told IWPR. “In ten days, I made my way from opening a special web-page with a script for an attack to a system of numerous machines in a cloud which automatically select and arrange different kinds of attacks.”

The IT Army of Ukraine was initiated by Ukraine’ minister of digital transformation, Mykhailo Fedorov. Two days after Russian President Vladimir Putin ordered tanks to roll into Ukraine, the 31-year-old minister called on the world to join “the fight on the cyber front”.

“We need digital talents,” he wrote on the IT Army’s Telegram channel. “There will be tasks for everyone… We have a lot of talented Ukrainians in the digital sphere: developers, cyber specialists, designers, copywriters, marketing experts and ‘targetologists’.

“Let's create an IT army," he posted, addressing the nearly 300,000 Ukrainians working in the tech industry, a juggernaut which in 2021 generated 6.8 billion US dollars, over 4 per cent of the country’s GDP.

Fedorov also called on Meta, Google, Netflix, Apple and Elon Musk to block their services in Russia and stated that he asked the American cyber security company Cloudflare to deprive Russian websites of the DDoS protection it provides.

The IT army operates uses two main hacking methods –attempting to access sensitive or private information to leak the data to disrupt normal operations, and conducting DDoS attacks. 

Every day, so-called generals coordinate the volunteers: they announce specific Russian targets, like the security service (FSB), and everyone gets on with attacking them.

“It often happens that we soon reach the goal and the next [target] is announced, so one could switch to another, smaller hacktivist group to attack any other, smaller target, like the website of a Russian bank,” Mykyta explained.

The Guild of IT Specialists, a Ukrainian NGO created in 2021 to protect and lobby for the industry, launched its own effort to cyber-target Russian assets and “other, more serious activities which I'd preferred not to disclose" said Taras Rozkishnyi, 30, the director of the organisation. The Guild is not directly linked to the IT Army.

“The existence of different groups is a benefit as each applies different approaches and methods,” for the same goal, Rozkishnyi said.

Warriors joined from all over the world, including from neighbouring Belarus, a close Russian ally. On February 25, Cyber Partisany, an online guerilla group set up in 2020, reported a successful attack on the Belarusian railway, preventing Russian forces from sending weapons across the border.

Sviatoslav Slaboshpytskyi, a 34-year-old Ukrainian who works in online gambling, is using his professional experience to aid in the fightback against Russia.

"Online casinos are on the edge of the law in many countries, including Russia,” he said. “We already had, among other things, the know-how to evade the actions of Roscomnadzor” -a reference to Russia’s regulatory agency for IT and communications. 

As the Kremlin has restricted access to information, for example banning news outlets from using the terms "war" or “invasion”, Slaboshpytskyi and his group's primary work has been to place targeted advertising for Russians about the conflict in Ukraine.

They also spread information through automated mass text messaging and phone calls to Russian numbers. This work was an independent initiative, and the group joined the IT Army in response to Fedorov’s call. They now operate under its centralised command, but also continue their own actions.

These include the support of a system of mirror websites for 200rf.com, the website listing Russian soldiers who have been either killed or captured in action. Launched by the Ukrainian ministry of internal affairs, it aims to inform the families of Russian soldiers of their loved one’s whereabouts, as many were reportedly unaware of their deployment in Ukraine.

"Ukrainian actions are so numerous that we have absolute dominance over the internet.”

In Russia, the authorities have already reported an “unprecedented” number of DDoS attacks and Roscomnadzor demanded Google stop "spreading mendacious advertising messages”.

Moscow's mayor, Sergey Sobianin, warned that the websites of restaurants, shops and hotels were being flooded by fake complaints and comments, as Ukrainians rushed to Google Maps to place s-called reviews with pictures of killed Russian soldiers or destroyed Ukrainian towns.

As on combat terrain, the cyber army have encountered setbacks with cases in which hacktivists have DDoSed Ukrainian sites instead of Russian, either following provocations or due to mistake, for instance because of language issues. As a result, ad-hoc filters have been set up for separating wrong targets.

As the forum is predominantly in Ukrainian, foreign hacktivists try to figure out what is discussed or organise linked groups of English, Dutch or Spanish speakers.

“I want to help in any way possible, but I can't read a single letter here," one of them wrote with a laughing emoji.

Rozkishnyi says that his colleagues have received various spam emails proposing that they to join fake hacktivists groups.

Russia has rounded up its own cyber troopers too. Their equivalent Telegram channel, launched on the same day as Ukraine’s, counts about 20,000 subscribers but has proved to be less effective.

“They try to repel, but the damage Ukrainians inflict on them is a hundred times stronger," Slaboshpytskyi said. "You can't do this in a centralised way. Ukrainian actions are so numerous, popular and spontaneous that we have absolute dominance over the internet.”

Digital companies with Ukrainian links have joined the fight. Reface, a popular AI-powered face-swap application developed in Kyiv is orchestrating a campaign which entails sending push notifications to two million of its Russian users about the invasion of Ukraine.

As hackers look for breaches in personal Russian profiles, there have also been warning s that risk that some may stray into unethical territory.

In the first days of the war Belarus’ Cyber Partisany leaked about 120 personal profiles from a Russian base.

"We want to upload it so folks could search the fighters, their wives, and relatives in social media and write to them to look for their guy," one IT warrior wrote in a forum.

"Excellent idea," another replied. "Any unoccupied freelance terrorists here?

This publication was prepared under the "Amplify, Verify, Engage (AVE) Project" implemented with the financial support of the Ministry of Foreign Affairs, Norway.

Support our journalists