News

Can Anonymous rewrite cyber warfare in its attacks on Russia?

Anonymous declared a large-scale cyber war against Russia after the invasion of Ukraine. Considering that Russia has one of the largest cyber armies on the planet and its intelligence agencies maintain some of the most capable outside groups in the Network of networks, a cybersecurity specialist (an American who worked in kyiv for the last 10 years, until he fled to Poland in February) has investigated whether Anonymous hacktivists are achieving their goals. And how are they doing it?

The Russian invasion of Ukraine continues even though the news is paying less and less attention to it. As usual… The invasion has resulted in thousands of deaths and injuries, millions of internally displaced persons in Ukraine and the largest refugee crisis in Europe since the Second World War. Not to mention the economic consequences that have spread to the entire planet, galloping inflation that makes us poorer every month and a recession on the horizon when at this point in the year we should be finishing out of the consequences of the coronavirus pandemic. COVID.

When the invasion began in February, we did a modest situation analysis because the war in Ukraine is also being waged in cyberspace. If in the physical world Russia is showing itself enough «incompetent to achieve their goals«, according to all international analyses, in the world of cyberspace, Russia has elements of attack and defense that are cited among the planetary elite.

According to a Microsoft report, Russian security services prepared in advance for the military incursion and likely attempted or had already accessed Ukraine’s information and technology systems, including providers of energy and other critical services. In fact, before the invasion, cyberattacks (DDoS, hacked websites, Wiper malware that deleted data and programs) against critical infrastructures, government agencies and financial entities were already registered in Ukraine, Lithuania and Latvia. To be sure, these attacks have continued from Russian agencies and groups sponsored by the Putin government.

Anonymous springs into action

It is the pseudonym used by the cyberactivism and hacktivism group that has been operating since 2003. Known for its cyberattacks on governments of all kinds, corporations, sects, copyright companies, etc., many people saw Anonymous as cyber vandals. Anonymous has threatened a lot and pulled off some successful hacks, but they haven’t carried out truly world-shaking attacks.

When the invasion of Ukraine began, Anonymous declared a cyber war against Russia and the tone of the media and public opinion about the group’s actions has been shifting towards a reputation of a “digital Robin Hood”. The group has received support for its actions in defending a smaller Ukraine against a larger, more cyber-capable Russia.

The security specialist and co-founder of Security Discovery, Jeremiah Fowler, worked for 10 years in the Ukraine and together with the Website Planet team has been monitoring the actions of Anonymous in Russia. Before the big data dumps of hacked logs were released, analyzed 100 Russian databases and discovered that 92% of them had been compromised with pro-Ukrainian messages or removed altogether.

The methods that Anonymous has used against Russia have not only been highly disruptive and effectivebut -according to the researcher- “they have also rewritten the rules of how collaborative modern cyber warfare is conducted”. In addition to hacking and releasing Russian data, the group has also offered Ukraine cybersecurity assistance, such as penetration testing and searching for vulnerabilities before Russia can exploit them.

Anonymous also offered free training for new recruits about denial of service attacks and other hacktivist methods. This allows anyone with a computer and an Internet connection, regardless of their technical skills, to join the cyber war. The initial call to ‘combat’ posted on Twitter morphed into a larger operation that extended beyond the Russian government, businesses and organizations, and included an information campaign targeting Russian citizens.

What has Anonymous achieved so far and how has it been done?

Some of the techniques used by Anonymous in the conflict are:

database hacking. The group claims to have hacked into more than 2,500 Russian and Belarusian sites, obtaining a massive amount of data that they say will take months to analyze. They have already released leaked information about top Russian military officials, the Russian Central Bank, Roscosmos space agency, oil and gas companies (Gazregion, Gazprom, Technotec), Sawatzky property management company, broadcaster VGTRK and others. .

Russian server hijack. Anonymous hacked into Russian hosting servers and then used them to attack other websites and services in the country. The use of Russian IP addresses caused outage and denial of service to sites using the simple protection method of geo-blocking IP addresses outside of Russia. This is very effective as hacked servers are often unaware that their resources are being used to launch attacks on other servers.

pirated printers. Russian censorship has prevented many citizens within the country from learning the true scale of the war and Russian losses. Anonymous claims to have hacked anonymous printers to distribute more than 100,000 pro-Ukrainian documents. This also included barcode printers in grocery stores where prices and product names were changed to anti-war slogans.

Usage of Conti ransomware code. The group Network Battalion 65, affiliated with Anonymous, edited the source code of the Conti malware (of Russian origin) and used it in ransomware attacks. As in a typical attack with this malware, victims’ computers were hijacked and forced to pay a ransom that was reportedly going to victims in Ukraine.

Against companies doing business in Russia. Sanctions from Western countries and customers were not enough to completely prevent some companies from trying to stay in the Russian market. Profits are the backbone of any business and many companies have a long history of putting revenue before morale. Anonymous threatened to leak confidential or internal business data from some of them such as Nestlé, Leroy Merlin and Decathlon.

RoboDial, SMS and email spam. Squad303, another group affiliated with Anonymous, claims to have sent more than 100 million messages to Russian devices to bypass censorship and inform citizens. The technology used is the same as spam that tries to sell a service or scam victims.

news hack. The Russian government passed a “fake news” law that punished journalists with up to 15 years in prison for speaking out against the war. Multiple Anonymous-affiliated groups launched attacks on smart TVs, internet broadcasts, news sites and TV channels that showed war footage or other news that bypassed Russian censors.

It is only a sample because many more techniques have been used, most of them successful. The questions pile up: Have we overestimated Russia’s cyber capabilities? Do these actions do real harm, thought above all to stop the invasion of Ukraine?

And other related questions. Anonymous is consolidating itself as a true decentralized cyber army with the tacit consent of a part of public opinion, but what will happen if, once larger and well trained, it takes on another cause? What will happen if these new cyber tools, methods, and recruits target Western companies, banks, or government infrastructure? This is an interesting article from Website Planet that we recommend.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *