From: Bettina Menzel

The IT army of Ukraine is fighting in the background with the soldiers at the front (symbol image). © IMAGO / VectorFusionArt

The Ukraine war is the first large-scale cyber war. An army of thousands of volunteers fights on the computer – instead of at the front against Russia.

Kyiv – 10,000 active volunteers are fighting in the Ukraine war in the background with the men at the front: The members of the voluntary organization IT-Armee der Ukraine grab into Russia the services of railroads, tax authorities and toll booths – shutting them down for hours, days or, in rare cases, weeks. Their weapons are not storm shadows or machine guns, but DDoS attacks. Because the front line also runs online – and sometimes crosses legal borders.

IT army of Ukraine fights with DDoS attacks in cyber war against Russia

In Distributed Denial-of-Service (DDoS) attacks, the attackers send a large number of requests to a website from different computers until the server is overloaded and crashes. The aim is to paralyze Russia’s economy, block vital financial, infrastructure and government services and “counteract hostile media propaganda,” said the spokesman for Ukraine’s IT army, who only wants to be addressed by the name “George”. fr.de from IPPEN.MEDIA. In principle, anyone with a computer and Internet access can join. Russia also uses this technique and uses it to attack European targets, among others.

Just two days after the start of the war, Ukraine’s Minister for Digital Transformation, Mykhailo Fedorov, announced the creation of the IT army. In addition to the thousands of volunteers, the decentralized organization consists of a core group of 20 to 30 senior employees. George, the army press secretary, who is around 40 years old, has been there from the start, as has he fr.en told. He is actually a technology entrepreneur, but the IT army is his passion and, from his point of view, a sincere contribution to the fight against Russia – even if he does not fight with weapons himself. The threat of bombing raids and the restriction of his freedom were the biggest cuts for him personally since the invasion began, George gives a personal insight.

“Such DDOS attacks are essentially material battles”, describes the computer specialist of the Chaos Computer Club, Joachim Stelzer fr.de the backgrounds. “Figuratively speaking: The attacker sends 1000 people to the supermarket to block the checkout line there, and the supermarket tries to distinguish the 1000 people from the real customers and opens all existing checkouts.” The problem is obvious: there is only one limits the number of checkouts, and filtering out honest customers only works until the attacker finds out what the supermarket is looking for and disguises its people accordingly.

IT Army of Ukraine: Attack is the best defense?

So the focus of the IT army is on attack, not on defense. The reason: The protection of critical infrastructure requires access to sensitive data and systems that anonymous volunteers cannot obtain. The special communications service of Ukraine is responsible for defending cyber security – for example against Russian hacker groups such as NoName057(16) and others. Offensive measures are the logical step for the cyber army. One of their more well-known actions was the attack on the Russian navigation system Glonass – an alternative to the US Global Positioning System (GPS). However, the spokesman did not want to reveal any details.

Many operations are conducted in “shadow mode” and are not public knowledge, George added. Typically, two to three missions would be running simultaneously at any one time, each targeting three to 15 important services. The Ukraine war is considered the first large-scale cyber war and technology plays a major role. However, artificial intelligence (AI) is not a big issue in the IT army, the press spokesman continued. Apparently, this is mainly for legal reasons. “Specifically with regard to ChatGPT or other AI tools, we adhere to principles that prevent activities that may fall into gray areas,” is the terse reply.

This is how the IT army of Ukraine protects itself against Russian spies

According to the army, there is usually no agreement with the Ministry of Defense and the organization is not directly subordinate to any ministry in Ukraine. “Coordination with external bodies is not usual when selecting targets,” said the spokesman. An identity check of the members does not take place either. How to prevent infiltration into the system of Russian spies? First, the missions are not publicly announced.

In addition, “the contributors only have to install certain software and the configuration is automatically updated,” according to the spokesman. This design prevents malicious actors from intervening and makes participation in the actions safe and easy for everyone involved. Volunteers cannot cause any significant damage anyway. “Even if a spy intrudes, he can only influence a small aspect, such as a Telegram post,” it said.

IT army neither legal nor illegal? “We are in an unprecedented situation”

The legal status of the IT Army is according to the CSS Cyber ​​Defense Report by Stefan Soesanto at the University of ETH Zurich “neither lawful nor unlawful”. This stance reflects the “complex and unprecedented situation we find ourselves in,” the spokesman acknowledged. “We are engaged in a form of resistance that was not foreseen in the existing legal framework, not only in Ukraine but worldwide.” One is aware that DDoS attacks, for example, are considered illegal under conventional legal conditions.

These are “extraordinary times that require extraordinary measures,” the spokesman continued. “Justice systems around the world should take into account the unique conditions and motivations that drive our members to act.” But there are no “unethical practices” in the IT army. One uses proxies and no botnets, emphasized the spokesman. After all, botnets are also legally problematic.

Battle with botnets against Moscow: Illegal attacks by voluntary actors

“A botnet is a network of hijacked computers,” says Joachim Stelzer, a member of the Chaos Computer Club (CCC). fr.de from IPPEN.MEDIA. “Crucial to the success of a botnet is its size, so it is difficult to get enough devices legally. A botnet usually consists of machines that have been taken over illegally,” Stelzer continues. A proxy, on the other hand, is a piece of software that forwards requests coming from a client. In principle, this piece of software can run anywhere: “on your own hardware or on machines that have been hijacked by a botnet. So the terms botnet and proxy are not mutually exclusive,” explained the computer expert.

CCC member Stelzer suspected that the IT army emphasizes the use of proxies because it attaches importance to using their own hardware for their DDoS attacks, not hostile systems taken over by bystanders. “We rely on some of our members bringing in proxies that can actually be viewed as part of a botnet,” George admitted when asked. However, by actors who take part voluntarily, the press spokesman emphasized.

IT army will “never forget help in this difficult time”

Would state actors, especially armies, enter the black market a botnet renting them for their activities – or “stealing” them together – means that they draw innocent bystanders from all over the world into a war, computer specialist Stelzer points out. “It would be like the Ukrainian army stopping all foreign vehicles on its territory and forcing the occupants to do front-line duty.” Technically, that might be possible, “but in my opinion, Ukraine, which is dependent on the solidarity of Western countries, cannot afford such a step,” Stelzer continued.

The IT army, however, hopes that its actions will be seen in the context of a struggle for survival, explains George. Everyone is grateful for every contribution – moral support is more important than specialist knowledge. “We are fighting against a strong opponent and are grateful for any support from our friends in Germany and around the world,” said the spokesman, adding that Ukrainians will never forget the help people provided during this difficult time. (bme)