![](\"https:\/\/media.wired.com\/photos\/621bdd98832c25ac1ffb649a\/master\/pass\/Sec_ukraine_GettyImages-1238749738.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Sun, 27 Feb 2022 20:25:30 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n Vladimir Putin\u2019s attack<\/span> on Ukraine<\/a> has been met with fierce resistance throughout the country\u2019s towns and cities. As Russian forces have moved closer to Kyiv<\/a>, lawyers, students, and actors have taken up arms<\/a> to defend their country from invasion. They are not the only ones: Volunteers have also flocked to join a Ukrainian volunteer \u201cIT Army\u201d that\u2019s fighting back online.<\/p>\n At around 9 pm local time on February 26, Ukraine\u2019s deputy prime minister and minister for digital transformation, Mykhailo Fedorov, announced the creation of the volunteer cyber army. \u201cWe have a lot of talented Ukrainians in the digital sphere: developers, cyber specialists, designers, copywriters, marketers,\u201d he said in a post on his official Telegram channel. \u201cWe continue to fight on the cyber front.\u201d<\/p>\n Ukraine has seen other volunteer-organized cyberdefense and attack efforts leading up to and early in the war effort. Separately hacktivists, including the hacking group Anonymous, have claimed DDoS attacks against Russian targets<\/a> and taken data from Belarusian weapons manufacturer Tetraedr. But the development of the IT Army, a government-led volunteer unit that\u2019s designed to operate in the middle of a fast-moving war zone, is without precedent.<\/p>\n The IT Army\u2019s tasks are being assigned to volunteers through a separate Telegram channel, Fedorov said in his announcement. So far more than 175,000 people have subscribed\u2014tapping Join on the public channel is all it takes\u2014and multiple tasks have been dished out. The channel\u2019s administrators, for instance, asked subscribers to launch distributed denial of service attacks against more than 25 Russian websites. These included Russian infrastructure businesses, such as energy giant Gazprom, the country\u2019s banks, and official government websites. Websites belonging to the Russian Ministry of Defense, the Kremlin, and communications regulator Roskomnadzor were also listed as potential targets. Russian news websites followed.<\/p>\n Since then the IT Army channel has expanded its scope. On February 27, it asked volunteers to target websites registered in Belarus, one of Russia\u2019s key allies. The channel has also told subscribers to report YouTube channels that allegedly \u201copenly lie about the war in Ukraine.\u201d<\/p>\n \u201cWe are trying to use any help to protect our country and people.\u201d<\/p>\n Former Ukrainian Official<\/p>\n One former Ukrainian official who has knowledge of the IT Army\u2019s organization says it was formed as a way for Ukraine to hit back against Russian cyberattacks. Russia has significant hacking capabilities<\/a>: Wiper attacks hit a Ukrainian bank in the buildup to the invasion<\/a>, and government websites were knocked offline. \u201cOur country didn\u2019t have any forces or intentions to attack anyone. Therefore, we made a call,\u201d the former Ukrainian official says. \u201cWe already know that they are quite good at cyberattacks. But now we will find out how good they are in cyberdefense,\u201d the former official says.<\/p>\n \u201cFor a country that\u2019s facing an existential threat, like Ukraine, it\u2019s really not surprising that this sort of call would go out and that some citizens would respond,\u201d says J. Michael Daniel, the head of the industry group Cyber Threat Alliance and former White House cyber coordinator for President Obama. \u201cPart of it is also a signaling exercise. It\u2019s signaling a level of commitment across the country of Ukraine to resisting what the Russians are doing.\u201d<\/p>\n The impact of the IT Army is hard to gauge thus far. While thousands of members have joined the Telegram channel, there is no indication of who they are or their involvement in any response. The channel has shared screenshots of some Russian websites allegedly being taken offline, but it\u2019s unclear how successful these efforts have been or where they originated from.<\/p>\n While many nations around the world have offensive hacking capabilities, these are mostly shrouded in secrecy and run by intelligence agencies or military units. The IT Army will likely instead take on defensive tasks to free up Ukraine\u2019s government hackers. \u201cIt really is true that even in this age of automation and other things, additional bodies will make a big difference,\u201d says Daniel.<\/p>\n The challenge now will be to effectively corral those newfound resources. The former Ukrainian official says the IT Army is being coordinated through a Telegram channel as it is an easy way to broadcast messages to thousands of people at once. They say those working on the IT Army behind the scenes are doing so in more-secure messaging services, although they decline to say which ones. \u201cWe are trying to use any help to protect our country and people,\u201d they say.<\/p>\n \u201cManaging the organization and logistics is a challenge in itself,\u201d says Lukasz Olejnik, an independent cybersecurity researcher and consultant who previously acted as a cyberwarfare adviser at the International Committee of the Red Cross. He says there are questions around how to vet volunteers, distribute targets, and avoid infiltration.<\/p>\n Who exactly Ukraine recruits will have the most bearing on what tasks the IT Army takes on. But it\u2019s likely to encompass the DDoS attacks that have been called for thus far, and potentially helping protect critical infrastructure. \u201cThe idea that you\u2019re going to grab this ragtag group of folk, even if they have an extensive pen testing background, that they\u2019re going to somehow hack into the Kremlin\u2019s networks and get valuable intelligence that\u2019s going to change the course, that\u2019s fantasy,\u201d<\/strong> says Jake Williams, an incident responder and former NSA hacker. \u201cDDoS and defensive is probably more important for Ukraine right now than offensive.\u201d<\/p>\n It will also be important for the group to avoid any misfires. Launching more sophisticated cyberattacks\u2014such as a worm, which can self-propagate<\/a> from one system to the next\u2014would also risk spillover incidents<\/a>, where the impact of a cyberattack goes well beyond its intended target<\/a>. \u201cYou could take anything from emergency services, health care systems, or other things offline without meaning to. Which both has an immediate impact\u2014you could hurt civilians inside Russia\u2014and it could also inadvertently escalate things if the Russians perceive that as a direct order, the direct intent of the Ukrainian government, and they escalate and respond in kind,\u201d Daniel says. That caution applies as well, and perhaps even more so, to independent hacktivist groups like Anonymous, which has vocally joined the fray. Russia-based ransomware group Conti has said<\/a> it would use its \u201cfull capacity\u201d to retaliate if the West attempted to target critical infrastructure in Russian or \u201cany Russian-speaking region of the world.\u201d<\/p>\n