An interview with Evgeniy Dokunin aka “White hacker” brought to light prompt information about a group of hackers who call themselves “Ukrainian cyber troops” (UCT).
Evgeniy Dokunin is the leader and founder of the organization. He has been working in the field of security cyber systems for 10 years already and got the idea to establish UCT when political and social problems in Krym (Russia) reached their apogee. He used a vulnerability in the security system and “dismissed” Sergey Aksenov – the head of Krym Republic – on the official webpage of Krym Parliament. In March 2017 a “White hacker” made attempts to block bank accounts of reputed terrorists – he sent messages to “Web Money” and “Yandex Money” with an appeal to freeze terrorist accounts and the request was accomplished in a couple of days. Evgeniy Dokunin published reports on his activity on Facebook, which drew people to join in. At the present moment all members of “Cyber troops” were able to view a list of “urgent operations” and choose the most convenient mode of cooperation.
UCT has grown to over 3,000 “warriors,” and they are all volunteers. Cyber troops mostly work in 15 directions, one of them is called “Blocked runts” and aimed at shutting down certain websites (for example terrorists) with the help of DDoS attacks. It is important to note that such actions are considered to be criminal offenses in Ukraine, making UCT conceal involvement in attacks. Members of the “Cyber troop” avoid personal meetings, communicate only via Internet in fear of espionage charges. In fact, Ukrainian Legal enforces agencies seem to ignore criminal activity of “troopers”, in spite of facts proving no indications of any law violations.
“White hacker” considers that the future of his foundation is quite promising. He hopes to increase influence on the state level and attract investments.
The most remarkable actions
Bombs in Russian cities
On the 12th of September “Ukrainian cyber troops” made multiple phone calls claiming that different buildings were mined. They used an example of DDoS attacks to interrupt the work of Russian LEAs. Police departments in over 14 regions received numerous claims about bombs planted in city malls, night clubs, schools and campuses. Police officers followed instructions – immediately headed to reported places, evacuated people, but explosive devices were never found. Cyber troops used IP telephony and distorted voice communication in order to stay anonymous. In total 242 buildings were “mined” during one day, thousands of people evacuated. Alexander Bortnikov, the head of Russian Federal Security Service, announced that the financial damage dealt was $5 million total. Neither suspects nor their location had been identified yet.
Ukrainian cyber troops hacked several servers of the Russian Ministry of Internal Affairs and then leaked the data. According to Dokunin, troopers managed to get access to files of 66.7 Gb in total, including secret information concerning Ukraine. Documents were uploaded to file sharing websites – ex.ua and Google.Drive so that everyone could read them. Furthermore, the files were handed over to Security Service of Ukraine (SSU). “White hacker” asked SSU to “Read and analyze the data,” and promised to leak new information. However, Security Service did not comply with his request (it is obvious that Ukrainian LEAs are not interested in secret information stolen from Russian servers) and Dokunin ordered troopers to get this work done.
It is constantly an ongoing operation of cyberattacks on Luganskaya and Donetskaya Republics (which are regions of Ukraine fighting for independence). During “Nemesis,” UCT used DDoS attacks – troopers call them “artillery” – in order to shut down terrorist websites. The bombardment never ends, 24 hours, 7 days a week. The blocked resources mainly spread anti-Ukrainian propaganda, shared information about “Ukrainian patriots”. The number of attacked sites per day varies from 180-200 and includes mostly blogs and forums.
To protect and to serve
It would be wrong to say that all activity of Ukrainian cyber troops is destructive. Their leader considers that confronting outer cyberattacks is one of the most important goals and its effectiveness can be reached only in tight cooperation with the government. Firstly, troopers track cyberattacks on state institutions (such as Ministry of Finance and Pension Fund of Ukraine), pass obtained data to Security Service of Ukraine and help LEAs to counter strike hackers. They are also engaged in search for bugs and discovering vulnerabilities, which can be used by hackers. The president of Ukraine Petr Poroshenko recently reported over 6,500 registered attempts to hack five ministries and 31 state databases in 2017. Some of them were successful and resulted in loss of approximately 3 Tb of information. The state system of cyber protection is believed to function not well enough and Verkhovna Rada (Ukrainian Parliament) has already passed an increased budget in order to develop and upgrade the system.
“Ukrainian cyber troops” are treated controversially. They are on the one hand a criminal group while on the other a community of activists countering cyberattacks on their Motherland Ukraine. They break law under the aegis of patriotism.