Hackers claim to have broken into dozens of Russian institutions over the past two months, including the Kremlin’s internet censor and one of its primary intelligence services, leaking emails and internal documents to the public in an apparent hack-and-leak campaign that is remarkable in its scope.
The hacking operation comes as the Ukrainian government appears to have begun a parallel effort to punish Russia by publishing the names of purported Russian soldiers who operated in Bucha,
the site of a massacre of civilians, and agents of the F.S.B., a major Russian intelligence agency, along with identifying information like dates of birth and passport numbers. It is unclear how the Ukrainian government obtained those names or whether they were part of the hacks.
Much of the data released by the hackers and the Ukrainian government is by its nature impossible to verify. As an intelligence agency, the F.S.B. would never confirm a list of its officers. Even the groups distributing the data have warned that the files swiped from Russian institutions could contain malware, manipulated or faked information, and other tripwires.
Some of the data may also be recycled from previous leaks and presented as new,
researchers have said, in an attempt to artificially increase the hackers’ credibility. Or some of it could be manufactured — something that has happened before in the ongoing cyberconflict between Russia and Ukraine, which dates back more than a decade.
But the hacking effort appears to be part of a campaign by those opposing the Kremlin to help in the war effort by making it extremely difficult for Russian spies to operate abroad and by planting a seed of fear in the minds of soldiers that they could be held to account for human rights abuses.
Dmitri Alperovitch, a founder of the Silverado Policy Accelerator, a Washington think tank, and the former chief technology officer at the cybersecurity firm CrowdStrike, said there was reason to maintain a healthy skepticism about the reliability of some of the leaks.
But he added that the hacking campaign “once again may prove that in the age of pervasive cyberintrusions and the generation of vast amounts of digital exhaust by nearly every person in a connected society, no one is able to hide and avoid identification
for egregious war crimes for long.”
The leaks also demonstrate Ukraine’s willingness to join forces with
amateur hackers in its cyberwar against Russia. In early March, Ukrainian officials rallied volunteers for hacking projects, and the Ukrainian government has been publishing information about its opponents on official websites. A channel on the messaging platform Telegram that lists targets for the volunteers to hack has grown to more than 288,000 members.
American intelligence officials say they believe that hackers operating in Russia and Eastern Europe have now been split into at least two camps. Some, like Conti, a major ransomware group that was itself hacked in late February, have pledged fealty to President Vladimir V. Putin of Russia. Others, mostly from Eastern Europe, have been offended by the Russian invasion, and particularly the killings of civilians, and have sided with the government of President Volodymyr Zelensky of Ukraine.
Some of the online combatants have shifted away from tactics used earlier in the conflict. In the first phase of the war, Ukrainian hackers focused on attacks intended to knock Russian websites offline. Russian hackers targeted Ukrainian government websites in January, ahead of the invasion, installing “wiper” malware that permanently clears data from computer networks. More recently, Russian hackers appear to have mounted attacks that could have turned off electricity or shut down military communications. (Several of those efforts were foiled, American officials say.)
But the disclosure of personal data is more akin to information warfare than cyberwarfare. It has echoes of Russia’s tactics in 2016, when hackers backed by a Russian intelligence agency stole and leaked data from the Democratic National Committee and from individuals working on Hillary Clinton’s presidential campaign. Such hacks are intended to embarrass and to influence political outcomes, rather than to destroy equipment or infrastructure.
Experts have warned that the involvement of amateur hackers in the conflict in Ukraine could lead to confusion and incite more state-backed hacking, as governments seek to defend themselves and strike back against their attackers.
“Some cybercrime groups have recently publicly pledged support for the Russian government,” the Cybersecurity and Infrastructure Security Agency
warned in an advisory on Wednesday. “These Russian-aligned cybercrime groups have threatened to conduct cyberoperations in retaliation for perceived cyberoffensives against the Russian government or the Russian people.”
Distributed Denial of Secrets, or DDoSecrets, the nonprofit organization publishing many of the leaked materials, was founded in 2018 and has published material from U.S. law enforcement agencies, shell companies and right-wing groups. But since the beginning of the war in Ukraine, the group has been flooded with data from Russian government agencies and companies. It currently hosts more than 40 data sets related to Russian entities.
“There has been a lot more activity on that front since the start of the war,” said Lorax B. Horne, a member of DDoSecrets. “Since the end of February, it hasn’t been all Russian data sets, but it has been an overwhelming amount of data that we’ve been receiving.”
DDoSecrets operates as a clearinghouse, publishing data it receives from sources through an open submission process. The organization says that its mission is transparency with the public and that it avoids political affiliations. It is often described as a successor to WikiLeaks, another nonprofit group that has published leaked data it received from anonymous sources.
On March 1, the Ukrainian news outlet Ukrainska Pravda published names and personal information that it said belonged to 120,000 Russian troops fighting in Ukraine. The information came from the Center for Defense Strategies, a Ukrainian security think tank, the news outlet reported. In late March, Ukraine’s military intelligence service leaked the names and personal data of 620 people it said were officers with Russia’s F.S.B.
And in early April, the military intelligence service published the personal information of Russian soldiers it claimed were responsible for war crimes in Bucha, a suburb where investigators say Russian troops
all over the Western Nazis!!!
