The re-emergence of online vigilantes, or hacktivists, during the war in Ukraine could prove “problematic” for wider security efforts, the cybersecurity director of the US National Security Agency (NSA) has warned.
Speaking at the CyberUK conference in Newport yesterday, the NSA’s Rob Joyce said the return of hacktivists was a concern for Western countries. Head of the Australian Cyber Security Centre (ACSC) Abby Bradshaw added that these hackers can introduce “extreme unpredictability” for intelligence services and that there is potential for “spillover and wrongful attribution, retribution and escalation” of cyber conflict. Even the most well-meaning hacktivists have the potential to cause larger problems for the security community, experts told Tech Monitor.
Hacktivism in the Ukraine War
Russia’s invasion of Ukraine triggered a wave of online vigilante activists on both sides of the conflict. Two days after the start of the war, Ukraine’s Minister of Digital Transformation Mykhailo Fedorov called on anyone with “digital talents” to join what he described as an “IT army”. A Telegram group set up for the initiative quickly had more than 34,000 members.
This led many Russian criminal gangs, including ransomware groups such as Conti, to publicly declare their support for Russia, while hacktivist group Anonymous soon pledged its allegiance with Ukraine.
The ACSC’s Bradshaw added that the scale of the hacktivism is a cause for concern, with reports of up to 300,000 hackers coming to Ukraine’s aid. The NSA’s Joyce acknowledged that those assisting Ukraine are “trying to do noble things,” but said that ultimately the behaviour “is problematic”.
Why is Ukraine hacktivism potentially dangerous?
This problem is that the actions of hacktivists often make it more difficult to accurately assess who has perpetrated a cyberattack, explains Chris Morgan, senior cyber intelligence analyst at Digital Shadows. “The lines between state-associated, cybercriminal and hacktivist are becoming even more blurred as the war further distorts the precise motivation of cyber threat actors,” he says.
It is possible that a hacktivist attack could be misinterpreted as something carried out by a nation-state, he continues. This “could result in reprisal attacks and significantly raise the cyber risk associated with the conflict in Ukraine”.
The unpredictability of hacktivists makes the effects of their attacks difficult to control, says Toby Lewis, global head of threat analysis at security company Darktrace. “In hacktivism that aims to be disruptive, such as DDoS, Wiper attacks and ransomware, it’s always possible that other cyber operations will be disrupted unintentionally,” Lewis says. “For example, an intelligence agency having infiltrated an asset over many months could have their access shut down by even the most well-meaning activist group targeting the same asset.”
There are also downsides for the hacktivists themselves, says Javvad Malik, lead security awareness advocate at security training platform Knowbe4. “People involved in hacktivism could expose themselves, which could result in personal consequences,” he says. “When Anonymous was active it encouraged supporters to download and use the Low Orbit Ion Canon (LOIC) to launch DDoS attacks against websites. Many of the participants in this activity were easily identified and subsequently charged with cybercrime activities.”
Western countries must set an example on hacktivism
The NSA’s Joyce and Lindy Cameron, the head of the UK’s National Cyber Security Centre (NCSC), both told the conference that Western countries need to set an example if they want others to behave lawfully in cyberspace. “I look at the way we are trying to hold bad actors accountable in other nations, and I look to the threats coming out of Western Europe, America and others and say ‘we have to be good international citizens in the cyber arena, in the way we’re asking them to behave as well’,” Joyce said.