View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Ukraine hacktivism ‘problematic’ for security teams says NSA cyber chief

Hacktivists are often well-intentioned, but their attacks can be problematic says the NSA's cybersecurity director.

By Claudia Glover

The re-emergence of online vigilantes, or hacktivists, during the war in Ukraine could prove “problematic” for wider security efforts, the cybersecurity director of the US National Security Agency (NSA) has warned.

Speaking at the CyberUK conference in Newport yesterday, the NSA’s Rob Joyce said the return of hacktivists was a concern for Western countries. Head of the Australian Cyber Security Centre (ACSC) Abby Bradshaw added that these hackers can introduce “extreme unpredictability” for intelligence services and that there is potential for “spillover and wrongful attribution, retribution and escalation” of cyber conflict. Even the most well-meaning hacktivists have the potential to cause larger problems for the security community, experts told Tech Monitor.

NSA cybersecurity chief Rob Joyce is concerned about the rise of hacktivism during the Ukraine war. (Photo by David Paul Morris/Bloomberg via Getty Images)

Hacktivism in the Ukraine War

Russia’s invasion of Ukraine triggered a wave of online vigilante activists on both sides of the conflict. Two days after the start of the war, Ukraine’s Minister of Digital Transformation Mykhailo Fedorov called on anyone with “digital talents” to join what he described as an “IT army”. A Telegram group set up for the initiative quickly had more than 34,000 members. 

This led many Russian criminal gangs, including ransomware groups such as Conti, to publicly declare their support for Russia, while hacktivist group Anonymous soon pledged its allegiance with Ukraine.  

The ACSC’s Bradshaw added that the scale of the hacktivism is a cause for concern, with reports of up to 300,000 hackers coming to Ukraine’s aid. The NSA’s Joyce acknowledged that those assisting Ukraine are “trying to do noble things,” but said that ultimately the behaviour “is problematic”.

Why is Ukraine hacktivism potentially dangerous?

This problem is that the actions of hacktivists often make it more difficult to accurately assess who has perpetrated a cyberattack, explains Chris Morgan, senior cyber intelligence analyst at Digital Shadows. “The lines between state-associated, cybercriminal and hacktivist are becoming even more blurred as the war further distorts the precise motivation of cyber threat actors,” he says.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

It is possible that a hacktivist attack could be misinterpreted as something carried out by a nation-state, he continues. This “could result in reprisal attacks and significantly raise the cyber risk associated with the conflict in Ukraine”.

The unpredictability of hacktivists makes the effects of their attacks difficult to control, says Toby Lewis, global head of threat analysis at security company Darktrace. “In hacktivism that aims to be disruptive, such as DDoS, Wiper attacks and ransomware, it’s always possible that other cyber operations will be disrupted unintentionally,” Lewis says. “For example, an intelligence agency having infiltrated an asset over many months could have their access shut down by even the most well-meaning activist group targeting the same asset.”

There are also downsides for the hacktivists themselves, says Javvad Malik, lead security awareness advocate at security training platform Knowbe4. “People involved in hacktivism could expose themselves, which could result in personal consequences,” he says. “When Anonymous was active it encouraged supporters to download and use the Low Orbit Ion Canon (LOIC) to launch DDoS attacks against websites. Many of the participants in this activity were easily identified and subsequently charged with cybercrime activities.”

Western countries must set an example on hacktivism

The NSA’s Joyce and Lindy Cameron, the head of the UK’s National Cyber Security Centre (NCSC), both told the conference that Western countries need to set an example if they want others to behave lawfully in cyberspace. “I look at the way we are trying to hold bad actors accountable in other nations, and I look to the threats coming out of Western Europe, America and others and say ‘we have to be good international citizens in the cyber arena, in the way we’re asking them to behave as well’,” Joyce said.

Read more: Fake EDRs help hackers target cybersecurity researchers

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU