Although a flood of claims from hacking groups followed Russia’s invasion of Ukraine, research shows most were made by Anonymous.
Nurphoto | Nurphoto | Getty Images
More than three weeks ago, a popular Twitter account named “Anonymous” said the shadowy activist group was waging a “cyber war” against Russia.
Since then, the account – which has more than 7.9 million followers, including some 500,000 since Russia invaded Ukraine – has claimed the deactivation of major Russian government websites, news and companies and the leaking of data from entities such as Roskomnadzor, the federal agency responsible for censoring Russian media.
But is it true?
It appears to be, says Jeremiah Fowler, co-founder of cybersecurity firm Security Discovery, who worked with researchers from web firm Website Planet to try to verify the group’s claims.
“Anonymous proved to be a very capable group that penetrated high-value targets, records and databases in the Russian Federation,” he wrote in a report summarizing the findings.
Of 100 Russian databases scanned, 92 were compromised, Fowler said.
They belonged to retailers, Russian Internet service providers and intergovernmental websites, including the Commonwealth of Independent States, or CIS, an organization made up of Russia and other former Soviet countries that was established in 1991. after the fall of the Soviet Union.
Numerous CIS files were erased, hundreds of folders were renamed to “putin_stop_this_war” and email addresses and administrative credentials were exposed, said Fowler, who likened it to malicious “MeowBot” attacks. of 2020, which “had no purpose except for a malicious script that erased data and renamed all files.”
Another hacked database contained more than 270,000 names and email addresses.
“We know for a fact that hackers found and likely accessed these systems,” Fowler said. “We don’t know if any data was uploaded or what the hackers plan to do with that information.”
Other databases contained security information, internal passwords and a “huge number” of secret keys, which unlock encrypted data, Fowler said.
As to whether it was the work of Anonymous, Fowler said he followed Anonymous’ claims “and the timeline fits perfectly,” he said.
The Twitter account, named @YourAnonNews, also claimed to have hacked into Russian state TV channels.
“I would mark this as true if I was a fact checker,” Fowler said. “My partner at Security Discovery, Bob Diachenko, actually captured a live stream of information on a website and filmed the screenso we were able to validate that they had hacked at least one live stream [with] a pro-Ukrainian message in Russian.”
Russian English-language news site RT “is aimed at a Western audience, and therefore what is broadcast on RT is not what is said in Russia,” said Jeremiah Fowler of Security Discovery.
Lionel Bonaventure | AFP | Getty Images
The account also claimed to have disrupted the websites of major Russian media organizations and agencies, such as energy company Gazprom and state-sponsored news agency RT.
“A lot of these agencies have admitted to being attacked,” Fowler said.
He called denial of service attacks – which aim to disable websites by flooding them with traffic – “super easy”. These websites, and many others, have been taken down at various times over the past few weeks, but they are also believed to be targeted by other groups, including some 310,000 digital volunteers who signed up for the “IT Army of Ukraine”.
Misrepresentations of other groups
Fowler said he found no instances where Anonymous exaggerated his claims.
But it happens with other hacktivist groups, said Lotem Finkelstein, head of threat intelligence and research at cybersecurity firm Check Point Software Technologies.
In recent weeks, a pro-Ukrainian group claimed to have breached a Russian nuclear reactor, and a pro-Russian group claimed to have shut down Anonymous’s website. Check Point concluded that both claims were false.
“As there is no real official Anonymous website, this attack…seems to be more of a morale booster for the pro-Russian side, and a publicity event,” the CPR said, a fact that does not did not go unnoticed by Anonymous affiliates, who mocked the claim on social media.
Groups make false claims by posting old or publicly available information to gain popularity or fame, Finkelstein said.
Fowler said he thought Anonymous was more about the “cause” than the notoriety, though.
“From what I’ve seen in these databases, it was more about messages than saying ‘hey, you know, Anonymous Troop #21, Group Five, did this,'” a- he declared. “It was more about the end result.”
Hacktivists who conduct offensive cyberwar-like activities without government authorization are engaging in criminal acts, said Paul de Souza, the founder of the nonprofit Cyber Security Forum Initiative.
Despite this, many social media users are encouraging Anonymous’ efforts, with many posts receiving thousands of likes and messages of support.
“They’re almost like a cyber Robin Hood, when it comes to causes that people really care about, that nobody else can really do anything about,” Fowler said. “You want action now, you want justice now, and I think groups like Anonymous and the hacktivists give people that immediate gratification.”
Many hacktivist groups have strong values, said Marianne Bailey, cybersecurity partner at consulting firm Guidehouse and former head of cybersecurity at the U.S. National Security Agency. Cyber-activism is an inexpensive way for them to influence government and corporate actions, she said.
“He’s protesting in the 21st century,” Bailey said.
Still, encouraging them can be dangerous in the “fog of war”, she said.
“A cyberattack has the potential to have such an immediate impact, in most cases long before a precise attribution can be determined,” she said. “A cyber attack or even a kinetic response could be directed at the wrong place. What if that misattribution is intentional? What if someone is making the attack appear from a specific country when it’s not true?”
She said cyber warfare can be cheaper, easier, more effective and easier to deny than traditional military warfare, and it will only increase over time.
“With more devices connected to this global digital ecosystem, the opportunities for impact continue to grow,” she said. “It will undoubtedly be used more often in future conflicts.”