Skip to main content

Ukraine's cyber army

· 3 min read

As the world sides with Ukraine, so does the cyber world; thousands of volunteers attack Russia at the "cyber front".

The Kremlin's propaganda machine is running at full steam. Putin's mouthpieces insist on describing this senseless war in state television as a "military operation" to "demilitarise" a "Nazi" Ukraine. These claims, of course, caused a collective allergic reaction in the West, and many countries previously reticent about applying severe sanctions against Russia did just that, and also cut them off the Swift banking system whilst they were at it, severely limiting Russia's ability to trade internationally.

Ukraine also reacted, but not quite as you would expect. They're not allergic to Putin anymore. In fact, they're quite used to him by now, and in yet another strike of genius, Zelensky and his Ukrainian government... wait for it...

...Orchestrated a global cyber attack against Russia on Twitter.

I shit you not. In their spare time, between defending Kyiv with their lives and negotiating cease-fires, Zelensky and his top dog and brother-in-arms Mykhailo Fedorov (Ukraine's Vice Prime Minister), took to Twitter to rally the cyber troops.

They've done so using insecure software, unfortunately; everyone involved is potentially exposing themselves to Russia's intelligence agencies (see my previous post for details as to why) but, nevertheless, it is working, and for now Russia (and allies) are taking a hit.

The targets websites are set by Ukrainian officials, and as of writing, the list is decently sized and strategic. Targets include Russian and Belarus:

  • Propaganda websites
  • Business corporations
  • Banks
  • State government
  • Exchanges connected to Russian banks

The implementations of this cyber "call to arms" I've seen so far are pretty straightforward. Here's how it works, in plain English:

  1. Connect to the website
  2. Repeat step 1 many times per second
  3. Tell your friends

Here's how it works, in pseudo-code:

while (true):
connect to the website
tell your friends about it on a separate thread or something

No fancy DNS amplification attacks, cross site scripting, or SQL injections. Just good old distributed denial-of-service (DDoS) caused by excessive load on the servers, which were never designed with security controls to mitigate such availability attacks to begin with, and eventually crash.

The execution of the attack is even simpler. You can either open a website whose javascript will automatically flood URLs in Fedorov's list, or, conveniently, run the code server-side in a Docker-wrapped Golang binary. It's very cloud-native, actually; your DevOps friends would like it (yours truly included) and are probably considering deploying this on their spare Raspberry Pi.

I've redacted sensitive information and I won't be disclosing how to run these attacks. I feel for the many horrified Russians forced to witness the misery of their neighbours, as reality seeps through the propaganda machine.