10:46 Nov. 3, 2016
With Russia-fuelled war grinds on with no end in sight, volunteer hackers delight in exacting digital revenge on those who have destabilized their country
RFE/RL has interviewed a Ukrainian volunteer hacker, known in as RUH8, who is part of a Ukrainian "hacktivist" collective that includes four hacker groups: CyberHunta, Falcons Flame, and Trinity.
When working together, they call themselves the Ukrainian Cyber Alliance. Their declared enemy is the Kremlin, and their avowed mission is to expose its meddling in Ukraine and ultimately to destroy Russian President Vladimir Putin's regime.
RUH8 provided details of the cyberwar that has been raging -- parallel to the shooting war between Ukraine and Russia-backed separatists in eastern Ukraine over the past 30 months -- between the respective sides' patriotic hackers using digital subterfuge.
A native of eastern Ukraine -- where separatists still control swaths of territory -- RUH8 says he delights in exacting digital revenge on those who have destabilized his country. A self-taught hacker with 20 years of contract work in security research for national and international companies, RUH8 insists he began hacking only after the start of the conflict.
"In the beginning, we didn't understand well how Russia was [fomenting] the war. It is a hybrid war," he says, using a term coined by Western analysts to describe the mix of cyber-, economic, media, psychological, and military operations Russia is thought to be employing to further its aims in Ukraine. "It was very tangled and we just didn't know who we were fighting with, so we started to collect [publicly available] information online."
The Ukrainian side's latest salvo came on October 25, when the Cyber Alliance leaked more than a gigabyte of e-mails and documents purportedly extracted from the inbox of one of Putin's top aides, Vladislav Surkov.
The trove included texts that point to close cooperation between the Kremlin and pro-Russian separatists in eastern Ukraine, where Russian officials have consistently denied military involvement despite considerable evidence to the contrary. Some of the most incriminating documents suggest detailed information-sharing on casualty figures and financing, Surkov's hand in choosing separatist commanders, and a plan for "destabilization of the situation in Ukraine" between November 2016 and March 2017.
There have been other recent successes for the pro-Kyiv hacktivists, too.
The Cyber Alliance and InformNapalm collaborated to leak the mobile-phone data of a Russian national named Arseny Pavlov shortly after his death in an elevator bombing in eastern Ukraine in October. Better known by the nom de guerre Motorola, Pavlov commanded separatist fighters in Donetsk and had boasted of killing captive Ukrainian troops. The hackers alleged the leaked phone data showed, among other things, that Motorola had feared assassination by Russian security services.
In May, Falcons Flame and Trinity hacked and defaced nine websites associated with the separatist group that calls itself the Donetsk People's Republic and what the hackers said were private Russian military companies operating in Ukraine and Syria that were associated with Russia's Federal Security Service (FSB).
RUH8 also claims to have hacked the Russian State Duma's official website not once but twice in 2014, posting pro-Ukrainian messages such as "Glory to Ukraine!" across the homepage.
RUH8 says the Cyber Alliance includes between 10 and 15 hackers from across Ukraine with different backgrounds and specialties. The group works purely on a volunteer basis, he says, and coordinates via encrypted chat that is deleted after each conversation.
He insists there is no financial support from Ukraine's government but that from time to time they get messages from private supporters offering donations of around USD50-USD100 to their cause. Recently, RUH8 adds, money from such a donation went toward the purchase of an eight-terabyte external drive to store hacked data.
Sometimes they get hacking help from their Russian friends, he says. "There are people there who are so angry at their own government that they are risking spy charges and passing information to us," RUH8 explains. He declines to say whether any Russian citizens are in the Cyber Alliance.
Ukrainian intelligence officials have gone on the record to deny having ties to the budding army of hacktivists, but RUH8 laughs out loud when asked about such public statements.
The Cyber Alliance, he insists, gets limited support from Ukraine's intelligence community.
Asked about RUH8's claim, Oleksandr Tkachuk, chief of staff for the Ukrainian Security Service told RFE/RL that "to the best of my knowledge, we do not maintain contact with hacking groups because hacking is illegal."
He added, "As an official organization, we are not allowed to talk with people who use illegal methods, even if these methods are used for good."
The timing of the Surkov e-mail leak has also led to speculation that the United States might have played a part. But RUH8 insists U.S. hackers were not involved in the Surkov leak. "It was a purely native Ukrainian hack," he says, grinning. Then he adds, "If American guys -- who are known to be very clever -- pass some information to us, we will be glad to use it."
RUH8 warns of more leaks to come. "We have published only a small part of the Surkov e-mails," he says, adding the e-mails obtained by the Cyber Alliance include information from "not only Surkov, but others in Putin's administration."
Read the full report here