RICHMOND, VA. -- Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasnāt had much of a noticeable impact.
Instead, itās Ukraine thatās marshalled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war on its neighbor. Itās a kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.
So far, Ukraineās internet mostly works, its president still able to rally global support via a smartphone, and its power plants and other critical infrastructure still able to function. The kind of devastating cyberattacks thought likely to accompany a large-scale Russian military invasion havenāt happened.
āIt has not played as large a component as some people thought it might and it definitely has not been seen outside of Ukraine to the extent that people feared,ā said Michael Daniel, a former White House cybersecurity coordinator. āOf course, that could still change.ā
Itās not clear why Russia hasnāt landed a more powerful cyber punch. Russia might have determined that the impact wouldnāt be serious enough ā Ukraineās industrial base is far less digitized than in Western nations, for one. Or Russia might have determined that it couldnāt do serious harm to Ukraine without risking collateral impact outside its borders.
Many cybersecurity experts believe the Kremlin, at least for now, prefers to keep Ukraineās communications open for the intelligence value.
Whatever the reasons, the conflictās early days have been marked by lower-level cyberattacks that appear to be done both by freelancers and state actors.
Prior to the invasion, hackers knocked offline or defaced Ukrainian government websites. Now, an ad hoc army of hackers ā some marshaled online by Ukraineās SBU security service ā are claiming credit for takedowns and defacements of Russian government and media sites.
A volunteer group calling itself the IT Army of Ukraine has more than 230,000 followers on a Telegram channel and is constantly listing targets for hackers to hit, like Russian banks and cryptocurrency exchanges.
On Monday, Ukraineās SBU made its recruitment of allied volunteer hackers official.
āCYBER FRONT IS NOW OPEN! Help Ukrainian cyber experts hack occupantās platforms!ā it said on its Telegram channel, asking for tips on vulnerabilities in Russian cyber defenses, including software bugs and login credentials.
āIt is the first time that states have openly called for citizens and volunteers to cyberattack another state,ā said Gabriella Coleman, a Harvard anthropology professor who has charted the rise of hacktivism.
The move mirrors Ukraineās reliance on its citizens for other areas of defense.
āIt shouldnāt be surprising that Ukraine is dipping into all possible resources to fight off the Russians, a much stronger foe. Just like civilians are coming out to fight in the street, it doesnāt surprise me that they are trying to call forward civilians to support this through the digital space,ā said Gary Corn, a retired Army colonel who served as general counsel to U.S. Cyber Command.
One hacker group that first appeared last year, the Belarus Cyber Partisans, claimed Monday to have disrupted some rail service in Belarus, the northern neighbor of Ukraine from which several prongs of Russiaās military attacked. The group has been trying to frustrate Russian troop and hardware movements through Belarus.
Sergey Voitekhovich, a former Belarusian railway worker who runs a rail-related Telegram group, told The Associated Press that the Cyber Partisansā digital sabotage Sunday paralyzed train traffic in Belarus for 90 minutes. He said electronic ticket sales were still not functioning as of Monday evening.
The Cyber Partisans hack was intended to disrupt Russian troop movements in Belarus and was the second such action in a little over a month. Voitekhovich said the current attack delayed two Russian military trains bound for Belarus from the Russian city of Smolensk. His story could not be independently verified. Voitekhovich chatted with the AP from Poland. He said police pressure had forced him to leave Belarus.
Pro-Russian ransomware criminals from the Conti gang recently pledged on the groupās dark web site to āuse all our possible resources to strike back at the critical infrastructures of an enemyā if Russia was attacked. Shortly afterward, sensitive chat logs that appear to belong to the gang were leaked online.
As partisans on both sides vow more serious cyberattacks, experts say there are real risks of the situation spiraling out of control.
āDe-escalation and peace will be hard enough on their own without outsourced hacking to worry about,ā said Jay Healey, a cyberconflict expert at Columbia University who has long been opposed to letting the private sector āhack backā against Russian or other state-backed cyber aggression.
Making things more complicated: potential āfalse flagā operations in which hackers pretend to be someone else when launching an attack, a specialty in cyber conflicts. Attribution in cyberattacks is almost always difficult and could be even more so in the fog of war.
Thereās already been some spillover in some cyberattacks. Several hours before Russiaās invasion, destructive cyberattacks hit Ukraineās digital infrastructure, damaging hundreds of computers with āwiperā malware ā including a financial institution and organizations with offices in neighboring Latvia and Lithuania, cybersecurity researchers said.
Microsoft President Brad Smith said in a statement Monday that such attacks on civilian targets āraise serious concerns under the Geneva Convention.ā
Smith noted that the cyberattacks ā like a series of similar attacks in mid-January ā āhave been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraineās economy and beyond its borders in the 2017 NotPetya attack,ā referring to a āwiperā that caused more than $10 billion of damage globally by infecting companies that do business in Ukraine with malware seeded through a tax preparation software update.
The West blames Russiaās GRU military intelligence agency for that attack as well some of the other most damaging cyberattacks on record, including a pair in 2015 and 2016 that briefly knocked out parts of Ukraineās power grid.
So far, thereās not been anything like that in this conflict. But officials say it could be coming.
āIāve been pleasantly surprised so far ... that Russia has not launched more major cyberattacks against Ukraine,ā Senate Intelligence Committee Chairman Mark Warner said at an event Monday. āDo I expect Russia to up its game on cyber? Absolutely.ā
___
Bajak reported from Boston. Associated Press writer Ben Fox contributed from Washington.