War Notes, Monday Threefer: Hackers Attacking Russia; Ukraine’s female minesweepers; and Sketches from Ukraine’s “International Legion”

Washington Post: Hacking Russia was off-limits. The Ukraine war made it a free-for-all.

Experts anticipated a Moscow-led cyber-assault; instead, unprecedented attacks by hacktivists and criminals have wreaked havoc in Russia.

By Joseph Menn — May 1, 2022

For more than a decade, U.S. cybersecurity experts have warned about Russian hacking that increasingly uses the labor power of financially motivated criminal gangs to achieve political goals, such as strategically leaking campaign emails.

Prolific ransomware groups in the last year and a half have shut down pandemic-battered hospitals, the key fuel conduit Colonial Pipeline and schools; published sensitive documents from corporate victims; and, in one case, pledged to step up attacks on American infrastructure if Russian technology was hobbled in retribution for the invasion of Ukraine.

Yet the third month of war finds Russia, not the United States, struggling under an unprecedented hacking wave that entwines government activity, political voluntarism and criminal action.

Digital assailants have plundered the country’s personal financial data, defaced websites and handed decades of government emails to anti-secrecy activists abroad. One recent survey showed more passwords and other sensitive data from Russia were dumped onto the open Web in March than information from any other country.
The published documents include a cache from a regional office of media regulator Roskomnadzor that revealed the topics its analysts were most concerned about on social media — including antimilitarism and drug legalization — and that it was filing reports to the FSB federal intelligence service, which has been arresting some who complain about government policies.

A separate hoard from VGTRK, or All-Russia State Television and Radio Broadcasting Co., exposed 20 years of emails from the state-owned media chain and is “a big one” in expected impact, said a researcher at cybersecurity firm Recorded Future who spoke on the condition of anonymity to discuss his work on dangerous hacking circles.

The broadcasting cache and some of the other notable spoils were obtained by a small hacktivist group formed as the war began looking inevitable, called Network Battalion 65.

“Federation government: your lack of honor and blatant war crimes have earned you a special prize,” read one note left on a victim’s network. “This bank is hacked, ransomed and soon to have sensitive data dumped on the Internet.”

In its first in-depth interview, the group told The Washington Post via encrypted chat that it gets no direction or assistance from government officials in Ukraine or elsewhere.

“We pay for our own infrastructure and dedicate our time outside of jobs and familial obligations to this,” an unnamed spokesperson said in English. “We ask nothing in return. It’s just the right thing to do.”

Christopher Painter, formerly the top U.S. diplomat on cyber issues, said the surge in such activity risked escalation and interference with covert government operations. But so far, it appears to be helping U.S. goals in Russia.

“Are the targets worthy? Yes,” Painter said. “It’s an interesting trend that they are now being the target of all this.”

Painter warned that Russia still has offensive capabilities, and U.S. officials have urged organizations to prepare for an expected Russian cyber-assault, perhaps held to be deployed in a moment of maximum leverage.

But perhaps the most important victim of the wave of attacks has been the myth of Russian cyber-superiority, which for decades helped scare hackers in other countries — as well as criminals within its borders — away from targeting a nation with such a formidable operation.

“The sense that Russia is off-limits has somewhat expired, and hacktivism is one of the most accessible forms of striking at an unjust regime or its supporting infrastructure,” said Emma Best, co-founder of Distributed Denial of Secrets, which validated and published the regulator and broadcast troves among others.

While many of the hackers want to inform the public about Russia’s role in areas including propaganda and energy production, Best said a secondary motivation post-invasion is “the symbolic ‘pantsing’” of Putin and some of the oligarchs.

“He’s cultivated a strongman image for decades, yet not only is he unable to stop the cyberattacks and leaks hitting his government and key industries, he’s the one causing it to happen.”

The volunteer hackers have gotten a first-of-its-kind boost from the government of Ukraine, which endorsed the efforts and has suggested targets through its IT Army channel on Telegram. Ukraine government hackers are assumed to be acting directly against other Russian targets, and officials have distributed hacked data including the names of troops and hundreds of FSB agents.

“There are state institutions in Ukraine interested in some of the data and actively helping some of these operations,” said an analyst at security company Flashpoint who spoke on the condition of anonymity because of the sensitivity of his work.

Ordinary criminals with no ideological stake in the conflict have also gotten in on the act, taking advantage of preoccupied security teams to grab money as the aura of invincibility falls, researchers said.

Last month, a quarterly survey of email addresses, passwords and other sensitive data released on the open Web identified more victim accounts likely to be Russian than those from any other country. Russia topped the survey for the first time, according to Lithuanian virtual private network and security firm SurfShark, which uses the underlying information to warn affected customers.
The number of presumed Russian credentials, such as those for email addresses ending in .ru, in March jumped to encompass 50 percent of the global total, double the previous month and more than five times as many published as were in January.

“The U.S. is first most of the time. Sometimes it’s India,” said SurfShark data researcher Agneska Sablovskaja. “It was really surprising for us.”

The crime business can also turn political, and it definitely has with the war in Ukraine.

Soon after the invasion, one of the most ferocious ransomware gangs, Conti, declared that it would rally to protect Russian interests in cyberspace.

The pledge backfired in a spectacular fashion, since like many Russian-speaking crime groups it had affiliates in Ukraine.

One of them then posted more than 100,000 internal gang chats, and later the source code for its core program, making it easier for security software to detect and block attacks.

Network Battalion 65 went further. It modified the leaked version of the Conti code to evade the new detections, improved the encryption and then used it to lock up files inside government-connected Russian companies.

“We decided it would be best to give Russia a taste of its own medicine. Conti caused (and still causes) a lot of heartache and pain for companies all around the world,” the group said. “As soon as Russia ends this stupidity in Ukraine, we will stop our attacks completely.”

In the meantime, Network Battalion 65 has asked for ransomware payments even as it has shamed victims on Twitter for having poor security. The group said it hasn’t gotten any money yet but would donate anything it collects to Ukraine.

Network Battalion obtained the state broadcast emails and other hoards and gave them to DDoSecrets, making it one of the most important of several hacktivist suppliers to that site, alongside a pro-Western group named AgainstTheWest and some who have adopted the branding of Anonymous, a larger, looser and recently resurgent collective that welcomes anyone.

In an April 3 interview with a researcher known as Dissent Doe who runs the website DataBreaches.net, AgainstTheWest’s leader said the group formed in October and was composed of six English-speaking hackers, all privately employed but with intelligence backgrounds.

The initial objective “was to steal state-secrets, government software (in the form of source codes), private documents and such. However, we also had the idea that we should act on China for attacking the west in cyberespionage campaigns over the years,” the hacker said.

After hitting targets in China, AgainstTheWest moved on to those in North Korea, Iran and Russia.

The leader said the group was not acting directly for any intelligence agency but declined to say whether it was being helped by any of them. “We’re doing our job in the hopes that it benefits western intelligence. We share all private documents with anyone from the government in the U.S./EU.”

The group has made other documents public through DDoSecrets. Best received one request from a U.S. military account for access beyond what she published but turned it down.

Painter, the former State Department and Justice Department expert, said he was concerned that some volunteer hackers might take a step too far and harm civilian infrastructure or trigger a major reaction, and he cautioned that others might be hiding additional motives.

“In the normal course of events, you don’t want to encourage vigilante hackers,” Painter said. But he then agreed, “We’re not in a normal course of events.”

Joseph Menn joined The Post in 2022 after two decades covering technology for Reuters, the Financial Times and the Los Angeles Times. His books include “Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World” (2019) and “Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet” (2010).

AP News, May 1, 2022: ‘A huge demand’: Ukrainian women train to clear landmines

AP- PEJA, Kosovo (AP) — Learning to identify and defuse explosives is something Anastasiia Minchukova never thought she would have to do as an English teacher in Ukraine. Yet there she was wearing a face shield, armed with a landmine detector and venturing into a field dotted with danger warnings.

Russia’s war in Ukraine took Minchukova, 20, and five other women to Kosovo, where they are attending a hands-on course in clearing landmines and other dangers that may remain hidden across their country once combat ends.

“There is a huge demand on people who know how to do demining because the war will be over soon,” Minchukova said. “We believe there is so much work to be done.”

The 18-day training camp takes place at a range in the western town of Peja where a Malta-based company regularly offers courses for job-seekers, firms working in former war zones, humanitarian organizations and government agencies.

Kosovo was the site of a devastating 1998-99 armed conflict between ethnic Albanian separatists and Serbian forces that killed about 13,000 people and left thousands of unexploded mines in need of clearing. Praedium Consulting Malta’s range includes bombed and derelict buildings as well as expanses of vegetation.

Instructor Artur Tigani, who tailored the curriculum to reflect Ukraine’s environment, said he was glad to share his small Balkan nation’s experience with the Ukrainian women. Though 23 years have passed, “it’s still fresh in our memories, the difficulties we met when we started clearance in Kosovo,” Tigani said.

Tigani is a highly trained and experienced mine operations officer who served as an engineer in the former Yugoslav army during the 1980s. He has been deployed in his native Kosovo, Sri Lanka, Uganda, Congo, Rwanda and Kenya, and conducted training missions in Syria and Iraq.

During a class last week, he took his trainees through a makeshift minefield before moving to an improvised outdoor classroom featuring a huge board with various samples of explosives and mines.

While it is impossible to assess how littered with mines and unexploded ordnance Ukraine is at the moment, the aftermaths of other conflicts suggest the problem will be huge.

“In many parts of the world, explosive remnants of war continue to kill and maim thousands of civilians each year during and long after active hostilities have ended. The majority of victims are children,” the International Committee of the Red Cross testified at a December U.N. conference.

“Locating (unexploded ordnance) in the midst of rubble and picking them out from among a wide array of everyday objects, many of which are made of similar material is a dangerous, onerous and often extremely time-consuming task,” the Red Cross said.

Mine Action Review, a Norwegian organization that monitors clearance efforts worldwide, reported that 56 countries were contaminated with unexploded ordnance as of October, with Afghanistan, Cambodia and Iraq carrying the heaviest burdens, followed by Angola, Bosnia, Thailand, Turkey and Yemen.

Thousands of civilians are believed to have died in Ukraine since Russia invaded on Feb. 24. Russian forces have bombed cities and towns across the country, reducing many to rubble.

Military analysts say it appears Russian forces have employed anti-personnel and anti-vehicle mines, while Ukraine has used anti-tank mines to try to prevent the Russians from gaining ground.

With Ukrainian men from 18 to 60 years old prohibited from leaving their country and most engaged in defending it, the women wanted to help any way they could despite the risks involved in mine clearing.

“It’s dangerous all over Ukraine, even if you are in a relatively safe region,” said Minchukova, who is from central Ukraine.

Another Ukrainian student, Yuliia Katelik, 38, took her three children to safety in Poland early in the war. She went back to Ukraine and then joined the demining training to help make sure it’s safe for her children when they return home to the eastern city of Kramatorsk, where a rocket attack on a crowded train station killed more than 50 people this month.

Katelik said her only wish is to reunite with her family and see “the end of this nightmare.” Knowing how to spot booby-traps that could shatter their lives again is a necessary skill, she said.

“Acutely, probably as a mother, I do understand that there is a problem and it’s quite serious, especially for the children,” Katelik said.

Minchukova, wearing military-style clothes, said she was doubtful that normal life, as they all knew it before the war, will ever fully return.

“What am I missing? Peace,” she said. “I’m dreaming about peace, about sleeping in my bed not worried about going to bomb shelters all the time. I miss the people I lost.”

The Kosovo training center plans to work with more groups of Ukrainian women, both in Peja and in Ukraine.

“We’re planning as well to go to Ukraine very soon and start with delivery of courses there, on the theater” of war, Tigani said.

AP News: Combat death puts spotlight on Americans fighting in Ukraine

BY JAY REEVES — May 1, 2022
AP- Harrison Jozefowicz quit his job as a Chicago police officer and headed overseas soon after Russia invaded Ukraine. An Army veteran, he said he couldn’t help but join American volunteers seeking to help Ukrainians in their fight.

Jozefowicz now heads a group called Task Force Yankee, which he said has placed more than 190 volunteers in combat slots and other roles while delivering nearly 15,000 first aid kits, helping relocate more than 80 families and helping deliver dozens of pallets of food and medical supplies to the southern and eastern fronts of the war.

It’s difficult, dangerous work. But Jozefowicz said he felt helpless watching from the United States last year during the U.S. pullout from Afghanistan, particularly after a close friend, Staff Sgt. Ryan Knauss, died in a suicide bombing at Kabul.

“So, I’m just trying to do everything I can to make sure I can help others not go through what I went through,” he said Saturday during an interview conducted through a messaging platform.

A former U.S. Marine who died last week was believed to be the first American citizen killed while fighting in Ukraine. Willy Joseph Cancel, 22, died Monday while working for a military contracting company that sent him to Ukraine, his mother, Rebecca Cabrera, told CNN.

An undetermined number of other Americans — many with military backgrounds — are thought to be in the country battling Russian forces beside both Ukrainians and volunteers from other countries even though U.S. forces aren’t directly involved in fighting aside from sending military materiel, humanitarian aid and money. The U.S. government discourages Americans from fighting in Ukraine, which raises legal and national security issues.

Russia’s invasion has given Ukraine’s embassy in Washington the task of fielding inquiries from thousands of Americans who want to help in the fight, and Ukraine is using the internet to recruit volunteers for a foreign force, the International Legion of Defense of Ukraine.

“Anyone who wants to join the defense of security in Europe and the world can come and stand side by side with the Ukrainians against the invaders of the 21st century,” President President Volodymyr Zelenskyy said in a recruitment pitch.

Texan Anja Osmon, who did tours in Iraq and Afghanistan while serving in the U.S. Army from 2009 through 2015, said she went to Ukraine on her own. A medic, she said she arrived in Ukraine on March 20 and lived in the woods with other members of the International Legion before a new commander sent her away because he didn’t want female fighters.

Osmon, 30, said her mother wants her home before September. But for now she’s anxious to get out of the hotel where she is staying in Lviv and catch on with another fighting force nearer the action.

“I can’t turn away from injustice,” she said. “No one should be scared.”

U.S. Marine veteran Eddy Etue said he quit his job in the gig economy, found a friend in Colorado to watch his cat and gave up his home four blocks from the beach in San Diego, California, to help out in Ukraine, where he’s been about two weeks. He first worked with an aid organization but now is training with the International Legion.

Etue, 36, said he simply couldn’t stay home. “It’s just the right thing to do,” said Etue, who financed the journey through an online fundraising campaign.

Etue’s family history pulled him toward Ukraine. He said his grandparents left Hungary with nothing but their four children and clothes after the 1956 revolution, which was put down by Soviet forces that killed or wounded thousands.

“What’s happening here will affect not only the people who are experiencing it but their children and grandchildren as well,” he said. “I know that from personal experience.”

Jozefowicz, the former Chicago cop, says there are thousands of American and other volunteers in Ukraine. Multiple organizations are operating in the country, and Jozefowicz said his group alone has placed scores of volunteers in positions all over the country, with about 40 of those being combat jobs.

“We do not facilitate a civilian going into any direct-action role. We only guide and connect prior military volunteers,” he said.

But there’s plenty of other work to do. Groups of volunteers are getting medical and food supplies to people in the nation of 44 million people, he said, and others are working with refugees and others who’ve had to flee their homes.

“The closer I got into Ukraine and the more time I spent in Ukraine, the more voids I found that needed to be filled to maximize my groups volunteer efforts,” he said.

Osmon, who said she’s been in contact with Jozefowicz’s group, said she supplied troops with antibiotics and anti-inflammatory medications after days in the woods.

“Most everyone had air raid fever from hiding in the trenches in the snow and cold air,” she said. “Bronchitis was ravaging us.”

Etue said he got a feel for the country after making a 24-hour round trip with another volunteer to pick up a vehicle in Odessa. He said he’s been impressed with the quality of people serving in the International Legion since Ukrainians have done a good job of weeding out the inexperienced and “war tourists” who don’t have much to offer a military unit.

“I think they’re doing amazingly well given that they’re at war with one of the largest standing armies in the world,” he said.

 

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.