Silas Cutler, a cybersecurity researcher at Stairwell, agreed, telling Motherboard that “what we’re seeing in terms of the IT Army represents what cyberwar actually will look like.”“It very much is people taking up arms and doing what they can without large coordinated development teams,” Cutler added. “And I think it's simply just another way that cyberwarfare is fought.”Much like the kinetic war being fought on Ukrainian territory, the cyber war wasn’t expected to go this way. Some expected Russia to take over Ukraine relatively easily. Almost five months later, the Ukrainians have mounted a fierce resistance and successfully pushed back Russian troops. In cyberspace, most expected Russia to have a field day, unleashing its elite hacking units to turn off the grid, something it already did twice in the past. They expected Russia to unleash highly sophisticated and disruptive attacks like NotPetya. Russia hasn’t been completely unsuccessful in this regard. Its hackers have used several strains of wiper malware—malicious programs designed to destroy data—against targets, including an American satellite internet provider. But in cyberspace too, the Ukrainians have mounted a fierce resistance and struck back.
Do you have information about the activities of Ukrainian or Russian hacking groups? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email email@example.com
Krotofil said that at least at the beginning “cyber space became a gray unregulated area where individuals from all over the world may participate and do whatever they want,” which meant that the IT Army volunteers’ “activities were not regulated and may be were not always driven by good judgment as those people were and are civilians who do not have proper knowledge how to act strategically.”But over time that’s changed, the volunteers adopted “proper ‘rules of conduct’ [...] to limit attacks on unrelated targets,” and “the activities became more regulated and better thought over and some groups for sure conducted useful [open source intelligence] work or permitted operations on the territory of Ukraine,” she told Motherboard in an online chat.Soesanto told Motherboard in a phone call that the IT Army is now committed to fewer targets, but is better organized and “methodologically structured.”At the same time, groups like the IT Army have made tracking what hackers are doing in the conflict a bit harder for researchers.“The number of amateurs and volunteers since the start of the war in Ukraine, that have jumped in to attempt to help one side or the other playing at being some kind of ‘cyber soldier’ has made tracking what's going on more difficult at times,” Shane Huntley, the head of Google’s Threat Analysis Group, told Motherboard in a phone call. “It takes work to determine what is a serious government attack and what might be some overenthusiastic amateurs.”
“In my opinion, it would be wrong [for the government] to endorse this activity.”