How Belarusian hacktivists are using digital tools to fight back


When the Belarusian activist Yuliana Shemetovets was offered a job as spokesperson for the Belarusian hacktivist group “Cyber ​​​​Partisans”, she did not rush to accept it. “To be honest, I was scared,” she told The Record.

She had reasons for that. Belarus is an authoritarian state where elections are openly rigged and civil liberties severely curtailed. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.

Meanwhile, Belarusian cyber-partisans are doing their part to overthrow Lukashenko by leaking government secrets and attacking the computer systems of companies that support the dictator’s regime.

Shemetovets, who moved to New York City a few years ago to study political science, has been involved in anti-Lukashenko protests for more than a decade. During this time, she witnessed the brutal repression of civilians and saw her friends arrested for protesting unfair elections and police brutality.

Protests in 2020, when crowds took to the streets against a rigged national election, saw some 5,000 criminal cases launched on Lukashenko’s orders and more than 35,000 people arrested.

After lengthy interviews with cyber-partisan leaders, Shemetovets finally decided to join the movement: “I thought I would not forgive myself if I didn’t do everything to stop Lukashenko’s terror.”

This decision came at a cost. The Belarusian government listed Shemetovets as a terrorist, and now she faces imprisonment or the death penalty if she returns home. She also severed ties with her family and some friends because they were also at risk.

“Now I’m just living one day at a time,” she said. “You never know what the next target of the Belarusian regime will be and how it will try to stop the Belarusian opposition.”

As a spokeswoman, Shemetovets does not engage in “hacking” – her main task is to explain to the world who the Belarusian cyber-partisans are and why their work is important.

Although mostly made up of young tech specialists and activists, the cyber partisans resemble an amateur secret service: they have a political agenda, clear goals, and put a lot of effort into collecting and analyzing sensitive data. Researchers have said they “have taken hacktivism to the next level.”

Instead of making money from hacking, they accept cryptocurrency donations to maintain costly servers and develop new hacking tools and mobile apps for activists.

During the war in Ukraine, Cyber ​​Partisans doubled in size and now has 60 members. “That’s not enough to achieve all of our goals,” says Shemetovets. People in Belarus are tired of resistance, so cyber partisans recruit the most motivated and loyal activists.

A rally against Lukashenko in August 2020 in Minsk. Image: Homoatrox

The group wants to create a different Belarus: free, democratic and independent of Russian influence. Before the protests, Belarus had a booming tech industry, and cyber partisans – who worked in local tech companies and start-ups – want to revitalize it by improving cyber defences, attracting foreign investment and creating something of a national Silicon Valley, so Shemetovets.

Self-taught hacktivists

The Cyber ​​Partisans were formed in the wake of mass protests in August 2020 against Lukashenko’s presidential election, which the US and other countries see as rigged.

The group started with a small handful of anonymous techies who had to learn how to hack from scratch. Most of the group’s members are based outside of Belarus. During the protests, many Belarusian techies fled the country as law enforcement raided companies owned by opponents of the regime and reportedly blocked the country’s internet.

Like many Belarusian opposition figures, cyber-partisans communicate via Telegram, which they have reprogrammed for their needs using the app’s open-source code. According to Shemetovets, the telegram from the partisans is safer than the original. Its users can set fake password which will automatically delete selected chats and channels after entering.

The cyber partisans’ telegram is also used by some people living in Ukrainian territories occupied by Russia. “Russian law enforcement agencies can arrest them and check if they follow Ukrainian news channels,” she said.

The cyber partisans have given a lot of thought to personal security. “I don’t know the real names of the cyber partisans and I don’t want to know for my safety and theirs,” she said. “Obviously I’d love to meet and hug everyone, but it’s not time yet.”

Despite their “remote work culture,” the cyber partisans are highly organized. There is no hierarchy within the group – decisions about strategies and common goals are made through general votes.

Each member of the group works on different tasks: data analysis, app development, PR and cyberattacks. The latter is the most sensitive part of the work, so it is not discussed with other members.

“Someone can script an attack but they don’t know where to use it,” Shemetovets said. It’s safer to distribute the work that way in case someone is arrested and interrogated, she said.

Analyzing and storing data is also a big part of the work of Belarusian hacktivists. Their biggest hacks include: a passport database that reportedly contains personal details of all Belarusian citizens, and a police database containing sensitive information about the work history of all police officers in the country.

Belarusian cyber-partisans helped create a project called Black Map, an archive of personal data from law enforcement agencies, government officials and other supporters of the Lukashenko regime. Should they ever be prosecuted, an international court could use these recordings as evidence against them, the project creators say.

“We use modern methods of data storage and expensive servers because Lukashenko’s regime did not do enough to protect the data of Belarusian citizens,” Shemetovets said.

To analyze the vast amount of data they steal from government databases, Belarusian hacktivists turn to “trusted” investigative journalists and researchers, such as those from Bellingcat and Belsat. The hacktivists provide some of the information journalists need for their research, but do not grant access to the entire database.

In November 2021, cyber partisans confiscated Belarus’ border crossing records. With these records, Bellingcat released last month an exposé of Russian spy Olga Kolobova posing as a Latin American jewelry maker.

During the war in Ukraine, hacktivists used leaked data to identify spies and track the movement of Russian military equipment in Belarus, which shares a 650-mile border with Ukraine.

The war has multiplied the group’s workload, as the cyber partisans work with Ukrainian hacktivists.

Against the dictator

While Lukashenko’s regime is known for its despotism and violence, hacktivists don’t demonize the dictator – they mock him and his allies. Hacktivists have created animated films based on leaked phone calls and posted memes on their Telegram channel, which has over 48,000 followers.

In her opinion, major attacks such as one on the national railway’s computer systems or the release of a database showing the country’s true COVID-19 death rate undermine confidence in Lukashenko’s power not only in Belarus but also in Western countries.

Lukashenko once said that “cyber weapons are scarier” than nuclear weapons. But he doesn’t want to admit that, according to Shemetovets, he’s being attacked by a bunch of techies. “It humiliates him,” she added.

Hacktivist attacks also show how weak cyber defenses are in Belarus. “The computer systems of the Belarusian railways used Windows XP!” Shemetovets claims.

However, the group faces obstacles as the regime tries to fight back. Also, Belarusian hacktivists do not have as many tools as Russian groups, nor as much support as Ukrainian ones.

Many foreigners also don’t understand who the cyber partisans are and are unwilling to support them, considering cyber attacks illegal, according to Shemetovets. “I have to explain to them that this is how we fight against a dictatorship when nobody from the western world supports us,” she said.

But foreign activists and cybersecurity experts have no objection to the group’s activities, Shemetovets said, because their attacks do not harm civilians.

“We have one rule: to publish data only about people connected to the dictator’s regime and who have committed crimes against the Belarusian people. We don’t target their families and children,” Shemetovets said.

An effective attack, according to Belarusian activists, is one that puts pressure on the regime and disrupts the work of companies that serve it.

For example, the attack on the Belarusian railway was successful because it cut off the supply of Russian arms to Ukraine. Hacking databases is also effective because, according to Shemetovets, this information can be used by journalists and opposition groups.

The cyber partisans understand that cyber attacks alone are not enough to overthrow a regime that has been in place for decades. “We also need people who are not afraid to protest on the spot,” says Shemetovets.

The war in Ukraine diverted attention from the democratic protests in Belarus in 2020, and now Western media are portraying Belarus as Ukraine’s enemy, with Lukashenko doubling down on his partnership with increasingly authoritarian Russian President Vladimir Putin.

The cyber partisans are doing their best to damage this friendship. They understand that if Putin loses in Ukraine, his next target could be Belarus – a key zone of influence for the Kremlin.

During the early September hacktivists’ cyberattack on transport infrastructure in the Belarusian city of Gomel, they distributed leaflets calling for people to join the fighting in Ukraine and the Belarusian opposition movement.

They also left a message: “As long as the dictator remains in power and political prisoners are not released, any department and company of the regime may be subject to cyberattacks.”

Daryna Antoniuk is a freelance reporter for The Record based in Ukraine. She writes about cybersecurity startups, cyber attacks in Eastern Europe and the state of the cyber war between Ukraine and Russia. She was previously a tech reporter for Forbes Ukraine. Her work has also been published by Sifted, The Kyiv Independent and The Kyiv Post.


About Author

Comments are closed.