Before leaving for his day job in “just another city” in Denmark, Jens spends about an hour in the morning defending Ukraine in cyberspace.
First, the IT professional, in his mid-40s, searches the messenger app Telegram for a list of websites of Russian organizations and companies. Then he activates a program that automatically bombards the sites with fake requests.
Throughout the day, Jens regularly works to make sure the software is doing what it’s supposed to: overload the websites with so much traffic that they crash.
When he goes to bed, he knows he will do it again the next day – in silence. His wife, friends and colleagues have no idea.
“I’m doing this to punish the Russians for their war crimes,” Jens told DW over an encrypted phone call. Like all hackers interviewed for this article, he spoke on condition of anonymity as their activities are illegal.
He is one of potentially thousands of pro-Ukrainian cyber-guerrillas spread around the world launching attacks on targets in Russia or linked to the country.
Nobody knows exactly how many there are. They have different motives and use different cyber weapons, from simple online vandalism tools to sophisticated cyber operations. But they are united in their goal: to support the besieged Ukraine.
“Everyone is helping in any way they can,” said a Netherlands-based activist who is part of the hacking collective Anonymous.
For decades, countries have used cyber operations to sabotage their enemy, obtain sensitive information, or sow confusion to thicken the fog of war.
But the war in Ukraine has led to an unprecedented form of online guerrilla. According to interviews with hackers and experts, large groups of non-state participants can operate simultaneously without a central authority coordinating their efforts.
“It’s the nature of the beast,” said the Anonymous activist.
The core of the IT army
The idea of recruiting a volunteer cyber army was born when war broke out in late February.
When the first missiles hit Ukraine, civilian experts in the country’s cybersecurity industry turned to the country’s government to offer help, said entrepreneur Yegor Aushev, co-founder of Ukraine’s cybersecurity firm Cyber Unit Technologies.
“Our only motive is to end this war,” Aushev told DW on the phone from near Kyiv. As they encouraged other cyber professionals to join them on social media, hundreds heeded their call. A month after the start of the war, he estimates, their number has grown to almost a thousand people.
Ukrainian Yegor Aushev (r) has called on hundreds of hackers to take action
According to Aushev, they can be seen as the inner core of Ukraine’s IT army and work closely with the country’s government. Most of its members have years of experience in cybersecurity; Access is only granted to those who find other experts who vouch for themselves.
Their goal is to gather information about the war and possible targets in Russia, which they will share with the Ukrainian government, Aushev said.
Another powerful player in Ukraine’s cyber guerrilla army is the hacker collective Anonymous – a loose international hacking movement. Shortly after Russia began invading Ukraine, the hackers announced on Twitter that they were now “in cyberwar against the Russian government.”
Since then, Anonymous has claimed several incidents such as hacking into Russian state television channels.
Two Anonymous members told DW they estimated “hundreds” of people were conducting advanced hacking operations. In addition, many other less-skilled volunteers are involved in activities to spread information about the war among Russians, they said. For example, they use a website that allows Internet users to send SMS, WhatsApp messages, emails and call anyone in Russia.
This page was created by Squad 303, a collective with links to Anonymous that started in Poland and now claims to have more than 100 members around the world, including Japan, Estonia, Germany and France. A Squad 303 member told DW that their website made it possible to send over 40 million messages to people in Russia in the first month of the war.
There is also a growing number of so-called “script kiddies” – volunteers with little cybersecurity experience who run hacking programs without fully understanding how they work.
Many of them joined the cyber-guerrilla effort after Ukraine’s digital transformation minister took to Twitter to urge users to take action, adding a link to a Telegram channel with instructions in Ukrainian and English. Every day the admins of this channel publish a list of IP addresses and encourage group members to crash the sites.
Ukraine’s digital transformation minister sent netizens to a Telegram channel with orders to bring down Russian websites
It is this Telegram channel that Danish IT expert Jens checks for new targets every morning. A month after the start of the war, it has over 300,000 subscribers.
Criminal activity – which could backfire
While the Ukrainian government applauds cyber guerrilla activities, experts warn the effort could backfire. The hackers could inadvertently damage unintended targets or trigger counterattacks by technically superior nation-state hackers.
“Each of these attacks further escalates the situation,” says Dennis-Kenji Kipker, Professor of IT Security Law at the University of Bremen, “and that doesn’t get us anywhere.”
He added that not all cyber guerrillas appear to be aware that they are breaking the law.
Danish IT expert Jens said he knew what he was doing was illegal.
“I’m a very law-abiding person, I don’t even run a red light — I’m an ordinary person with an ordinary job in an ordinary town,” he said. “I would never do that in peacetime.”
But when, in mid-March, he saw images of a bombed-out theater in the Ukrainian city of Mariupol, with the word “children” written in Russian on the sidewalk, he decided to get involved.
“There is a war going on, and I consider myself a veteran, like many people in the Ukrainian IT army,” Jens said.
Edited by: Rina Goldenberg
Speaking of which: in several e-mail newsletters, the DW editors summarize what is happening in Germany and around the world. Here you can sign up.