
The hackers from the RUH8 group tell Focus how they counteract the enemies of Ukraine and resist Russian propaganda and explain why they want the state to clarify its position towards cyber warfare
Operations of Ukrainian hackers get media coverage almost weekly. They break into the web sites of public bodies and propaganda outlets of Russia, Crimea and the so called “Peoples’ Republics” in Donbas, defacing them with materials running contrary to the Russian propaganda, thus forcing the enemy to channel more resources into security measures. They retrieve personal data of the people that collaborate with the Russians to undermine Ukrainian statehood. They want the enemies of Ukraine to “shudder at the noise of their own computers”.
There are several notable hacker groups in Ukraine. Focus contacted the members of one of them – RUH8, whose name contains a telling encrypted pun: ruh eight – Ru Hate. This group is known for hacking the government portal of Orenburg Oblast, the web site of the Astrakhan Oblast Duma (regional council), the Russian State Duma (lower house of the Russian parliament), the Russian Federation Council (the upper house of the Russian parliament). In cooperation with the hacker groups Falcons Flame and Trinity, they have recently retrieved an array of personal correspondence of Russian propagandists.
The group maintains anonymity. Its spokesman, offering a name of Sergei, easily agreed to an interview, but insisted on answering in writing by e-mail. He warned us that all the answers he would give would only apply to RUH8, and the views and stories of other hacker groups and volunteer communities could be different. Talking about RUH8, he is laconic: “The web site of the group went up in November 2015, but we had been engaged in political activism since the spring of 2014. Our first operations consisted of covert counterops against Russian intelligence agencies posing as informal groups, hacking of personal mail boxes and websites of the Donbas separatists. We have no fabulous incomes, we have never done and are not doing any outright criminal profiteering. We also ensure that our activity has no conflict of interest, namely: any paid work shall not cause any damage to Ukraine or Western countries”.
Lower Volga People’s Republic
What are the goals you set for yourself? Your web site says “to harm Russian Federation.” Is there some kind of system in choosing targets, any priorities?
– Harm means harm. Both to Russia and its puppet “republics”. As one Falcons Flame guy put in our closed chat, “they must be afraid to go online. They must shudder at the noise of their own computers”. We share this view. Public servers, e-mail accounts, document management platforms, closed information systems, banks, i.e. anything we can reach. As a rule, the larger and more valuable the information resource is, the harder it is to get in.
Volunteers cannot replace proper military or foreign intelligence agencies or wage an all-out cyberwar. But we do our best.
Which operations are you most proud of?
– One of our most successful actions is hacking the Astrakhan Oblast Duma and the proclamation of the “Lower Volga People’s Republic” on behalf of the local officials. The Russian press offered a very keen response to the possible separatism in Russia. The hacks Falcons Flame / Trinity did on May 9 were also spectacular.
And the media attention is very important. The help of the “InformNapalm” community is invaluable. Political hacking is a cross between contemporary art and terrorism. Even if the obtained information is not of “operational” value or public interest, the fact of hacking, combined with the appropriate media coverage can strongly influence policies and events.
Recently, there have been many reports about the actions of the Ukrainian hackers FalconsFlame, Trinity, RUH8, CyberJunta. Have hackers really got active just now, or has their activity been ignored up until now?
– Now, we have broken the “information blockade”, and more people know about us. Politically motivated cyber-attacks from both sides have been running non-stop, but now Ukrainian hackers are exchanging information, establishing connections and coordinating attacks. OSINT volunteers help to process and publish the retrieved data. And it yields more meaningful results.
Why are these specific groups in the spotlight? Do other Ukrainian hackers shun attention?
– We have the support of journalists and volunteers. By the way, there are more than four groups: there are also “Ukrainian Cyber Troops” of Eugene Dokukin, there was the “Cyber Hundred”. I am talking only about politically active hackers. We do not cross ways with hackers operating on the black market. There have been some polemics on the closed commercial underground forums, but the admins purged them mercilessly.
Now these four groups “are in the spotlight”. We, at RUH8, think that improved interaction between hackers, as well as between the hackers and the society, enhances the value of information. In place of standalone “sabotage ops”, comes the more coordinated pipeline. Especially, after the heated discussions about the documents published by the Myrotvorets center.
We should like to specially compliment the InformNapalm community volunteers for their remarkable work. Without it, many hacker ops would not have received the due attention. Their recent publications, such as de-anonymization of the Russian troops in Syria, have made quite a stir in Russia!
“We were struck by the extreme cynicism”
Recently, together with FalconsFlame and Trinity groups you hacked mail boxes and cloud storage of Russian propagandists. What struck you most about the information you managed to read?
– Most of the kudos for this hack should go to Falcons Flame and Trinity. We were struck by the extreme cynicism of the Russian propagandists, as well as the great attention paid by Russian authorities to the information warfare, and substantial resources poured into propaganda. Also by the mechanistic nature of the propaganda machine resulting in the willingness to use absolutely any means. And at the same time they are planning vacations in Europe and figuring out the costs of their home improvements. We, RUH8, are not “cuddly teddies” either, and we do not deny that we not only conduct cyber attacks, but also wage information warfare, that is, we do not simply “inform”, we put a particular spin on our materials. However, we have our ethical limits, whereas on “the other side” we find outright scumbags and vultures.
Should Ukrainian hackers unite or their effectiveness does not depend on this?
– We think it is necessary to unite, but there are many questions. First of all, trying to unite hackers is like herding cats. And then, there are issues of trust, secrecy, and, particularly, legality of all that takes place. Are we hacking terrorists’ servers or servers located in the territory of Ukraine, controlled by nationals of Ukraine, and therefore technically subject to Article 361 of the Criminal Code of Ukraine (illegal interference with the work of electronic computing machines (computers), computer systems and networks). Are the hacked data protected by law? Is Russia our military adversary? Can the information collected this way serve as the basis for instituting criminal proceedings, or would that contradict the Criminal Code and the existing enforcement practice? If we conduct cyber warfare, which is already underway regardless, how does our state view this?
All these considerations put aside, exchange of information and concerted action, of course, enhance efficiency.
Hackers often report that they hand the extracted information over to SBU. Is anything known about the use the intelligence agency puts it to, how useful is it?
– As far as we know, criminal proceedings were instituted on a couple of episodes, including under Art. 111 (“treason” in the Criminal Code of Ukraine), and some arrests were made.
“Such questions are already a step forward”
Among the supporters of the separatists, there also are hackers, for example, a group called Sprut (Octopus), which is hacking sites of regional administrations in Ukraine. Are they also non-profit, or do they carry out somebody’s orders?
– Well, Cyber Berkut is clearly an outfit of the FSB (the Russian security and intelligence agency), but I am not sure about Sprut. Although, after Eduard Basurin, the talking head of the DPR (Donetsk People’s Republic terrorist organization), started promoting them, it left no room for doubt that they are, or may have always been, one of the propaganda tools of the “republics”. Not to mention, that the materials they post and their presentation leave the impression that no one reads them or cares about their spreading. For example, the “hacked” police documents posted on the Sprut website, are full of reports of “unidentified bodies in DPR uniforms”, whereas the militants normally hide their losses, as well as reports revealing an unprecedented level of banditry in the occupied territories.
How often does Ukraine suffer from attacks of Russian hackers? What can you say about the vulnerability of our websites?
– The hacks of Ivano-Frankivsk power company and of the Central Electoral Commission of Ukraine are regrettable. We think that the competent state agencies together with the National Security Council should give more attention to security. Many Ukrainian officials still use e-mail services in the .ru zone – how is that still possible? Security? No, never heard of it. However, there are changes, and changes for the better.
The National Cybersecurity Coordiantion Center is being established in Ukraine. Can we expect that the Ukrainian cyberspace will be better protected, or is setting up of such a body more of a ritual?
– I would like to hope for the best, but Ukraine already has the Ministry of Information Policy, which prefers flaming on Facebook to managing information policy. It is not very reassuring that the wording of the Center’s tasks are like “What is happening?”, “Do we have information security?”, “How do we protect ourselves?”. Still, the fact that such questions are being asked is already a step forward. However, I would like to see a coherent document on the information and cyber warfare. Are we at war? Who is our enemy? What are our goals and tasks? Which methods are endorsed? Hackers and volunteers already have answers to these questions. What about our state?
Original by Alexey Baturin | Focus.ua
Translated by InformNapalm.
No Responses to “Cyberwar special forces – Ukrainian hackers vs Russian occupiers”