
Studying of Ukrainian hacktivism phenomenon and analysis of the information obtained by the “knights of cyberspace” have become an important part of the research work performed by InformNapalm volunteer intelligence community. This is the first article in a forthcoming series of interviews with the stars of Ukrainian hacktivism who have become extremely popular after they broke the Internet with SurkovLeaks.

Sean, a Ukrainian hacktivist from RUH8 group (still frame from VICE | CYBERWAR episode)
Today we will speak with Sean, a Ukrainian hacktivist from RUH8 group. RUH8 is a member of Cyber Alliance – several hacktivist groups that united their efforts to counter Russian aggression in cyberspace. Cyber Alliance has a proven track record of successful high-profile operations including the hack of office email account of the Kremlin’s grey cardinal Vladislav Surkov, personal adviser of Russian President Vladimir Putin; cyber attacks targeting Orenburg Oblast of Russia; the hack of gadgets belonging to Motorola (recently killed), a famous Russian chieftain of militants fighting in Donbas; the hack of mailboxes belonging to The Union of Donbass Volunteers terrorist organization (chairman – Alexader Borodai, former Prime Minister of the self-proclaimed Donetsk People’s Republic, former Russian Security Service (FSB) Deputy Director on information policy and special projects), and a number of operations tied to specific dates – #op256thDay, #opDay28, #opMay18, #OpMay9.
As a hacktivist, I always liked to play with computers. Not literally. I do not mean playing computer games (have been playing them, too, of course), but rather playing with computers as with the object which creates stand-alone reality that is unlike anything else. After becoming more experienced I realized that computers do not exist separately from people. And I won’t deny it that I like influencing people and events. Especially when cyberspace, which is totally my element, has already become a part of everyday life. It must be called “politics”, right? The fact that post-Soviet feudal-corporate system is gradually dying out, opens up absolutely new possibilities.
I don’t dwell on revenge, though I have reasons for revenge. I can hardly be called a saboteur: collateral damage can be very substantial, but my goal, as I see it, is to collaboratively counter Russian-terrorist threat. So, at the moment I’m not looking to hack as many things as possible, but rather I want to understand how these self-proclaimed republics are managed (their organizational structure, economy, personal connections between org-men, relations with Russia) and how our society responds to terrorist threats. You must know your enemy to inflict maximum damage.
Who am I? A political activist.
The first time we started to apply our knowledge was in March 2014. We were trying to find out who was standing behind Russian hacker groups. Since then we never stopped acting. Yet, gradually we started to understand that war cannot not be won through scattered attacks, and, also, that we need to reinforce them with information and political support. Our attempts to cooperate with intelligence agencies gave no result at that time. A hacktivist is a person who is looking for a shortcut, the simplest solution, through complex means. Intelligence agencies and military organizations are ruled by completely different thinking. That said, the mere fact that “geeks” and “spooks”, hackers and fighters, found a common topic for discussion speaks volumes. Step-by-step a new civic movement emerges. Cyber-volunteer movement. Still, even that is not enough to win the first cyber war in the history of mankind. Changes are happening. I am sure we will win – both in the cyberspace and in the conventional war.

Dahmer – a Ukrainian hacktivist from RUH8 group (still frame from VICE | CYBERWAR episode)
Information warfare is a well-known phenomenon, its purpose is, through manipulation, persuasion, agitation and propaganda, to make people change their point of view. In contrast to information campaign, information warfare is all-out, it involves all population of the countries at war. There is no way to hide or escape from the infowar either in a glamour magazine, or in a healthy-eating book.
Cyber warfare is a relatively new phenomenon. At first, there were fictional fantasies – like Gibson’s computer virus-weapon (Translator’s note: reference to the book “Neuromancer”, a novel by William Gibson). Then, gradually, in mid-90s, computer war concepts started to evolve. Many laughed at them then (myopically!). In late 80s KGB managed to carry out a successful hacker-assisted espionage operation – if you want to learn more about it, read “The Cuckoo’s Egg” by Cliff Stoll. That said, just like some dirty laundry leak or election campaign activities cannot be called information warfare, espionage or DDoS-flashmob (remember Estonia) are not cyber warfare.
Intelligence men cannot win wars alone. If we look at conventional warfare, we can see that in the very beginning there were separate combat-ready units, then they transformed into volunteer battalions and finally turned into a regular army. Over time, as people unite and establish interaction, individual operations and sabotage attacks grow into war that covers both traditional military fields: intelligence and counterintelligence, disruption of communications, informational and conventional sabotage; and other spheres of life: some politician can gain extra influence or resign, a large company may go out of business or lose a market segment. A hacker attack can erase all content of some propaganda website or make a bank lose money, while some exotic branch of computer science gets to publish an interesting article “Back to the question of graph theory application for static analysis of executable files”.
Western countries have already deployed special cyber units, and they have been there for quite a long time, but this is only theory. Real-life practice is happening here and right now. This is where technical capabilities and geopolitical interests meet each other. Now we are on the threshold of the first Ukrainian-Russian cyber war (as it will appear in the history books).
I am dead set against WikiLeaks style, although I greatly value the work done by leaktivists, hacktivists and volunteers. Information, if dumped in a huge heap, loses its importance. It gives ground for scandals and hassles that side-track public attention, raise doubts about the reliability of the released information or provoke leaks that can disrupt further operations. Like any other material, information is a resource you should work with and squeeze it dry.
If counterspies have already found and identified all enemy agents in the hacked correspondence, it does not mean there is nothing left there for the military, journalists and hackers (hell yeah!). And after that it is time to release archives, too, – for historians.
The interaction exists and it gives results. Still, the relationship between security officials, volunteers and general public can hardly be called perfect. The root of the problem is not that someone is doing a bad job. InformNapalm works great, that is why we share our data with you. Many other organizations and individuals should also grasp that there is war going on, and victory in this war requires joint action (just as it requires management, logistics, funding and political will).
My goal is victory in the war with Russia and building of independent and free Ukraine. After that I can switch to the defensive mode or do other things. It is too early to tell you about the most successful operations, though in general I like all of them, even those where our role was secondary. I added Guy Fawkes mask and Ukraine’s national emblem to RUH8 logo for a reason – it symbolizes that working together for a common goal is more important than individual tactical gains.
First Anonymous actions were the manifestation of hive mind born on imageboards, it was fresh and sincere. Despite the lack of clear ideology there was the lowest common denominator – for instance, confidence that the Church of Scientology must be stopped in its attempts to censor Internet. Since then any Tom, Dick or Harry started wearing Guy Fawkes mask. We have it, too :-), but we also have our own modus operandi: our operations do not pursue very broad universal ideas of justice, but have a well-defined political agenda. After the war RUH8 brand will cease to exist. I do not believe in Anonymous and I think that if we take ten random “guy-fawkes” and peek under the mask, we will find four high school students, one freak obsessed with power, three intelligence agents, one manipulator hiding behind a bunch of hackers, and, if we are lucky enough, one hacker who knows what he does and why he does that.
I am trying to connect with foreign colleagues, but they are hampered by the language barrier and the illusion that “it’s not their war”. It is necessary to explain that this is not just a local conflict, but the continuation of the Cold War that affects everyone.
I think that the first publication of CyberHunta was somewhat premature, but the subsequent release of Surkov’s office email data gave much better results than one could expect. For the first time since no less controversial and successful action by Myrotvorets, the operation of Cyber Alliance caused global stir. More so after the authenticity of the hacked correspondence was confirmed by independent analysts from Bellingcat and Atlantic Council’s DFR Lab.
Hacking, especially targeted hacking, is the most tedious and painstaking work which embraces collection of necessary information, endless search, constant review of reports generated by automatic analyzers, and only after you find a reliable clue, you get a chance to become creative and prove your mettle. Or the other way around, first you develop a new tool (every craft has its toolkits), then you have to test it, debug it and wait for the results. And sometimes good luck simply finds and hits you. Once I “hacked” a bank, hackerish, isn’t it? 😉 after a five-minute Google search, I got a bug bounty for it. I even had to hack it once again later, though it did not take me five minutes for the second time, to make sure that “luck” is always based on knowledge and years of experience.
Clark said that any sufficiently advanced technology is indistinguishable from magic. Hackers’ magic halo is supported by the fact that the resulting outcome greatly exceeds the effort. Sometimes we receive emails from people who are truly desperate and for whom computer hacker is the last hope. Anyway, however unusual it may seem, it is still a job 🙂
Evidence data was exclusively provided to InformNapalm by the hacktivists of the Ukrainian Cyber Alliance for analysis and processing. InformNapalm Community bears no responsibility for the sources and origin of the data.
Translated by MC Joy
Edited by Christina Dobrovolska
The interview was prepared specially for InformNapalm volunteer intelligence community website. An active link to the source for any reprint of other use of the material is required.(Creative Commons – Attribution 4.0 International – CC BY 4.0)
Want to stay informed about the latest InformNapalm investigations? Follow us on Facebook.
One Response to “RUH8 about Ukrainian hacktivism, cyber warfare and SurkovLeaks (exclusive interview)”
11/23/2016
RUH8 om ukrainsk hacktivism, cyberkrig och SurkovLeaks - exklusiv intervju - InformNapalm på svenska[…] en […]