This content is not available in your region

Meet the hacker fighting Russia from the comfort of his own home

Access to the comments Comments
By Stefan Weichert
Serhii in front of his computer
Serhii in front of his computer   -   Copyright  Credit: Personal archive   -  

As war rages not far away from him in Kharkiv, Serhii is doing battle from the comfort of his home.

In his room in Sumy, just 20 kilometres from Russia in north-east Ukraine, the 33-year-old has everything needed to make a Molotov cocktail.

But, for now, he's not waging war against Moscow physically. 

Instead, he's taking part in the Ukrainian government's digital attacks on Russia, aimed at shutting down Russian government websites and disrupting Moscow's ability to share information.

When the war broke out, Kyiv launched a Telegram channel called the IT Army Of Ukraine, which shares information about how and what Russian digital infrastructure to attack. 

Serhii, a software developer, decided to put his skills to use. 

“We need to crush all the economic system of Russia and all its empire,” Herenko told Euronews, “Russia is doing actual crimes here in Ukraine, killing our people. We have to give back in the same way, or even worse. All of us, the best that we can.”

The Russian military surrounded Sumy for several days and Serhii said he could hear the bombardments from his windows. Before the invasion, he used to have a more neutral view of Russia and even spoke Russian as his first language.

“But after what has happened, I have switched to Ukrainian,” he said. "It seems that nobody in Russia understands our anger after what happened in Mariupol and Bucha. 

'IT army is more than 300,000 strong'

Slava Banik is in charge of the IT Army Of Ukraine at Ukraine's Ministry of Digital Transformation. 

He says the initiative is one of many ways the government is fighting back against Russia. 

He claims that more than 300,000 people -- not just Ukrainians -- are taking part in the army, trying to disrupt the Russian efforts.

One way is to overwhelm Russian websites with junk traffic, bringing them offline. It is a simple tactic that ordinary citizens can use, and it targets Russian banks, governmental websites, media, and even shops and streaming services.

“This volunteer movement, or the army, they are attacking the governmental portals, websites and the infrastructure, the railway infrastructure, and so on,” said Banik. 

“And of course, the banking and other sectors are used by a lot of Russian people.

“More than 70% of Russians support this invasion and they, of course, also have to feel the results of their invasion into Ukraine and their support for this war.”

The aim is to enrage the Russian population and turn them against Vladimir Putin.

The IT Army Of Ukraine has claimed to successfully have shut down Russian websites and bank services. Banik said it is a way for the government to change the historically defensive position against Russian digital attacks on Ukraine. 

On several occasions before the war, Ukraine has been targeted by Russian hackers, with its infrastructure critically affected, such as in 2017 when several Ukrainian governmental bodies were hit. 

“Before the war, we never tried to attack Russia, but instead worked on our security,” said Banik, “But after the war started, we understood that we should answer.”

The IT Army of Ukraine is not the only initiative. 

The Ministry of Digital Transformation has also set up a feature in its governmental app Diia named єВорог (e-enemy), where people can report and share videos and photos of Russian army positions. Banik says the government has received more than 300,000 reports from civilians.

'We see an increase in attacks'

Dr Matthias Schulze is a cyber-security expert and deputy head of the research division at the German Institute for International and Security Affairs. He has been analysing the cyberwar between Russia and the West for years and says that he has seen a spike since the Russian invasion in February. Not only between Ukraine and Russia.

“We see an increase in hacktivists (group of hackers) attacks on Russian services such as the secret service FSB, banks, media websites, and companies such as Gazprom,” said Schulze, pointing out that Russians are doing the same in Ukraine and the West.

He says that there are three main categories of attacks. 

Mild attacks, where hackers temporarily shut down media, governmental, and company websites by overwhelming their servers. 

More severe attacks, where hackers try to steal sensitive data to leak it to the public. 

Then there are the most damaging attacks, where hackers try to install ransomware in critical infrastructures such as railroads and energy producers to shut them down.

Schulze said the first two have been seen after the Russian invasion of Ukraine but that it is hard to say who specifically is behind it.

“We have seen many cyberattacks, but the intensity or quality hasn’t been so horrifying,” said Schulze. “We know that Russia, for example, can do more damage, but they have not succeeded so far.”