Some of the online fighters have moved away from the tactics used earlier in the conflict. In the early stages of the war, Ukrainian hackers targeted attacks designed to take Russian websites offline. Russian hackers targeted Ukrainian government websites in January prior to the invasion and installed “eraser” malware that permanently erases data from computer networks. More recently, Russian hackers appear to have carried out attacks that could have turned off electricity or disabled military communications. (Several of those attempts were thwarted, U.S. officials say.)
But releasing personal data is more like information warfare than cyber warfare. It echoes Russian tactics in 2016, when hackers, backed by Russian intelligence, stole and leaked data from the Democratic National Committee and individuals working on Hillary Clinton’s presidential campaign. Such hacks are designed to embarrass and influence political outcomes, rather than destroy equipment or infrastructure.
Experts have warned that the involvement of amateur hackers in the conflict in Ukraine could lead to confusion and encourage more state-sponsored hacking as governments look to defend themselves and retaliate against their attackers.
“Some cybercrime groups have recently publicly pledged support to the Russian government,” the Cybersecurity and Infrastructure Security Agency warned in an advisory on Wednesday. “These Russia-affiliated cybercrime groups have threatened to conduct cyber operations in retaliation for alleged cyber offensive against the Russian government or the Russian people.”
Distributed Denial of Secrets, the nonprofit that publishes much of the leaked material, was founded in 2018 and has published material from U.S. law enforcement agencies, blank corporations, and right-wing groups. But since the start of the war in Ukraine, the group has been inundated with data from Russian government agencies and companies. It currently houses more than 40 datasets related to Russian entities.
“There has been a lot more activity on that front since the war started,” said Lorax B. Horne, a member of DDoSecrets. “As of the end of February, it’s not all Russian data sets, but it’s an overwhelming amount of data that we’ve received.”
DDoSecrets works as a clearinghouse and publishes data it receives from sources through an open submission process. The organization says its mission is transparency with the public and avoids political affiliation. It is often described as a successor to WikiLeaks, another non-profit group that has published leaked data it received from anonymous sources.