For years, Dmitriy Sergeyevich Badin sat atop the FBI’s most wanted list. The Russian government-backed hacker has been suspected of cyber attacks on Germany’s Bundestag and the 2016 Olympics, held in Rio de Janeiro.
A few weeks into Russia’s invasion of Ukraine, his own personal information—including his email and Facebook accounts and passwords, mobile phone number and even passport details—was leaked online.
Another target since the war broke out two months ago has been the All-Russia State Television and Radio Broadcasting Company, known as a voice of the Kremlin and home to Vladimir Solovyov, whose daily TV show amplifies some of the most extreme Russian government propaganda.
On March 30, almost a million emails spanning 20 years of the broadcaster’s history were leaked onto the internet.
The unveiling of their secrets was part of a widespread assault taking place in cyberspace, as Russian companies and government bodies were swarmed by hordes of pro-Ukrainian hackers, many of them new and previously unknown players to cyber-security experts.
The result has been hundreds of millions of documents spilling out from targets as varied as Transneft, a huge oil pipeline operator close to the Russian government; Russia’s Ministry of Culture; Belarusian power supplier Elektrotsentrmontazh; and an arm of the Russian Orthodox Church that has backed the war in Ukraine.
“Russia is being hacked at an unprecedented scale by a lower tier of attacker, and there are tens of terabytes of data that’s just falling out of the sky,” said Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, a cyber security group.
“Historically, [Russia] was being systematically popped by a higher tier—the Five Eyes [intelligence alliance comprising the US, UK, Canada, Australia, and New Zealand] and Chinese government—but right now, the breadth of leaks is just breathtaking,” added Guerrero-Saade.
For more than a decade, Ukrainian government, financial and other systems were pummeled by Russian state-backed hackers. Only in recent years—with the backing of the US government, the intensive training of its own security agencies and the support of a volunteer army of local computer programmers—have Ukrainian defenses matched Russian aggression.
Now, Russia itself is being hunted in the cyber arena by pro-Ukraine hackers, opportunistic criminal groups and, as some security researchers suspect, government-backed entities from western countries.
Some have banded together in relatively simple “denial of service attacks,” which bombard Russian websites with traffic in order to take them down. In response, Russian companies from banks to railway ticketers and media outlets temporarily fenced themselves off the global internet, ensuring their sites could only be accessed from within Russia.
Other hackers have targeted the databases of the Russian government and those close to the Kremlin, stealing decades worth of data, documents and messages and letting them loose into the wild, while boasting of their exploits in the darker corners of the internet.
Estimating the full scale of these attacks is almost impossible. Some of the leaks have emanated from obscure units of the FSB or from secretive companies that are unlikely to publicly decry being hacked.
But Lorax B Horne at Distributed Denial of Secrets, a whistleblower news site seen as a successor to WikiLeaks, said they have watched both the quality and the quantity of datasets being submitted anonymously to the group build into an “avalanche.”
“We’ve seen more data from Russia that is of higher value than we have seen before,” said Horne, referring to almost a million emails, attachments and files from Petersburg Social Commercial Bank as one example. “We haven’t seen this before—the variety of data, the amount of different data and groups.”
Distributed Denial of Secrets, which has helped uncover corruption and wrongdoing around the world, releases information it deems to have public interest—with the caveat that amid the increased tempo of the Ukraine war, it cannot guarantee the data dumps are not hiding malware or manipulated documents.
One hack by a Belarusian dissident group called the Cyber Partisans was modelled on the sabotage of Nazi railway lines in the second world war. It combined electronic subterfuge with physical damage to slow freight trains carrying Russian war equipment through Belarus to northern Ukraine in the first days of the invasion, said Yuliana Shemetovets, a US-based spokeswoman for the group.
At one point, the slowdowns in the rail network, which targeted the automatic signaling systems for freight trains and the ticketing system for passengers, were sufficiently widespread that western intelligence officials credited the disruption with bogging down Russian forces en route to Ukraine’s capital, Kyiv.
The hack had been planned even before the war began, such as by deleting some databases that required railway employees to manually check all freight. The Cyber Partisans subsequently decided to exploit the strategy to help the Ukrainians. Shemetovets said this was in order to “remind people” that the Belarusian regime of Alexander Lukashenko “is just as bad as Putin’s, and that the Belarusian issue is important, especially if you don’t want tanks on the borders with Poland and Latvia.”
Yet the widespread assault on Russian targets has had the unintended result of disturbing a carefully maintained equilibrium between the world’s major cyber powers—the US, China and Russia—according to Guy Golan, a former Israeli military intelligence officer.
Golan, who now runs Performanta, a cyber security company, said the three countries had for decades penetrated the computer networks behind each other’s civilian infrastructure but had not attempted more widespread disruptions.
The sudden onslaught of cyber assaults on Russia threatens that détente.
“These armies of hackers will be a great story to tell our children years from now, but it is dangerous as hell,” said Golan. “They may think they are doing a heroic thing, but imagine a general in Russia who has to respond to losing water supply to Moscow? Suddenly, that level of equilibrium can be disturbed in a disastrous way.”
© 2022 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.