RFE/RL has interviewed a Ukrainian hacker, known as RUH8, who is part of a ”hacktivist” collective that includes other hacker groups, such as CyberHunta, Falcons Flame, and Trinity.
When working together, these groups call themselves the Ukrainian Cyber Alliance. Their declared enemy is the Kremlin, and their avowed mission is to expose its meddling in Ukraine and ultimately to destroy Russian President Vladimir Putin`s regime, RFE/RL reports.
They regard a hacker group called CyberBerkut — which international cybersecurity experts have blamed for digital attacks on Ukrainian ministries and its presidential election in 2014 — as their Russian counterpart. They also believe CyberBerkut is an alias for Fancy Bear, a hacker group with suspected ties to the Russian state that is thought to have worked with another Russian group, Cozy Bear, to disrupt the upcoming U.S. presidential election.
A native of eastern Ukraine — where separatists still control swaths of territory — RUH8 says he delights in exacting digital revenge on those who have destabilized his country. A self-taught hacker with 20 years of contract work in security research for national and international companies, RUH8 insists he began hacking only after the start of the conflict.
”In the beginning, we didn`t understand well how Russia was [fomenting] the war. It is a hybrid war,” he says, using a term coined by Western analysts to describe the mix of cyber, economic, media, psychological, and military operations Russia is thought to be employing to further its aims in Ukraine. ”It was very tangled and we just didn`t know who we were fighting with, so we started to collect [publicly available] information online.”
The Ukrainian side`s latest salvo came on October 25, when the Cyber Alliance leaked more than a gigabyte of e-mails and documents purportedly extracted from the inbox of one of Putin`s top aides, Vladislav Surkov.
There have been other recent successes for the pro-Kyiv hacktivists, too.
The Cyber Alliance and InformNapalm collaborated to leak the mobile-phone data of a Russian national named Arseny Pavlov shortly after his death in an elevator bombing in eastern Ukraine in October. Better known by the nom de guerre Motorola, Pavlov commanded separatist fighters in Donetsk and had boasted of killing captive Ukrainian troops. The hackers alleged the leaked phone data showed, among other things, that Motorola had feared assassination by Russian security services.
In May, Falcons Flame and Trinity hacked and defaced nine websites associated with the separatist group that calls itself the Donetsk People`s Republic and what the hackers said were private Russian military companies operating in Ukraine and Syria that were associated with Russia`s Federal Security Service (FSB).
RUH8 also claims to have hacked the Russian State Duma`s official website not once but twice in 2014, posting pro-Ukrainian messages such as ”Glory to Ukraine!” across the homepage.
RUH8 says the Cyber Alliance includes between 10 and 15 hackers from across Ukraine with different backgrounds and specialties. The group works purely on a volunteer basis, he says, and coordinates via encrypted chat that is deleted after each conversation.
He insists there is no financial support from Ukraine`s government but that from time to time they get messages from private supporters offering donations of around $50-$100 to their cause. Recently, RUH8 adds, money from such a donation went toward the purchase of an eight-terabyte external drive to store hacked data.
Sometimes they get hacking help from their Russian friends, he says.
”There are people there who are so angry at their own government that they are risking spy charges and passing information to us,” RUH8 explains.
He declines to say whether any Russian citizens are in the Cyber Alliance.
Ukrainian intelligence officials have gone on the record to deny having ties to the budding army of hacktivists, but RUH8 laughs out loud when asked about such public statements.
The Cyber Alliance, he insists, gets limited support from Ukraine`s intelligence community.
Asked about RUH8`s claim, the SBU`s Tkachuk told RFE/RL that ”to the best of my knowledge, we do not maintain contact with hacking groups because hacking is illegal.”
He added, ”As an official organization, we are not allowed to talk with people who use illegal methods, even if these methods are used for good.”
The timing of the Surkov e-mail leak has also led to speculation that the United States might have played a part. But RUH8 insists U.S. hackers were not involved in the Surkov leak.
”It was a purely native Ukrainian hack,” he says, grinning. Then he adds, ”If American guys — who are known to be very clever — pass some information to us, we will be glad to use it.”
RUH8 warns of more leaks to come. ”We have published only a small part of the Surkov e-mails,” he says, adding the e-mails obtained by the Cyber Alliance include information from ”not only Surkov, but others in Putin`s administration.”