Hordes of Ukrainian coders are splitting their time between doing their day jobs and fighting a cyber war with Russia.
Over 311,000 people have joined a group called “IT Army of Ukraine” on the social media platform Telegram, where Russian targets are shared. While not all of them are from Ukraine, a significant number of them are, according to members of the group who spoke to CNBC.
Dave, a Ukrainian software engineer, who preferred to withhold his surname due to the nature of his comments, told CNBC the group has helped to carry out multiple cyberattacks outside of their day jobs since the war started. He said targets had included Russian government websites, Russian banks and currency exchanges.
“I’m helping the IT Army with running DDoS attacks,” he said. A distributed denial-of-service attack is a malicious attempt to disrupt the normal traffic of a website by overwhelming it with a flood of internet traffic.
“I’ve rented a few servers on GCP (Google Cloud Platform) and wrote a bot for myself that just accepts website links and targets attacks at them whenever I paste them in,” he explained. “I’m usually running attacks from 3-5 servers and each server usually produces around 50,000 requests per second.”
Whenever a list of targets gets shared on the Telegram channel, Dave says he just pastes them into a bot, which took around an hour to create.
When asked how successful it has been so far, he said it was hard to say since the attacks are carried out by thousands of people simultaneously. “Combined actions are definitely successful,” he said.
Dave is one of around 30 Ukrainians who work remotely for a U.S. tech consultancy firm. The company has made work “fully optional” for its Ukrainian employees.
Oleksii, a quality assurance team lead for a software company in Zaporizhzhia, Ukraine, told CNBC that he and his colleagues are doing their best to keep working and keep the economy going. But it’s not been easy.
“[During] the first days of war, the air raid sirens went off for 24 hours straight and you can’t think of work at those moments — you can only think of your family, children and how to keep them safe and sheltered,” he said.
Since Russia started its invasion of Ukraine on Feb. 24, Oleksii said he’s been averaging no more than two hours of work per day. “In times like this, it is hard to prioritize professional work of course,” he said.
In addition to his normal job, Oleksii is also trying to help Ukraine win the cyberwar. “As an IT worker, I hope that I can serve my country on the digital frontline, as this war takes place in the digital world as well,” he said. “On a daily basis, I help reach various European and U.S. websites and ask them to stop doing business with Russia, posting on social networks, etc.”
Gazprom and Sberbank targeted
Another developer called Anton said he personally took part in a DDoS attack on Russian oil energy giant Gazprom, as well as others against Russian bank Sberbank and the government. Gazprom, Sberbank and the Russian government did not immediately respond to a CNBC request for comment.
“There are a lot of people who take part in attacking so it doesn’t take an extensive period of time to put a service down,” he told CNBC.
Meanwhile, Nikita, a CEO and co-founder of a cybersecurity firm, told CNBC that he’s also in the IT Army of Ukraine Telegram channel. His firm does work for clients around the world and its staff have continued working throughout the Russian invasion. They do “penetration testing” and check IT systems for vulnerabilities.
Nikita told CNBC that he has been trying, via messaging services, to tell Russian citizens what’s really happening in Ukraine amid tight media controls from Moscow. He said he and his hacking team are also publishing Russian credit card details online. “I published like 110,000 credit cards in the Telegram channels,” he said, adding that he wants to inflict economic harm on Russia.
“We want them to go to the Stone Age and we are pretty good at this,” Nikita said, adding that they’re now targeting Russian gas stations with a cyberattack. However, he stressed that he doesn’t hate all Russians and he’s grateful to the Russians who are helping Ukraine.
Ukraine’s Digital Minister Mykhailo Fedorov urged people to join the channel last month, saying Ukraine is continuing to fight on the cyber front.
Yehor, another tech expert who works for an international cybersecurity company remotely from Ukraine, is also juggling his normal role alongside the cyber war.
“My company is trying not to push us on any timelines,” he said, adding that some staff are still in Kyiv or Kharkiv, where the fighting is more intense.
“I’m trying to make equal time for work and cyberattack. Unfortunately, my family is not with me, so I have more free time than usual,” he added.
Ukraine is one of the biggest software development hubs in Eastern Europe and its coders are world-renowned.
The cyber war is reportedly a two-way battle. In the first three days following the invasion, online attacks against Ukrainian military and governmental sectors increased by 196%, according to Check Point Research.
They also modestly increased against Russian (4%) and Ukrainian (0.2%) organizations, according to the data, while simultaneously falling in most other parts of the world.
Nearly four weeks in, Ukraine continues to sustain a barrage of online attacks, with most aimed at its government and military, according to CPR’s data.
Moscow has consistently denied that it engages in cyberwarfare or assists cyberattacks. On Feb. 19, the Russian embassy in Washington said on Twitter that it “has never conducted and does not conduct any ‘malicious’ operations in cyberspace.”
—Additional reporting by Monica Buchanan Pitrelli.