Russian crowdsourced DDoS attacks are mounting against Ukraine and NATO members’ critical infrastructure. Ukrainian hackers are unleashing similar attacks on Russian invaders. While the damage so far seems limited, the danger for both sides is increasing.
A DDoS attack floods a website or a server with traffic, overwhelming the target and causing it to slow down or crash. In the run-up to Russia’s invasion of Ukraine, the number of DDoS attacks originating in Russia rose by 450% year on year, according to cybersecurity firm Kaspersky. Since the invasion, DDoS attacks against US national security targets have soared by a staggering 16,815%, according to NetScout.
A key actor in Russia’s DDoS offensive is a hacker group called NoName057(16). Its manifesto denounces the West for “Russophobia.” Rather than do the work itself, NoName recruits hackers by offering rewards of thousands of dollars in cryptocurrency for successful DDoS attacks. The platform automates user registration via the messaging service Telegram.
Launched in early 2022, NoName counted more than 45,000 subscribers as of June 2023. While Vladimir Putin or Russian security services may or may not run NoName, the group displays unwavering support of the Russian regime. On June 24, 2023, NoName departed from its usual strategy of targeting multiple sites daily and focused its resources on two sites belonging to the Russian Wagner mercenaries. This move coincided with the private paramilitary group’s audacious — and failed — mutiny.
Despite their lack of technical sophistication, NoName’s DDoS attacks create significant disruption. The Russian hackers have targeted Denmark’s financial sector, Dutch ports including Amsterdam and Groningen, the Geneva airport, and even Czech presidential candidate websites. Researchers have identified about 1,400 DDoS attack attempts associated with NoName hackers.
A particularly sensitive target is healthcare. In February 2022, a DDoS cyberattack bearing hallmarks of a Russia operation shut down Tallahassee Memorial HealthCare’s IT systems, rerouted ambulances, and halted all non-emergency medical procedures. In May 2022, the hacker group threatened to take down life-saving ventilators in British hospitals after one of its members was arrested.
Admittedly, Russian hackers tend to exaggerate. Their cyberattacks have failed to defeat Ukraine. While Russia managed to disable Ukraine’s satellite communications at the beginning of the war, the Ukrainians restored them. The country’s electricity lines, banks, and other vulnerable targets continued to run. The key to this success has been Ukraine’s cooperation with Western tech companies such as Microsoft and VMWare to move critical data outside of the country and disperse it around the globe in data centers.
Ukrainians, in turn, have mimicked Russian cyber crowdsourcing tactics, bloodying the Russians, though unable to deliver fatal blows. The Ukrainian IT ARMY mobilizes politically motivated hacktivists who download and install a bot on their computers, enabling them to launch denial-of-service attacks.
This Ukrainian IT vigilante army orchestrated a DDoS attack that delayed Putin’s speech at an economic forum in 2022. Ukrainian hackers have tapped into security cameras behind enemy lines to spy on Russian troop locations. They even have baited Russian troops by creating fake profiles of attractive women on social media, getting Russian soldiers to share their locations.
Russian civilians are targeted. Ukrainians hack pensioner bank accounts and leverage this control to coerce them into acts of arson against draft offices. Similarly, they recruit Russian teenagers via social media platforms to sabotage railway junctions for financial gain.
DDoS attacks are straightforward to execute. They do not require the hacker to deploy any code on the target’s server. This low barrier to entry will allow both Russians and Ukrainians to escalate their attacks.
But crowdsourced cyberattacks so far have failed to inflict debilitating defeats on either side. Unless either side learns how to launch cyberattacks that inflict debilitating damage, DDoS attacks will remain a regular feature of the war in Ukraine — another sign of how the digital revolution is impacting warfare.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.