It was an overpowering cyber-attack. The largest telecom operators and internet providers in Russian-occupied Ukraine last month were driven offline. The attackers? Volunteers from “Ukrainian hacker groups,” Russian internet providers acknowledged.
Ukraine’s IT Army emerged after Moscow’s February 2022 invasion. Comprising both international and local digital talents, this volunteer IT army collaborates with Ukraine’s defense ministry to target Russian digital infrastructure and websites. The volunteer IT army’s Telegram channel has counted upwards of 300,000 members.
This potent force is controversial. Critics accuse it of targeting civilian entities such as Russian banks and food delivery services. Its independence from Ukraine’s government creates a legal gray area and has prompted the Ukrainian government to draft a law aiming to formalize the IT Army’s status. If passed, Ukraine will align with countries such as Finland and Estonia, which maintain reserve cyber forces alongside their regular militaries.
The concept of hacktivist collectives is not new. Russian hackers targeted Georgia in 2008, preparing “staged” botnets before Moscow attacked the country.
Ukraine’s hacker militia’s main weapon is Distributed Denial-of-Service (DDoS) attacks. It has developed a network on GitHub, often breaching its terms of service. Denial of Service is a simple type of hacking attack; it attempts to shut down the targeted website by flooding it with an unmanageable volume of requests.
Although the exact tally of attacks carried out remains uncertain, estimates suggest that around 2,000 attacks were launched between February and June 2022. The IT army shut down the websites of Russian government agencies, media, and banking. It doesn’t aim to degrade ordinary Russians’ quality of life but to strategically target entities that directly or indirectly support Moscow’s war effort.
Initially, Ukraine’s IT Army only recruited via a single Telegram channel. It now has expanded into a network of individual groups, tool developers, and data-hosting platforms. While the Telegram channel’s membership has declined from its peak of 300,000, a robust network of volunteers continues to carry out attacks.
The Ukrainian DDoS attacks have caused only temporary damage. Servers eventually are restored, protections improved, and the attacks become ineffective. One of the IT Army’s lead coordinators, who goes by the name Ted, remarked that this Army is continuously evolving, “focusing on refining our cyber strategies and tools.” It looks to go beyond DDoS attacks, and planning to expand the volunteer base with more specialized IT skills. “Our goal is to adapt and stay ahead in the rapidly changing landscape of cyber warfare,” says the coordinator.
The IT Army’s operations raise important questions. What is the legal status of cyberattacks? How should actions by foreign volunteers be judged? Ted says the group operates with “a strict ethical code to ensure civilian safety and compliance with international laws. Our volunteers are not combatants in the traditional sense, but they do contribute to the defense effort in a non-violent and strategic manner. We understand the importance of this distinction and continually work to maintain it.”
The two largest Ukrainian hacktivist groups have pledged to scale back cyber-attacks and adhere to new rules of engagement set forth by a war watchdog.
Ukrainian intelligence and defense officials are moving to take control. Operations are reportedly organized by 25-30 “Generals” from Ukrainian government agencies, coordinating high-level hackers, or “Colonels.” Ukraine’s Minister of Digital Transformation, Mykhailo Fedorov, reported last month that the country’s IT Army had orchestrated a significant DDoS attack on Russia’s Leonardo airline booking system, leading to substantial disruptions at Russia’s major airports. “If Ukrainian airports cannot operate because of the war, why should Russian ones?” questioned Fedorov.
A Harvard University index ranks Ukraine among Europe’s top cyber powers, a position aided by this growing IT volunteer army. Ukraine’s experience in establishing a volunteer hacker army could serve as a model in future conflicts for small democracies confronting giant neighbors such as Taiwan.
Several nations, such as Estonia— a NATO ally and a leader in cyberwarfare — maintain a cyber reserve squad. This group, known as the Cyber Defense Unit, is part of the Estonian Defense League, a volunteer body that operates independently yet follows the direction of the nation’s armed forces.
Many countries are unable to afford a purpose-built Cyber Command. For them, Ukraine’s model of quickly deploying a volunteer IT army represents a potential blueprint.
David Kirichenko is a freelance journalist covering Eastern Europe. He can be found on X @DVKirichenko.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
