Calling All Hackers: Looking Inside Ukraine's ITARMY
Russia’s invasion of Ukraine set the stage for the evolution of the modern battlefield. Connectivity reigns supreme, being an essential part of the battle space rather than a pleasant accessory. Consumer drones stalk the fronts, gathering intelligence and dropping munitions on the aggressor. There’s been capital ships destroyed without a navy, western weapons fired without western aviation platforms and pressure applied to the invader on all stages of the battle front. In this war, necessity is the mother of invention, requiring innovation and constant evolution to maintain an edge.
One of the best ways to explore this concept is to look at the cyber domain, which from the start, has been one of the most rapidly changing domains of the conflict. We’ve seen the digitization of nearly the entire Ukrainian economy along with an evolution in how cyber attacks are recognized and defended against. And more importantly, we’ve seen a change in offensive strategies along the way with changes in concepts, ideas and strategies.
This article will explore some of this evolution in detail, explaining the concept, why it’s important and why resources matter. Then we’ll show how you’re able to join the fight, providing resources and participating in collective, crowd sourced defense.
The Worlds First IT Army: The Background
Right from the start technology provided the opportunity to give Ukraine an edge and this opportunity was not left to wait. Shortly after the Invasion, the decision was made to adopt a civilian based IT army comprised of volunteer specialists.
Under the guide of Minister of Digital Transformation Mikhailyo Fedorov the call was made, and like many other aspects of the war the people answered, with specialists around the world giving time, resources and knowledge to assist in the fight for independence.
This call to action was slightly controversial, with the implication that weaponizing civilian hackers may lead to other cyber attacks or issues post conflict. There was also a loud army of doubters, with many believing a civilian effort would provide little to the war effort, and the resources would be better spent furthering the capabilities of the military. However Ukraine reached for the stars and persisted, providing structure and splitting the army into offensive and defensive sides aiming to leverage operations across all spectrum’s of the cyber domain.
In the defensive arena the call to action came immediately with a bounty placed on IP cameras within the country. These cameras provided the enemy with a chance to gather covert intelligence and urgently needed securing. The defensive arm of the IT Army responded, identifying and securing dozens of cameras within the country denying their value to the enemy and showing that the concept was indeed, not only valid, but extremely useful. This effort was extended in 2023, when the decision was made to deny the enemy intelligence on Air Defense systems operating around Kyiv.
The defensive arm of IT ARMY continues to work in the shadows today, silently identifying and securing assets and providing one of the first lines of defense against vulnerable and exposed devices.
Not to be outdone, the offensive arm was to now have their time to shine, and this came on the 28th of February 2022, shortly after the initial invasion. This was a day of success for IT ARMY, with multiple targets struck on the same day.
The first attack was in the morning on the 28th of February 2022 on the Moscow Stock Exchange. IT ARMY hackers attacked the main financial hub of the aggressor and denied them it’s use, achieving success in mere minutes and proving to the world that the IT ARMY had not only arrived, but was more than willing and able to deny the enemy use of essential resources.
To prove this was no coincidence a second attack was launched on the same day with a coordinated attack on Sberbank, another vital piece in the enemy’s financial hub. This Denial of Service attack was also successful, knocking the website offline and bringing financial transactions to a crawl. Sberbank has continued to receive regular attention from IT ARMY hackers, with traffic from one attack in May 2022 being measured at over 450gb/s with traffic levels continuing to rise impressively as the war progressed.
Why It Matters & How it Works:
IT ARMY brings many things to the electronic battlefield, however two things have become very apparent during it’s operational history.
Firstly the decentralized nature that was perceived as a weakness at the start has turned out to be it’s strength. This decentralization provides resilience and a robust structure, allowing the effective planning and gathering of operations in a distributed manner, making it far harder to apply effective disruption strategies as a counter. It also provides an effective counter balance to Russian Intelligence and disinformation on social media, which has been too loud for too long. The disruption of this voice is an essential part of maintaining an edge in the information war.
Secondly due to the nature of this disbursement we see a large variety of skill sets added to the mixture, with professional hackers, networking specialists and other cyber disciplines adding their experience and providing a large pool of specialized cyber resources to draw on. These varied skill sets have been a huge asset to IT ARMY, giving the organization the ability to streamline it’s operations and capitalize on all available resources.
One of the most visible parts of this transformation is the ability for IT ARMY to leverage all resources provided to it. This is achieved by providing specialized software packages along with tutorials and information about how to use, giving anyone anywhere the ability to download the software and join IT ARMY operations against the occupier. This means that rather than relying on sheer computing power to provide the muscle behind attacks, that even a small computer like a Raspberry Pi type system carries significant weight due to it acting as a node in a distributed network with many other nodes.
And this is why IT ARMY matters. These distributed nodes provide strength and resilience to the network, as well as a force multiplier effect with regards to their battlefield impact. More importantly, they provide a way of grinding down the aggressor, slowing or disrupting the banking, transportation and information services that are essential for the Russian Federation to continue it’s illegal war of aggression against the Ukrainian people.
I’ve Heard Enough: Can I Join The Fight?
If you’re reading this and you’re intrigued then good, because this is your call to action. Yes you can join the fight, and more importantly, you don’t have to be a hacker or technology expert to contribute. Becoming an operational member of IT ARMY is no harder than installing and running software. The hard work is done behind the scenes, with the software doing the heavy lifting with regards to management and organization.
Before we give you the steps you’ll need to complete this, it’s important to remember one thing. In this information war there is a large array of disinformation designed to blur the lines around the information space. Because of this IT ARMY fakes are everywhere. When you’re joining, ensure you are joining via direct links and cross check to ensure you are joining official information sources only.
Step 1: Communicate
To join IT ARMY operations you’ll first need to join the team to find resources and support for your system. IT ARMY uses Telegram and X to communicate.
There’s also an official IT ARMY Telegram chat that’s used for communication purposes. Find the details on the Telegram feed we provided.
Step 2: Applying Resources
Once you’ve joined the official sources you’ll need resources to delegate. An assortment of useful resources are available on the IT ARMY Git hub page. This page hosts Automatic DDOS Server Starter, also known as ADSS. ADSS is a key component in both coordinating attacks and keeping resources dedicated to the defense of Ukraine. ADSS is not capable of attacking systems outside of this scope, providing peace of mind that all resources are used appropriately. It’s a simple shell script that works with most typical Linux installs.
Resources for Windows and MacOS also exist. These are best found at the official IT ARMY website which you can find via this link. It’s best to run these on a Virtual Private Server and the website has a walk through on how to establish your system to support the fight. There’s additional Linux resources there as well, which means that you’ll be able to find software that’s supported by your system, regardless of which OS you’re using.
Step 3: Monitor and Support
Once your resources are established, you’re effectively contributing to the fight. All you’ll need to do is monitor your install and ensure everything continues to operate effectively. The system software is very good, and will alert you to any configuration or connection issues you may face. Should you come across any unknown issues however, it’s important to report these as optimization of the software is essential for best performance.
If you need additional support resources, IT ARMY has a telegram bot that will enable you to work through any issues. There’s also another bot that provides something extremely interesting. If you message the stats bot via this link you’ll receive an ID number to add to your configuration file. This number will allow you to track your performance stats, giving a clear benchmark that shows your contribution. It’s a unique way of showing that everyone’s contribution, no matter how small, can assist in repelling the invader.
I Can’t Fight. But I Want To Help:
If you can’t join the fight but still want to contribute then we’ve also got ways in which you can do this.
Firstly IT ARMY thrives on all contributions not just some. If you have experience in media relations, content creation or other useful skills then you can assist by donating your time by sharing or creating media material to assist in building exposure. Reach out to IT Army directly to discuss these roles.
You can also nominate targets of opportunity to IT Army by reporting them directly. This allows them to be assessed and subsequently attacked should this be warranted. IT Army have streamlined this process so all can contribute, with multiple methods of reporting exposed targets.
You can nominate directly via the website OR
Nominate targets via this telegram bot.
Regardless of your circumstance, experience or commitment level you can directly contribute to this collective, crowd sourced defense role. Be on the right side of history and join the Ukrainian people in their fight for Democracy, Independence and Stability. Give Ukraine the resources they need to defeat the aggressor and know you stood for what matters, when it mattered.
In the fight against persecution, bandwidth, connectivity and commitment are as important as ATACMS, F-16 and HIMARS. Remember to like and share to bring maximum exposure to our content and keep positive information flowing into cyberspace.
And don’t forget to follow, so you don’t miss out on our next articles which will give a step by step walk through on configuring your specific Operating System to support IT ARMY operations. Mac or Windows, we’ve got you covered so stay tuned.