Members of the loosely connected collective known as Anonymous are known to wear Guy Fawkes masks in public.
Jakub Porzycki Nurfoto Getty Images
Continued efforts by underground hacktivists known as Anonymous are an “embarrassment” to Russia and its cyber security technology.
This is according to Jeremiah Fowler, co-founder of cybersecurity company Security Discovery, which has been monitoring the hacker collective since it declared “cyber war” on Russia to attack Ukraine.
“Anonymous has shown that Russia’s government and civilian cyber defenses are weak,” he told CNBC. “The group has obfuscated Russia’s cyber capabilities and successfully embarrassed Russian companies, government agencies, energy companies and others.”
“The country may have had an ‘iron curtain’,” he said, “but judging by the volume of attacks carried out by the online hacker army, it looks like a ‘paper curtain’.”
The Russian embassies in Singapore and London did not immediately respond to CNBC’s requests for comment.
Although missile strikes are making more headlines these days, Anonymous and its affiliates are not losing steam, said Fowler, who summarized several of the group’s claims against Russia in a report published Friday.
CNBC grouped anonymous claims into six categories, Which Fowler Helped Rank in Order of Effectiveness:
1. Hacking into databases
- Members of the Russian military, Central Bank of Russia, space agency Roscosmos, oil and gas companies (Gazregion, Gazprom, Technotec), asset management company Sawatzky, broadcaster VGTRK, IT company NPO VS, law firms and more
- Deface and delete hacked files
Anonymous claims to have hacked 2,500 Russian and Belarusian sites, Fowler said. In some cases, the stolen data was leaked online, he said, taking years to review on such a large scale.
“The biggest development will be the overall greater number of records taken, encrypted or dumped online,” Fowler said.
The amount of information that has been deleted is difficult to ascertain, Jeremiah Fowler said. “We may never know the actual number of records that have been deleted or destroyed.”
Pashaignatov Istock | Getty Images
Shmuel Gihon, a security researcher at threat intelligence company Cyberint, agreed that the amount of leaked data was “enormous”.
“We don’t even know what to do with all this information right now, because it’s something we didn’t expect in such a short period of time,” he said.
2. Targeting companies that continue to do business in Russia
In late March, a Twitter account called @YourAnonTV began posting logos of companies allegedly still doing business in Russia, with one post issuing an ultimatum to get out of Russia in 48 hours “or you will be our target.”
By targeting these companies, hacktivists are raising the financial stakes for continuing to operate in Russia.
“By accessing their data or disrupting their business, [companies] A lot more risk than a loss of sales and some negative PR,” Fowler said.
3. Blocking websites
Distributed Denial of Service (DDoS) attacks work by flooding a website with enough traffic to knock the website offline. A basic way to defend against them is “geolocation blocking” of foreign IP addresses. By hacking into Russian servers, Anonymous allegedly circumvented those defense mechanisms, Fowler said.
“Owners of hacked servers are often unaware that their resources are being used to launch attacks on other servers. [and] websites,” he said.
Contrary to popular opinion, DDoS attacks are more than minor inconveniences, Fowler said.
“During an attack, critical applications become unavailable [and] Operations and productivity have come to a complete standstill,” he said. “There is a financial and operational impact when services that the government and the general public rely on are unavailable.”
4. Training of new recruits
- Training people how to launch DDoS attacks and mask their identity
- Providing cyber security assistance to Ukraine
Training new recruits allowed Anonymous to expand its reach, brand name and capabilities, Fowler said.
People wanted to get involved, but didn’t know how, he said. Benami has filled the void by training low-level artists to perform basic tasks, he said.
This allowed skilled hackers to launch more advanced attacks, such as NB65, a hacking group affiliated with Anonymous. who made the claim on Twitter this month Domain, used “Russian ransomware” to take control of email servers and workstations at a manufacturing plant operated by the Russian power company Leningradsky Metallichesky Zavod.
LMZ did not immediately respond to CNBC’s request for comment.
“Just like in sports, the pros get the World Cup and the amateurs get the smaller fields, but everybody plays,” Fowler said.
5. Hijacking media and streaming services
- Showing censored images and messages on television broadcastsSuch as Russia-24, Channel One, Moscow 24, Wink and Ivi
- Attacks spiked around national holidays, including Russia’s “Victory Day” (May 9) and Ukraine’s “Constitution Day” (June 28), hacking Russian video platform RuTube and smart TV channel listings at Russia’s real estate federal agency Rosreestr.
As of today’s publication date, Rosreestr’s website is down. Jeremiah Fowler said it may have been taken offline by Russia to protect internal data after it was hacked. “Russian journalists have often used data from Rosreestr to track the luxury assets of officials.”
The strategy aims to directly undermine Russian censorship of the war, but Fowler said the messages only resonate with “those who want to listen.”
Those Russian citizens may already be using a VPN to bypass Russian censors; Others have been imprisoned or are choosing to leave Russia.
Among those leaving Russia are the “uber rich” – some of whom are departing for Dubai – With professionals working in journalism, technology, legal and consulting.
6. To reach out directly to the Russians
- Hacking into printers and altering grocery store receipts to print anti-war and pro-Ukrainian messages
- Sending millions of calls, emails and text messages to Russian citizens
- Sending messages to users on the Russian social networking site VK
Of all the strategies, “it’s the most creatively sticky,” Fowler said, though he said he believes these efforts are dying out.
Fowler said his investigation has so far uncovered no reason to doubt the anonymous claims.
“Not only are the methods Anonymous used against Russia highly disruptive and effective, they have rewritten the rules of how modern crowdsourced cyberwarfare is conducted,” Fowler said.
Information gleaned from a database breach can show criminal activity and “who pulls the strings and where the money goes,” he said.
However, most of the information is in Russian, Gihon said. He said cyber experts, governments, hacktivists and everyday enthusiasts will be able to wade through the data, but it won’t be the way most people think.
Fowler said that while Anonymous has received public support for its efforts against Russia, “hacking or hacktivism has never been looked upon fondly by the law enforcement and cybersecurity community.”
Bill Hinton | Paul Mobile Getty Images
Gihon also said he doesn’t believe criminal charges are likely.
“Many of the people they deal with are sponsored by the Russian government,” he said. “I don’t see how these people are caught any time soon.”
However, leaks build on each other, Gihon said.
Fowler echoed that sentiment, saying that once a network is infiltrated, systems can “fall like dominoes.”
Hackers also often piggyback on each other’s leaks, a situation Gihon calls the “bread and butter” of their way of working.
“This could be the start of a big campaign that will come later,” he said.
A more immediate consequence of the hacks, Fowler and Gihon agreed, is the revelation that Russia’s cybersecurity defenses are much weaker than previously thought. However, Gihon said Russia’s offensive cyber capabilities are strong.
“We expected to see more force from the Russian government,” Gihon said, “at least when it comes to their strategic assets, such as banks and TV channels, and especially government agencies.”
The anonymity has pulled back the curtain on Russia’s cybersecurity practices, Fowler said, which is “both embarrassing and frustrating for the Kremlin.”