A day in the life of a Ukraine cyber soldier

Vladimir Putin’s decision to invade Ukraine on February 24 prompted many to volunteer their skills and resources in defense of Russia’s smaller neighbor. But not all are fighting in the conventional field, with Anonymous and other hacktivist groups leading the charge in the cyberwar against Russian propaganda outlets and other key infrastructure.

One such effort is being jointly conducted by cybersecurity firms Hacken and disBalancer. But with many of their employees coming from Ukraine, these companies have more at stake than most. Within days of Russia’s invasion, they launched a specialized app that allows ordinary unskilled civilians to participate in orchestrated denial-of-service attacks on Kremlin-backed websites. Since then, the app has evolved to become known as Liberator, with the stated aim of bringing about “fatality for Russian propaganda.”

I sat down with one of Liberator’s architects to discuss the ongoing cyberwar with Russia, his hopes for the future, and how he feels about the contribution his small but dedicated team is making to the conflict. Owing to security concerns, he cannot be named.

Where are you based currently?

I’m moving around from time to time. Currently, I'm in Portugal, but I don't want to stay too long in one place.

Tell me how it's going with the Liberator app. You now have the aim of launching 100,000 distributed denial of service (DDos) attacks at the same time?

We have 7,000 people online every day. Somebody joins, somebody leaves. We have a target that more than 100,000 people download and launch it at the same time. For new attacks, we have a coordinator from the Ministry of Digital Transformation and the Ministry of Internal Affairs. They share targets with us, and we work with them directly, and of course, the cyber police. Also, we have four or five developers updating the tool to make it better and better every day. Three of them are volunteers. It's hard work because we are attacking [and the Russians] are protecting. It's like a game.

So it’s constantly evolving?

Yeah. Every day they are looking for ways to block us, and we are looking for ways to bypass them.

How many hours a day are you and the volunteers working on this?

We are not pushing volunteers, they are working when they want. But the core team right now is working really hard, some guys are even putting in 16 hours a day. We are trying not to push the guys, but this is their motivation, you know? I can't just sit or sleep, I need to work – because we see it as a war. You can't just read the news all the time because your mind will explode. It's better to work.

And with the volunteers, are they from Ukraine only – or do you get people from other countries as well, specialists like yourself?

We have volunteers who are not from Ukraine, but the developers are all Ukrainian. We are still looking for more hands, but it's really hard to check their skills, and you can't do that for everybody – it's code that could be used wrongly, [so] we’re trying to find the right guys for the developer’s team. We are still looking for GO developers and Java developers – maybe you know somebody! [laughs]

I'll put the word out! As well as knowing the computer languages, do recruits need to know the Russian cyrillic alphabet so they understand which websites to target?

Yes, of course. Our main targets are Russian propaganda websites and [other digital] resources. Because we think if people can't access those websites, they will try to find information on other ones, so we hope they will find the truth and not only fake news. There are also strategic resources provided to us by our military forces in Ukraine and the Ministry of Digital Transformation, so we are working on those targets as well. But for our team, the targets are mainly propaganda websites.

So I take it the ministry provides you with tip-offs? Could you tell me a bit more about how the collaboration between you works without compromising anything?

I can share some information. There are four teams working on the cyberwar. There is a DDos Team – like disBalancer and other groups in Ukraine – and an Intelligence Team, guys who are looking for sensitive information, researching new resources, collecting them, and listing them [as targets] according to priority. There is a Red Team like Anonymous attacking websites, trying to hunt them down and extract sensitive information. Also, there is a Blue Team: those guys are looking for vulnerabilities in Ukrainian websites and trying to fix them. Because it's very important to protect our resources as well.

And in terms of the targets, we've always known about the Russian state-controlled media outlets, but in addition to those big groups, there are at least 1,300 websites all over the Russian Federation feeding propaganda to the people. They are quite devious, set up as shell websites that pretend to be local news outlets. As far as we know, this has been going on for about a decade. Are these smaller websites targets as well, or are you mainly going for the big organizations like Russia Today?

We are looking for the most viewed websites, you know? Because we think that these are the most important targets. Now we are looking for a way to multiply our attacks on websites because we still have that target for the number we can DDos at the same time. And the way DDos works is that when you stop doing it, the websites are back up and running again after a few minutes or hours. So we need to take them down as often as we can. There are smaller websites that never come back up after you DDos them, [but] our main [attack] vector is the Russian government and big media.

What about key infrastructure – do you target those installations as well?

Yes [but] it's difficult. We don’t work on infrastructure without coordination from our guys at the ministry. Because for all we know, maybe some Red Team guys are working at this moment on those websites, and we could compromise their work. So we are working with coordination only for infrastructure – we have to communicate regularly.

So as with a conventional military force, the strategy has to be clearly coordinated between units?


With the reported atrocities getting worse, it feels like we are approaching a total war phase – will there come a point where you decide that nothing is off-limits? Some people are already saying that everyone in Russia has to pay for the war... Do you agree with that? Will you start targeting civilians in Russia?

In my opinion, we are better than them. Our point is not to make people’s lives harder. Our idea is to find a way to tell the truth to these people. Because not all of them are killers, and not all of them want to kill Ukrainians. But they are in a room without windows, they are blocked from the whole world, and they are reading only what news they can. Our target is not normal people – our target is the infrastructure that is making their lives worse.

So it's vital that you keep what one might call the moral high ground?

Yes. We are defending ourselves, some guys from our core team are now fighting in Ukraine with the military, and even they don't think to fight with Russia on Russian territory – we are just protecting our lands. Because on our lands we have rights. It's our home, we must protect it. But we don't want to take other lands and houses and burn them! We are not the same [as the Russians].

Sadly, I have seen people in the West falling for Kremlin disinformation, saying that our own governments are lying to us, but that they believe the propaganda about fascism in Ukraine. What would you say to those Westerners?

I would recommend that they read information from different sources, and not only from their [social media] influencers. We live in a globalized world, it's not the Cold War when you could read news only from your own country. Open the internet, use a VPN... you can find a lot of information. The whole world can't lie to you.

How much of a difference do you believe that you and others like you are making?

I think that we are doing a good job. I don't feel myself to be a “cyber terrorist”, as some Russian propaganda is saying. We are making the world better. And also, we can't DDos websites with only our team, there are a lot of people supporting us. We are only choosing the direction – but if you don't want to DDos Russian websites, you don't have to join us. But the people who do, they think that we are doing the right thing. We have support!

Just as the Kremlin underestimated the level of Ukrainian resistance, it seems also many people overestimated Russia's capabilities, and its military is not as all-powerful as previously feared. Something similar seems to have transpired in the cyber dimension. Before the outbreak of full hostilities, you had all these Russian-backed ransomware groups, REvil and Conti and so on, and it was thought Russia's cyberwar capabilities would be very strong. But so far those too appear to be less effective than expected. What is your take on that?

A lot of Russian hacker groups have Ukrainians in them. A lot of even the biggest Russian hacker groups are supporting Ukraine, not Russia. Of course there are some guys who still support Russia, and we're fighting them as well: every day those guys are trying to hack our websites, our network. So they are looking for us, but we are ready! But not everybody supports them, and that’s why Russian forces in the cyber sphere are not so strong.

In closing, could you tell us in your own words what your part in this struggle means to you?

Not everybody needs to join the military. Because you can help not only on the battlefield. You can help with sharing information as a marketing specialist with social media, you can help protect our websites if you're a cybersecurity expert, you can help if you are a teacher, [with] children left without a home and parents. Everybody can help. If you want to, you will find a way to support our country and stop the Russians. So I urge people: try to help, and do the best that you can.

Qualified cybersecurity specialists who wish to help the Hacken and disBalancer developers team should email [email protected]