A M M E L I D L A A GIT
DI
D N A M M O C U O ? Y S D O N D A S W U O HO H T F O T S A C R CYBE
CHACR COMMENTARY // SEPTEMBER, 2023 BY: Andrew Simms, Editor, CHACR This article is a follow-up to the interview featured in the autumn issue of The British Army Review and is intended to provide readers with further insight into the structure and operations of the IT Army of Ukraine. The content is based on a conversation held with a senior representative in Kyiv.
V
IEWED through a conventional military prism, the effective, if unfamiliar, style of command and control being exercised by the IT Army of Ukraine – a voluntary unit comprising tens of thousands of anonymous, geographicallydispersed cyber operators – is deserving of admiring glances. The group’s executive team, which consists of fewer than 100 individuals, has met the considerable challenges associated with mass mobilisation with distinction, overseeing a campaign of digital missions that has already inflicted “hundreds of millions, if not billions, of dollars” worth of losses on the Russian economy.
This success has come despite the IT Army being pitched into a live conflict from a standing start last February. Although the catalytic call-to-arms for hackers to take aim at Russian cyberspace originated from Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation, those first to answer were given no official government blueprint to build from, had no existing doctrine to consult or tried and tested standard operating procedures to pore over. In sharp contrast to the dearth in direction, however, was a significant mass of domestic and international hacktivists ready to commit to supporting Ukraine’s defence, and it was this initial disparity in ‘reason’ and ‘resource’ that helped to forge the operating framework that continues to deliver digital blows to Moscow. “It definitely isn’t very hard for us to recruit numbers; the difficulty lies in managing a large group of people with different backgrounds, and quite often different motivations, to do something for the same
purpose,” Jenna, an official spokesperson for the IT Army and the executive responsible for overseeing the organisation’s strategy, told the CHACR. “When you run a voluntary body, it is practically impossible to build something as logical as a classic organisation in which people can report up and down. Voluntary organisations are more democratic and people within them tend to want more space and freedom, so you have to operate under these circumstances – to give up some control but keep things moving in the same direction. “The early response to our Telegram group accounted for around 300,000 people. It was a big thing, another means of resistance, an entirely new type of unit not seen before in the history of the world and people were curious to find out what it was and how it was going to work. Some of these people were observers rather than individuals who really wanted to actively contribute but it was clear that we needed a framework that allowed us to take advantage of this strength.
1 // CYBER COMMAND // CHACR
“This brought us to the idea of focusing on DDoS [distributed denial-of-service] attacks – of using brute force and leveraging our big number of supporters.” Having identified its modus operandi, the IT Army’s executives sat together to agree and define the group’s mission, which is published on its website and is aimed at ‘bringing Ukraine’s victory’ closer by ‘depleting the economy of the aggressor country’ through the disruption of ‘important financial, infrastructure, state services and the activities of large taxpayers’. “We understood we could be an extension of the international economic sanctions rather than cyber intruders that break into military systems, which is nearly impossible to do,” said Jenna, who stressed the IT Army is solely focused on offensive operations and does not include any defensive cyber units. “The sanctions limit Russia from moving money and making money internationally but we can cause damage internally; to take