How Ukrainian Cyber Army Was Created

CyberUnit.Tech
9 min readJul 5, 2022

--

Spy and Sabotage Groups Uncovered

Origins of the Ukrainian Cyber Army

If you don’t fight evil, you support it. There can be no shades of grey. Our fight is black and white. On February 24, CyberUnit.Tech was the first to fight evil when the entire world thought Ukraine had no chance and was about to fall.

This article came to be as a response to the many questions we get every day regarding the Ukrainian cyber volunteer movement. Stefan Soesanto in his ETH Zurich report made a great amount of research on the IT Army telegram group. We do not have the same insight into the IT Army telegram channel as Mr. Soesanto as we have limited visibility and understanding of their group.

Here, we explain the origins of the Ukrainian cyber army, a decentralized volunteer movement of cyber warriors and its current status. We do so as the original voice of defending Ukraine territorial integrity in the cyber field.

Here is an important point of the story: no amount of discussion by researchers or observers will fully solve ambiguousness around the Ukrainian volunteer cyber army movement because there is no central control tower, and the movement is fully decentralized around repealing the Russian invader from the Ukrainian territory.

Introduction: Too Long Didn’t Read Version

  1. The idea of a Ukrainian volunteer cyber army was started by Yegor Aushev/CyberUnit.Tech on February 24, 2022. The cyber army is an initiative, a system of defense against an invader. The idea organically grew through a fully decentralized mobilization of IT volunteers.
  2. Ukraine is a land of freedom and highly skilled IT professionals. Each member will use their skills in whatever method they feel is best to fight the enemy.
  3. The IT Army telegram group started by the Ministry of Digital Transformation has played a great role in the cyber war, inspiring the world and letting Ukrainians know that they can be part of a force fighting the invaders. The IT Army telegram channel is not the representative of the government nor the representative of the overall Ukrainian cyber army movement. It is an open telegram group for volunteers.
  4. The Ukrainian cyber army movement is fully decentralized, with no single point of control. The Ukrainian military structures only take care of their own operations.
  5. All groups within the cyber army are fully self-organized and independent, purely on a volunteer basis. It is not necessary to attempt to link the Ukrainian government structures to the volunteer cyber army groups because they do not take orders from the Ukrainian military. At most, the results of volunteer work can be passed to relevant government structures.

Part 1: Meaning of Freedom

Freedom takes a special meaning for Ukrainians. Arguably, it is the most valuable thing in the minds of the Ukrainian collective as the search for freedom is embedded at every level of the society and this mindset has been significantly strengthened once the people were freed from the shackles of Soviet education, especially for those born after the 1980s.

Despite being a grand chessboard of different empires and national interests, such as the Astro-Hungarian Empire and the Polish-Lithuanian commonwealth, Ukraine nevertheless built its own identity despite finally becoming an independent nation only recently. In the 20th century, it can be said that the Soviet Union forcefully coerced Ukraine by conquering it after the latter’s independence declaration in 1918. As such, Ukrainian identity and freedom was minimized under cultural repression and the Soviet education system.

Comparatively with Russia, which relies historically on “strong men” and hence authoritarianism, Ukraine today is a liberty loving, grassroots led society (in general of course, the exceptions mostly being a minority of individuals over 50 years old, who grew up and were educated in the Soviet Union).

With comparatively weak state institutions as a feature of social and political life, Ukrainians today will never accept being coerced by the state into an unacceptable position for the collective, which is partially a reason for the “color revolutions”. The result of this is simple: while Russia can coerce certain groups to forcefully work for the state, in an official or non-official (grey) manner similar to the tactics used in Soviet Union, in Ukraine this is impossible due to the grassroots and liberty-loving nature of Ukrainian people as well as a certain distrust of state institutions and their intentions.

An idea of cooperation between various independent communities/grassroots groups and the government in the cyber field is revolutionary in nature in the Ukrainian context. We can thus say that the volunteer cyber army in Ukraine can only be voluntary and decentralized in nature, with no direct orders from the government.

Part 2: Tech Scene in Ukraine

The new generation of Ukrainians is a land of tech entrepreneurs. Ukraine has a strong legacy in math & science as well as a large number of fresh university graduates every year. For them, tech companies are the fastest way to a high-quality, comfortable life. High salaries, large variety of both local and international companies have made the field attractive, Ukraine has at least 250-280 000+ active IT engineers, with companies such as Facebook, Google, and Samsung hiring thousands of engineers for their R&D centers in the country.

As a result, Ukraine has a large pool of skilled IT professionals as candidates for participating in defense of Ukraine in the cyber field. In a situation when freedom and democracy in Ukraine must be defended, all the right conditions are present for a grassroots, decentralized organization of IT professionals, who wish to use their skills for the defense of their country.

Part 3: Cyber Army Creation Roots

Prior to the start of the war, CyberUnit.Tech proposed to organize volunteer IT groups to protect the country in case Russia attacks. This idea has been picked up at all levels of the society in Ukraine, from Parliament MP’s to the Ministry of Defense and various IT communities. In reality, this was still just a concept when the war broke out. The cybersecurity strategy and its implementation plan became controlled by the Ukrainian NDSC according to the Presidential Decree on February 1, 2022.

УКАЗ ПРЕЗИДЕНТА УКРАЇНИ №37/2022 — Офіційне інтернет-представництво Президента України (president.gov.ua)

On February 24, 2022 Yegor Aushev, CEO of CyberUnit.Tech, made a call for cyber volunteers to defend Ukraine in the cyber space. In the initial days, the group consisted of around 100 vetted IT professionals from the Ukrainian security community, later this number grew to around 1000 professionals. The goal was twofold:

-create a decentralized network of volunteers to defend Ukraine and civilian lives through the cyber space and

-to create a model cyber army system for the Government of Ukraine, which the latter can use to scale its internal cyber defense capabilities in future.

On February 26 2022, Mykhailo Fedorov, the Minister of Digital Transformation, made a call for a cyber volunteer mobilization to defend Ukraine in the cyber world. He announced the creation of IT Army decentralized group, which attracted great amount of attention, positively highlighting the Ukrainian struggle and the importance of cyber defense. Thanks to the IT army telegram channel, every Ukrainian or a foreigner who has a smartphone or a computer felt that they can contribute to the fight against the invaders. The IT army greatly contributed to the morale of the country, letting people know they can contribute with whatever way they can.

Each decentralized group maintains its own set of objectives and methods of fulfilling them. Activities among various Ukrainian cyber army groups generally fall into four categories: defensive, analytics, intelligence gathering, and offensive activities.

Part 4: Characteristics of Ukrainian Cyber Army

The cyber army control tower doesn’t and cannot exist. No one can control who is or who is not part of Ukrainian cyber army. Once the objectives of repelling the invader are complete, the concept will lose its meaning and the decentralized volunteer cyber army will automatically disband, with people going back to their regular life activities.

Is there an international element with foreign citizens participating? In a cyber war environment, no one can stop private citizens from acting according to their own will either on Ukrainian or Russian side. Cyber warfare is complex and can involve many aspects: intelligence gathering, analysis, offensive operations, and media operations such as propaganda and disinformation. There is a large amount of OSINT accounts, which may track heavy weaponry, troop movements, or events. Such accounts may often directly participate in the cyber warfare by providing intelligence regarding troops on the ground, help correct artillery fire location, or directly impact morale of the enemy. It is impossible to track every single individual or group, their allegiance (whether Pro-Ukrainian, Pro-Russian, or officially neutral) or impact during the war.

Overall, the groups in the cyber army movement may be private or public. However, real work which may be of direct interest to the Ukrainian military will always be secret. For example, a DDOS attack is of little strategic value to the Ukrainian military. Just as in the real world, with access to increasingly valuable work and information, closed (private) volunteer groups proceed with their own member vetting.

Part 5: CyberUnit.Tech’s Participation in defense of Ukraine

CyberUnit.Tech’s participation came at the request of an official at the Ukrainian Ministry of Defense to the CEO, Dr. Yegor Aushev. This is due to the fact that Yegor Aushev has participated actively in the cybersecurity reforms in the country since 2017, being a member of various working groups and co-authoring several policy papers, such as “the Green Book” on the necessary legislative reforms in Ukraine together with USAID, as well as a pilot bug bounty program for critical infrastructure in Ukraine together with the Ukrainian NSDC in 2021.

Overall, just in 2021, CyberUnit.Tech trained more than 800 Ukrainian IT experts from 30+ Ukrainian state organizations related to critical infrastructure in Ukraine as a preparation for defending Ukraine in conditions of cyber warfare. The work was done with international partners such as CRDF Global and Ukrainian NDSC.

CyberUnit.Tech’s cyber army group consists of vetted Ukrainian IT professionals with a strong security background. An elite skilled core executes the most strategic objectives of the group, particularly in defense of infrastructure and intelligence. Most activities are defensive in nature and are done on Ukrainian territory. The volunteer group remains fully independent while coordinating its activities with the government.

Operations are of strategic nature to the Ukrainian military and intelligence agencies — all results are transferred to the relevant government entities with a focus to have an impact on the ground as well as save civilian lives. As an example of operations in the early days of the war, CyberUnit.Tech worked with a Ukrainian bank to find and track Russian sabotage and spy groups using ATM and card usage. Hundreds of sabotage groups were located, with dozens neutralized by the Ukrainian security forces.

Conclusion and Future Cyber Armies

The concept of a volunteer cyber army defending sovereign territory is not new . We will analyze the implications of population mobilization in the cyber world and whether it may or may not constitute another form of public-private partnership in future articles. The fact is, all modern states do not yet have the sufficient ability to protect themselves from attacks in a cyber war and will need the cooperation of their IT population.

Yet, to build an effective volunteer cyber army, many elements must be in place, such as a skilled IT professional population and most of all an unwavering motivation and will to fight, without which any initiative will quickly run out of steam, as money is an insufficient motivator. Thus, the creation of a Ukrainian cyber army may not inevitably bring wide-ranging implications as it is not guaranteed that other states can replicate the extremely rapid mobilization of IT professionals similar to Ukraine.

It is impossible to exclude that the format in which the Ukrainian cyber army appeared as a collection of decentralized groups fighting for one cause, to repeal the invader from the territory of a sovereign state, will be a unique occurrence.

We must remember that states have not yet agreed to a consensus on nature of digital information as property as part of a conventional war, which presents certain grey zone advantages to conducting cyber warfare activities. States might actively work towards “institutionalization” of the cyber population with valuable security/IT skills, eventually leading to creation of cyber reserve forces, legal frameworks, and training programs.

--

--

CyberUnit.Tech

People focused security. We lead, we don’t follow. At the forefront of strategy.