Inside Ukraine-Russia cyber warfare: Information hacking and leaking is ‘weaponised’ to unhinge the enemy

Inside Ukraine-Russia cyber warfare: Information hacking and leaking is ‘weaponised’ to unhinge the enemy


Names, birthdays, passport numbers, job titles – the personal information goes on for pages and looks like any typical data breach. But this data set is very different. It allegedly contains the personal information of 1,600 Russian troops who served in Bucha, a Ukrainian city devastated during Russia’s war and the scene of multiple potential war crimes.

The data set is not the only one. Another allegedly contains the names and contact details of 620 Russian spies who are registered to work at the Moscow office of the FSB, the country’s main security agency. Neither set of information was published by hackers.

Instead, they were put online by Ukraine’s intelligence services, with all the names and details freely available to anyone online. “Every European should know their names,” Ukrainian officials wrote in a Facebook post as they published the data.

Since Russian troops crossed Ukraine’s borders at the end of February, colossal amounts of information about the Russian state and its activities have been made public. The data offers unparalleled glimpses into closed-off private institutions, and it may be a gold mine for investigators, from journalists to those tasked with investigating war crimes.

Broadly, the data comes in two flavors: information published proactively by Ukrainian authorities or their allies, and information obtained by hacktivists. Hundreds of gigabytes of files and millions of emails have been made public.

“Both sides in this conflict are very good at information operations,” says Philip Ingram, a former colonel in British military intelligence.

“The Russians are quite blatant about the lies that they’ll tell,” he adds. Since the war started, Russian disinformation has been consistently debunked. Ingram says Ukraine has to be more tactical with the information it publishes. “They have to make sure that what they’re putting out is credible and they’re not caught out telling lies in a way that would embarrass them or embarrass their international partners.”

Both the lists of alleged FSB officers and Russian troops were published online by Ukraine’s Central Intelligence Agency at the end of March and start of April, respectively. While Wired has not been able to verify the accuracy of the data – and Ukrainian cybersecurity officials did not respond to a request for comment – Aric Toler, from investigative outlet Bellingcat, tweeted that the FSB details appear to have been combined from previous leaks and open-source information. It is unclear how up-to-date the information is.

Regardless, it appears to be one of the first times a government has doxed thousands of military personnel in one fell swoop. Jack McDonald, a senior lecturer in war studies at King’s College London who has researched privacy in war, says that, throughout history, nations have kept lists of their opponents or tried to create them. But these have often been linked to counterinsurgency efforts and were typically not made public.

“Openly publishing such lists of your opponent, particularly at the scale that digital operations appear to allow, that seems very new,” McDonald says.

While doxing is, generally speaking, one of the most toxic online behaviors and can ruin lives, the stakes are different in war, when the gloves are essentially off. McDonald says that publishing peoples’ names and personal details during wartime is a “murky area” ethically, but that there may be justification for it when linked to a military institution or war crimes.

Violating people’s privacy is “very lowdown the list” of how someone may be harmed during conflict, McDonald says. He adds that verifying who is on a list and excluding the possibility that it contains incorrect information is important to not causing additional harm. Demonstrating the complexity of the issue, Google blocked access to a PDF of Ukraine’s alleged lists of Russian troops in Bucha because the file violated its policies against the publication of people’s private information.

Asked about the decision to block the document, Google declined to comment further.

“When you think about what comes after the war, these lists might be a big feature of it,” McDonald says. The lists – if the information they contain is accurate – may provide a starting point for investigators looking into potential war crimes in Ukraine.

For instance, a name could be linked to a photo, which is linked to a social media account or footage that places someone in a particular location or event. Each piece of information could act as a tiny piece in a much larger puzzle.

Researchers are already racing to save and archive thousands of TikToks, Telegram messages and social media posts in formats that can be used as evidence.

More immediately, the lists may be useful in other ways. “It shows the Russians that they’ve got access to it,” Ingram says. For people in Ukraine, he says, the publication of the data indicates that Ukraine’s intelligence authorities are monitoring threats against them. And internationally, the information could be useful to intelligence agencies, such as the US Central Intelligence Agency or the UK’s MI6.

“They don’t have everything,” Ingram says. “It’s always good to get information from a different source—even if you think you have it already – because what it does is it corroborates the sources that you’ve got.”

Ukraine’s use of information warfare has been lauded since Russia invaded – from President Volodymyr Zelensky’s videos to the “Ghost of Kyiv” – but it has not been the only nation actively publishing information about the war.

US and UK intelligence officials have regularly been trying to disrupt Vladimir Putin’s efforts by taking the unusual approach of declassifying information – from revealing potential false flag operations to publishing stats on Russian military losses.

“The purpose of that activity is to highlight the costs to the Russian population at home and to impose costs on individual actors,” says Jessica Brandt, a fellow at the Brookings Institution’s Center for Security, Strategy, and Technology. “But doxing, in general, makes me uncomfortable.”

And information published by global intelligence services is only the beginning. Since the war started, Ukraine has mobilised a volunteer IT Army that has targeted Russian websites and companies, aiming to take their services offline. Ukraine’s digital ministry has also become a polished war machine.

Hactivists have also been busy. In the early days of the conflict, the hacker collective Anonymous declared it was in a “cyber war” against the Russian government, and it has claimed credit for attacks that have knocked sites offline and defaced others – despite the potential for unintended consequences. This activity has led to the publication of huge volumes of information about Russian-linked businesses and government bodies.

Transparency activists at the group Distributed Denial of Secrets or DDoSecrets, have published more than a dozen data sets linked to Russia since Putin’s troops invaded Ukraine in late February.

“Putin put a target on the back of Russian interests, and they’re getting hit all at once,” DDoSecrets cofounder Emma Best wrote in a statement posted to Twitter. DDoSecrets secrets has published more than 700 gigabytes of data from the Russian government and more than three million Russian emails and documents, Best says.

DDoSecrets also claims to have published more than 360,000 files from Roskomnadzor, the Russian media regulator; 62,000 emails from an investment firm owned by a sanctioned Russian individual; 900,000 emails from VGTRK, a state-owned broadcaster; 230,000 emails from the Russian Ministry of Culture; and 250,000 emails from the Ministry of Education. The list goes on.

Best’s statement says DDoSecrets is concerned with improving transparency “where it’s lacking and to publish datasets in the public interest, regardless of its point of origin.”

‘Hack and leak’ operations are not uncommon – think of North Korea’s hack against Sony, or any number of ransomware extortions – but Russia has not often been a target of such operations. The Russian government has largely given cybercriminals based in the country a free pass as long as they don’t target companies within its borders.

Brandt says some of the information published has parallels to Russia’s own hacking and leaking of “weaponised information,” citing the 2016 DNC hack as an example.

Over time, the published files could prove to be a gold mine for researchers wanting to understand how the Russian state operates, including its approach to censorship and media control. They may also provide a blueprint for future information operations in other countries or other wars.

For now, though, they’ve exposed Russia to an unprecedented degree. “Frankly,” Best wrote, “we’ve never seen this much data out of Russia before”

  • A Wired report
About author

Your email address will not be published. Required fields are marked *