Prior to the Russian invasion on February 24^th, the IT industry and tech startups had been flourishing in Ukraine. However, there was no cybersecurity force in the Ukrainian military that was solely devoted to offensive or defensive operations.^[12] Nonetheless, since Russia’s occupation of Crimea in 2014 through the present time, information security has been increasing in importance. Yegor Aushev, co-founder of Cyber Unit Technologies in Kyiv, issued a request for help on the 24^th of February.^[13] Aushev asked volunteers to aid in protecting Ukraine’s critical infrastructure and conduct digital espionage operations on invading forces at the behest of the Defense Ministry.^[14] Volunteers were vetted and they were asked to include their specialties and references on their application.^[15] “Volunteers were asked how many years’ experience they have in 12 specific areas, ranging from open source intelligence gathering and social engineering to malware development and DDoS operations. Those signing up were also asked to provide the name of a trusted reference who could vouch for their credibility.”^[16] The Ukrainian government is part of this mission. “The IT Army has had a relatively public presence since last weekend when Mykhailo Fedorov, a Ukrainian deputy prime minister in charge of digital transition, made a public appeal to Ukraine’s tech workers to join a Telegram channel called the “IT Army of Ukraine,” which had more than 280,000 subscribers as of Friday.”^[17] A volunteer unit — led by the Ukrainian government during war – has been characterized as an innovative development.^[18]

Ukraine’s IT Army is on the offensive and acting out of self-defense as well. “Beyond striking back at Moscow, Aushev said his team would help Ukraine’s military hunt down undercover Russian units invading cities and towns. He said his group had discovered a way to use cellphone tracking technology to identify and locate undercover Russian military units moving through the country, but declined to provide details.”^[19] Volunteers are explicitly aiding the military. “The IT Army will likely take on defensive tasks to free up Ukraine’s government hackers.”^[20] The number of unpaid workers has created an advantage for Ukraine. “And what some officials believe here in the U.S. is that what’s happening is because the Russian hacking teams are having to defend so much, it’s sort of making it harder for them to do any sort of offensive operations against Ukraine that they might have otherwise planned to do.”^[21]

In addition to tracking and playing defense, the volunteers are launching attacks as well. On February 26, 2022, Ukrainian Vice Prime Minister called on the IT Army to take down 31 Russian government, banking, and corporate websites.^[22] DDoS attacks have continued to be successful. “The channel’s administrators, for instance, asked subscribers to launch Distributed Denial of Service attacks against more than 25 Russian websites. These included Russian infrastructure businesses, such as energy giant Gazprom, the country’s banks, and official government websites. Websites belonging to the Russian Ministry of Defense, the Kremlin, and communications regulator Roskamnadzor were also listed as potential targets. Russian news websites followed.”^[23] Ukraine has benefited from these disruptions and distractions. “The IT Army targeted the websites of several Russian banks, the Russian power grid and railway system, and have launched widespread DDoS attacks against other targets of strategic importance. The bulk of Ukrainian cyberpower appears to be stemming from the IT Army.”^[24] The IT Army has been a valuable addition to Ukraine’s wartime efforts by attacking Russian infrastructure. In addition to DDoS attacks, the IT Army has countered Russia’s misinformation campaign.

Historically, Russia’s playbook includes misleading information, and the war against Ukraine is no different. “As Russia continues to spread misinformation about the purpose of its presence in Ukraine, leaks along these lines could be a powerful antidote, undermining domestic support for the war and providing a basis for other countries to hold Russia accountable for its diplomatic and military actions. In addition, DDoS attacks may affect public opinion in Russia. A steady stream of inconveniences and disruptions will likely increase Russians’ discontent with the war.”^[25] The IT Army is devoting its time and resources to dispelling the myth that Ukraine is committing genocide against Russians in the Donbas region. “Perhaps the most significant impact the hacktivists could have is damaging Russia’s reputation both domestically and internationally as well as undermining its misinformation narratives by leaking data from Russian organizations.”^[26]

While the IT Army has been effective, Russia’s cyber forces have been able to perpetrate attacks. Russia launched DDoS attacks in early February 2022 on banking and defense websites.^[27] Not all of Russia’s attacks have been successful. “Moscow conducted more cyberattacks than was realized at the time to bolster its invasion, but more than two-thirds of them failed.”^[28] There are many reasons for the failures. “But many of the attacks were thwarted, or there was enough redundancy built into the Ukrainian networks that the efforts did little damage. The result, Mr. Smith said, is that the attacks have been underreported.”^[29] Help came from outside Ukraine as well. “It indicated that Ukraine was well prepared to fend off cyberattacks, after having endured them for many years. That was at least in part because of a well-established system of warnings from private-sector companies, including Microsoft and Google, and preparations that included moving much of Ukraine’s most important systems to the cloud, onto servers outside Ukraine.”^[30] As the war grinds on, this unique partnership is likely to be beneficial to Ukraine.Nonetheless