Welcome back, my aspiring cyberwarriors!
It’s important to keep in mind that hacking skills are a kind of superpower. With these skills, you are can do good or you can do bad. That is up to you. Of course, nearly every profession faces a similar decision but your decision is even more important because “Hacking is the Most Important Skill Set of 21st Century!”.
With your skills, you can change history!
In this post, we continue our discussion of how Hackers-Arise used their skills to thwart the Russian invasion of Ukraine beginning in 2022.
Seizing the Oligarch’s Yachts
As Russia pressed into Ukraine in the early days of the war, we at Hackers-Arise began to look for pressure points to contain the Russian aggression. Having studied Russian politics and economics for decades, I realized that much of the power that Putin held was dependent upon the oligarchs. These are the people that own much of the resources of Russia (Russia’s primary exports are all raw materials like a third-world country. These include oil, copper, gold, nickel and other raw materials). These people had become very wealthy from their ties to the Communist Party leadership who had simply transferred these assets to the oligarchs (when the Soviet Union collapsed in 1991, these were state-owned resources and ownership was transferred to these select few). These men feed Putin with a portion of their income and wealth for the right to continue to operate. This is the definition of a kleptocracy.
We concluded that if we could pressure the oligarchs, they would in turn pressure Putin. At least, that was the thought process. Many of these men maintained assets outside of Russia and these should be our target. The most obvious of these assets are their multi-hundred million dollar yachts.
Our thoughts were to harass and–maybe– occupy these yachts to keep the oligarch’s from using them. Using various OSINT techniques, we were able to decipher the ownership of these yachts (very often, these yachts’ ownership is hidden by various layers of shell corporations). Once we identified the ownership, we set out to locate them.
Having identified the names of the yachts that the oligarchs owned, it became rather easy to locate them. We used an OSINT tool known as Marine Traffic that tracks marine traffic using either their communication to shore by ADS-B or by GPS for larger ships. We were able to locate many of these yachts in ports throughout Europe. We then encouraged pro-Ukraine, anti-war folks to block their fueling and re-stocking. Fortunately, at exactly this time, NATO agreed to sanctions on Russia and the oligarchs. NATO then ordered the seizure of these yachts. These yachts are still be held to this day in 2026. We were able to place pressure on the oligarchs to pressure on Putin to end the war or at least seize assets that could be used to pay for the damages Russia was inflicting on the Ukrainian people.
SCADA/ICS/OT Attacks
As experts in industrial controls systems hacking and security, we set out to put our expertise into action to stymie the Russian war machine. Given the immediacy of the need, we took a novel approach to disrupting these systems. Normally, hacking an industrial control system can take weeks or months. We didn’t have that kind of time, so we trained another group in ICS hacking techniques to pursue the longer-term approach. At same time, we began search for and locate vulnerable ICS systems using the modbus protocol. We published the list of over 300 IP addresses in Russia that were reachable over the internet. We then set out send random inputs and commands into these systems. These industrial control systems are very finely-tuned systems and if any segment of the process is disrupted, the product is sub-optimal (this is essentially the same approach as the Stuxnet malware. Disrupt the process without destroying it).
Imagine an oil refinery. This process is finely tuned and the product advances through each stage precisely. If the previous process returned an inferior product, the entire batch is tainted and unusable. This is the perfect ICS hack! The target doesn’t know they have been hacked but their product is unusable. Imagine the Russian engineers scratching their heads and pulling their hair out as each batch of product from their refineries, chemical plants, and manufacturing facilities continued to malfunction for no known reason.
In some cases, when you send random inputs into a ICS system, things go terribly wrong. In some cases, the plant catches fire or blows up.
Watch here as Norway Public TV documents our efforts in Ukraine.
https://tv.nrk.no/serie/brennpunkt-cyberkriger/sesong/1/episode/MDDP11200223
IP Cameras
In April of 2024, as the Russian army marched toward Kyiv from the north and from the Donbas from the east, the Ukraine army contacted us for a special mission. They provided us a list of over 900 IP cameras across Ukraine that they wanted access to. These were private and some local government cameras distributed across the country. The idea here was that they wanted to watch the cameras to provide reconnaissance on the Russian army movements. We accepted the assignment and set out to hack as many cameras we could. It turned out to be easier than expected.
Using a variety of techniques, we able to hack hundreds of these cameras. These techniques included;
- Default credentials, about 10%
- Bypass authentication mechanisms about 70% (this works on many IoT devices)
- Brute-forced credentials about 20%
It’s worth noting that we were the first to pioneer this technique for wartime reconnaissance, but it has now been used by both Russian and Iranian hackers in their conflicts. It will likely be a become standard military reconnaissance practice by all armies in future conflicts.
To learn more about our actions and techniques in the Ukraine/Russia war, look for my upcoming Cyberwarrior Handbook 3.
Source: HackersArise
Source Link: https://hackers-arise.com/the-cyberwarrior-handbook-part-2/