How hackers in Belarus are complicating Putin’s Ukraine invasion
As thousands of civilians risk their lives to resist a Russian onslaught, a global group of cyber guerillas have joined the fray too. They’ve disabled Kremlin-backed websites, leaked personal data, exposed disinformation, hijacked TV signals, and even hobbled infrastructure. One early and ongoing attack, launched in January, disabled the internal systems of a train network in Belarus, a country of 9 million people that’s sandwiched between Russia and Ukraine and has long been under the Kremlin’s grip. During the Ukraine war, Belarus has become a staging ground for airstrikes and tens of thousands of Russian troops, and there’s speculation that the Kremlin has enlisted the help of the Belarusian military, too.
The railway attacks, which reportedly ruined digital reservations and scheduling and possibly hobbled Russian troops’ ability to move through the country, was the work of the Cyber Partisans, a group of tech industry veterans from Belarus trying to tear down the country’s regime from their keyboards. As Russian troops prepared to enter Ukraine from Belarus, the hackers decided to target one of Putin’s key networks.
“To move anything, including rocket launchers and solarium, they need the railways,” says Yuliana Shemetovets, the Cyber Partisans’ spokesperson. “People are used to doing everything using computers and different systems, and now they’ve had to do everything on paper, like building and creating train schedules, and not many know how to do this.”
A fast-talking, 28-year-old grad student who left Minsk in 2016 to study political science and settle in the U.S., Shemetovets began working with the Cyber Partisans last year. She says she doesn’t know its members’ true identities or locations, but acknowledges that it includes “a few” women.
Part of an umbrella coalition called Suprativ, the Cyber Partisans emerged in 2020, following a series of brutal crackdowns of protests that emerged in response to the fraudulent reelection of Alexander Lukashenka, Belarus’ long-standing Soviet-styled president. Lukashenka, known as “Europe’s last dictator,” has arrested and tortured scores of political opponents and journalists, shut down civil rights organizations and criminalized protest as “extremism.” Tens of thousands of protestors have been detained, according to a new United Nations report.
The Cyber Partisans have railed against the Lukashenka regime, and not just by defacing government websites. Last year they gained access to a bounty of internal government and police files, and have assembled a database of official abuses that could prove useful for assembling cases against the Belarusian regime. Last year, journalists used some of the data to calculate the true impact of the COVID-19 pandemic on Belarus (the excess mortality rate was 14 times higher than the official numbers). The group is also building apps designed to keep the wider opposition movement safe, including a special version of Telegram that can covertly delete messages.
Whatever impact the Cyber Partisans may have, they could also provoke Russia and its allies’ well-armed hackers: Facebook and Google said the hacking group Ghostwriter, which is thought to work for the Belarusian government, attempted to hijack the social media accounts of prominent Ukranians, apparently in order to spread pro-Russian propaganda, including videos of what appeared to be a Ukrainian waving a white flag of surrender. The unprecedented, sometimes unruly cyberwar has raised concerns that an unscrupulous attack by state actors or a group like the Cyber Partisans could spark a dangerous escalation. (Russia itself been relatively quiet on the cyber front so far, but after a hacking group suggested it had targeted a Russian satellite system earlier this month, Roscosmos head Dmitry Rogozin told Interfax that disabling Russian satellites through hacking would be “a cause for war.”)
Russia’s presence in Belarus has forced the Cyber Partisans to take more security precautions, but Shemetovets says they remain undeterred. Now about 35 people large, the group said recently on Telegram that it plans to increase its staff by tenfold, “in order to carry out large-scale attacks not once a month, but several times a week.” Since the railway attacks, its Telegram channel has ballooned to over 62,000 followers, who have offered assistance and encouragement, donated bitcoin and suggested new targets in an effort to slow Russia’s advance.
Cyberwar is “one of the only ways that people can participate in this war,” says Shemetovets. “And I would expect that, if it wasn’t the Cyber Partisans doing this, other groups would step in.”
I spoke with Shemetovets by phone just before Russia’s invasion of Ukraine, and again last week. Our conversation has been edited for length and clarity.
Where did the name, the Cyber Partisans, come from?
Belarusians are famous for fighting in the Partisan movement during the Second World War, so that’s kind of part of our history and the culture and the folklore. And sometimes, since you can’t fight directly—or not even fight, but just show your dissatisfaction with the regime—the only way you can proceed is by using some creative, smart tools to fight the regime, to inspire people, to reveal crimes.
When did the group get started?
The group’s founders—there are about three to five of them—started it after [post-election] protests were brutally suppressed in Belarus, in September 2020. First they hijacked a state TV station online and posted videos showing how people were beaten up by police officers. And then at some point they decided that the situation wasn’t changing, that Lukashenka wasn’t trying to establish any kind of a dialogue with opposition groups. And for the people who didn’t vote for him, the suppression continued. Things became worse. So that’s when the group decided to do more.
One of their most famous attacks was the hack of the country’s passport system, where they got access to passport information and to internal recordings between high level officials and even regular police officers, who had been recorded by official entities like internal affairs officers inside local police buildings. There’s two other groups that are part of this effort, and the other groups have people in Belarus. These are the people who helped to actually hack this internal passport entity, because the Cyber Partisans couldn’t get access from the internet. They had to have help from the ground.
The idea was just to show what crimes were committed by these policemen and what orders were given to them by their superiors, by high level police officers but also by Lukashenka himself, because they’re mentioning his name. And the voices were confirmed by people who were working with them. The group is now working with other international organizations, nonprofits that want to start [legal] cases, at least to prepare them. Because, as far as I understand it, it’s a very long process.
And now the Cyber Partisans are attempting to slow down the Russian military, alongside physical attacks by allies inside Belarus. I’ve seen reports that Russian troops had stopped moving at night, and that they were using daytime passenger trains instead. How have you seen the attacks impact Russian military movements?
They discussed the disruptions on the Telegram of the railway workers union, and [the opposition group] BYPOL has said that it was pretty effective and that there was no movement by Russia by train. But again, these are internal sources, and they’re hard to verify. Still, the attacks coming from Belarus seemed to have slowed down, at least from the ground. They are still sending rockets from there. The Belarus border is very close to Kiev. That’s why it was so important for us to disrupt this railway, because it looks like Kiev is the number one target.
? ???? The rail war continues. Thanks to cyber and guerrilla attacks, Russians are still afraid to use military trains in Belarus. Ammunition is being transported in gondola cars, unloading takes place near a busy highway. ??It violates any safety standards https://t.co/wN4szQNCwP pic.twitter.com/YXZxz9nCH4
— Belarusian Cyber-Partisans (@cpartisans) March 16, 2022
The Russian military has seemed far more vulnerable than expected.
Everyone had been expecting that the Russian military would be so strong, but we do see that some of its components have been disregarded, that they didn’t invest enough in it. And this high level of corruption, it affects everything. It looks like the soldiers are also demotivated.
The Cyber Partisans have recently been distributing videos urging Belarusians not to join Russian troops in the war. I’ve heard of soldiers deserting or resigning. What’s been the response to the war in Belarus in general?
It is very concerning that Belarusian soldiers could be involved in a war with Ukraine, with whom we were always friends. It’s a very unnecessary war, but again, it shows how Lukashenka will do anything just to stay in power. And as I was saying, the Belarusian population was highly affected by the Second World War, so there is this understanding that Belarusians don’t want any kind of war on the territory of Belarus. Even Lukashenka’s supporters are a little bit concerned. And now there is a campaign of people reaching out to Belarusian soldiers, saying either run away, hide, don’t join, don’t participate. Or you could cross the border, and side with the Ukrainians.
But if Putin asks, Lukashenka won’t have any other option but to give him his soldiers. Even in public, Lukashenka has confirmed that whatever Putin tells him, that’s what he’s gonna do. Putin provides money and protection, and without it, he knows he will be gone. So if Putin goes down, he will go down. He’s said it in public too: Without Putin, there is no chance for us. He meant the regime, not for Belarusians.
Apart from the attacks on the railway system, have the Cyber Partisans been working with Ukrainian cyber actors?
They’re in contact and they’ve tried to coordinate but they aren’t participating in any Ukrainian IT Army attacks. They’re also not attacking any Russian infrastructure in Russia. They’re only focusing on Belarus and Russian military troops in Belarus. They’re open to sharing any information or any tips or their knowledge in attacks in general.
Since the war began, many people have reached out—non Russian, non Belarussian, non Ukrainian people—and sometimes it’s hard to coordinate and send them to the right place because everyone wants to help, and it’s great, but it’s also a little bit chaotic. We’ve tried to send them to the Ukrainians. I feel like they need more foreigners.
This giant hacker mobilization for Ukraine has raised concerns that it’s too chaotic, dangerous. And obviously, these attacks and battles can spiral dangerously out of control.
People were afraid of its impacts, that it’ll destroy the whole world. I don’t think we see that happening, though I see the concerns about unorganized movements. Let’s say the [Ukrainian] IT Army does something, and Russian hackers respond, then we may get into a more chaotic situation. But you know, it’s war. There are always casualties, either in people’s lives or in cyberspace.
I think one difference now is that Russian soldiers may not have access to the internet, so they might not even know what’s going on and how Ukraine cities have been bombarded by Russian forces. But Russian hackers have access to the internet. So some of them might decide to not side with the Russian regime. Maybe some of them have been blackmailed by the regime. We all know that some of them are in prison for their crimes, but if they work for the government instead… So some might not want to join the Russian regime in Ukraine. Also, sometimes we overestimate what Russia is capable of. They are strong, but you know, no one is Superman.
There’s been dissent within the ranks. The Russian ransomware gang Conti vowed to retaliate if anyone targeted critical infrastructure in “any Russian-speaking region of the world.” Shortly thereafter, someone leaked the group’s internal data, including its precious source code.
We haven’t seen anything like this before. It’s interesting to watch war move into cyberspace right now. But I do believe that everything is going to be decided on the ground. No matter how developed we become, the actual fight is on the ground, and the actual revolution is on the ground. That matters the most at the end of the day.
After permitting Russian forces into Belarus, Lukashenka suggested recently that some Russian nuclear weapons could also be placed in the country. Putin’s grip over the county appears to be tightening. Apart from his war, what does Putin mean for groups like yours?
We have warned many people in our movement, saying that you’re not only fighting Lukashenka, you’re also fighting Putin. We’ve been warning people of what Putin is capable of, and how he basically keeps the Belarussian people hostage and keeps Lukashenka as his puppet. It is dangerous now to protest in Belarus, because besides the Belarussian army and Belarusian police officers, the Russian military is now there too. Putin’s always wanted to make sure that Belarus doesn’t get out from his sphere of influence, doesn’t join the European Union or any other pro European movements. So it is tough, and it’s thanks to Lukashenka who sold our country to Putin, but that’s how it is.
But what that means is that Ukrainians are now basically fighting for our independence as well. Without a free Ukraine, there is no chance for Belarus. That’s something that I think people now are realizing. that it’s gonna be hard, but that’s the price for freedom: fighting against not only Lukashenka, but Putin as well.
Apart from the attacks and the apps, how effective do you think the Cyber Partisans have been at waging information war, using hacked data about the regime?
I think it’s a helpful tool when you release information [about official corruption] in a Western democracy, where people can actually prosecute these people, or do something. When you release this information within Belarus, it may be helpful for building a case against these people or just showing the public what kind of morals or ethics they have. But on the ground, it won’t have any effect. The same in Russia. If you release information about Russian soldiers, high-level politicians, officials, stuff like that, I’m not sure how helpful it’ll be. Will Russians act upon this, knowing this information, inside the country? Maybe this kind of data will help to sanction some officials and oligarchs. But the real effect in dictator countries, it all depends on people on the ground, and what they’re capable of doing with this information.
What kind of response has the group seen to its leaks within Belarus?
Many police officers have reached out to the Cyber Partisans asking to remove their names from the so-called Black Map. That’s the project the Cyber Partisans are working on with other groups, releasing information on police officers who’ve committed crimes, who are involved in torture. They have access to personal information on any Belarusian, even those living abroad sometimes. And we have information that some people left [the country after the announcement of the Black Map].
In today’s world ppl deserve safe means of communication. That’s why we developed P-Telegram, which works just like the original #Telegram but with additional features. It helps you wipe data if anyone attempts forced entry. Source code & other info: https://t.co/tykAjCaj5N
— Belarusian Cyber-Partisans (@cpartisans) March 14, 2022
Has the group cooperated with people outside Belarus?
The Cyber Partisans mostly work with Belarusians, but they do share information with international organizations. Amnesty International has used some of the [police] data to try to gather evidence against the regime, so the Cyber Partisans shared some of that information. Some foreign government actors have also reached out to the group, asking to release or share some information on Belarusian officers that are located in European countries or other states, spies and people like that. I can’t say who or why just yet. They might decide to share this information with these actors, but they have already publicly released much of it.
One problem is that some European countries have different rules about how you can use data [in legal cases]. With these strict rules, if data was obtained through hacking, they might not accept it. So some groups are trying to find ways to use this data. And for that reason, the Cyber Partisans have also made a more concerted effort to document everything: When an attack happened—by whom, using nicknames—and what computers were attacked, what was attacked, where and when.
And how has the Belarusian government responded to the leaks?
The government hasn’t reached out to us. They’ve tried to block the Cyber Partisans’ YouTube channel, but that wasn’t successful. Lukashenka gave a speech that mentioned cyber risks but he didn’t name the group itself. He said the threat is super dangerous, and Western countries were behind it. That’s the usual commentary about the Cyber Partisans, that it’s funded by the CIA or some European entities. Which is not true, but they say it. It kind of makes sense why they do.
I heard Belarus has also named the Cyber Partisans a terrorist group.
Yes, but there are a lot of opposition forces that have been named terrorist groups. The government has also said that if anyone on the ground tries to disrupt the trains, it’ll be considered a terrorist attack. And the prison sentence for that is around 15 years, and can even lead to capital punishment.
But that’s exactly what organizations like BYPOL are doing, trying to organize people to disrupt trains on the ground. [Alongside the recent cyberattacks on the railway, physical sabotage carried out by members of BYPOL, another opposition group, disrupted other train control systems.] And that’s what the Suprativ movement, our larger coalition, successfully did a year ago through some guerrilla activities. So we’ve also made a set of [security] instructions for people. We continue to urge people to stay very careful, because it’s not only the Belarusian police forces that can detain you but also Russian forces that can shoot you.
I would think the Cyber Partisans would by now be a target of the Russian government too.
There’s always a chance. But even though Cyber Partisans have shown their dissatisfaction about Russian military troops being in Belarus, they have never attacked Russian troops or Russian infrastructure or anything related to Russia. They only operate in Belarus, and they only aim at Belarusian entities and Belarusian infrastructure. Still, there is a danger. We’ve heard some rumors that the FSB is now on the hunt for the Cyber Partisans.
How nervous are you, personally?
I am nervous, but you know, also I’m kind of fine at some point. I don’t know, people are suffering so much in Ukraine now. I picked my side and I’m just confident in what I picked. I’m not going to just change my mind because I’m afraid. But I’m cautious, and trying to be as careful as possible. I’m very paranoid now, when anyone sends me any links, and I’m just taking extra steps whenever I’m in contact with people.
??1/4 We are fighting the dictators NOT for donations and began to destroy regime’s systems without any. But in many ways, our operations “Heat Wave” and “Scorching Heat” became possible thanks to your financial support. Including the suspension of movement of ???????? military troops. pic.twitter.com/lmFjbmClbO
— Belarusian Cyber-Partisans (@cpartisans) March 11, 2022
How are the Cyber Partisans helping opposition groups in Belarus?
In Belarus, police officers can stop you and randomly search your bags or even detain you for a day or so. And they check your phone, that’s the first thing they do. And if they see you’re subscribed to any ‘terrorist’ channels or ‘extremist’ channels on Telegram, right away, they’ll put you away for more time. It’s kind of a stupid way to end up in prison.
So the Cyber Partisans created this app, Partisan Telegram, or P-Telegram. And it looks exactly the same as the regular Telegram, but it’s much safer if you get detained. The way it works is, your Telegram is password-protected. You give a special password to policemen, who would never know the difference between the Partisan Telegram and the regular Telegram. The police would enter this password, and all your chats and groups that you previously marked will be deleted. Another project is an encrypted messaging app, P-SMS, that can work without the internet, which was inspired by the situation in Kazakhstan. You do need to exchange keys with anyone you’re communicating with before you can send these encrypted messages. They’re both open source code that people can inspect, apps for Android. They’re working on an iOS version.
Does the group talk about a future beyond Lukashenka?
They want to come back to the IT sector once everything, hopefully, has changed. Once we return to democracy, rule of law and independent institutions, there will be a lot of work in rebuilding our cybersecurity infrastructure and in general the IT sector. Previously it was a very successful sector that brought a lot of money into the economy. Since the crackdown in 2020, many companies and IT specialists have left. It just doesn’t make sense for them to stay, especially if you speak English and can work for international companies. Some people are staying, some people are very patriotic, like, I’m going to stay until we achieve our goal.
Also the Cyber Partisans have tried to emphasize that even the followers of Lukashenka, there shouldn’t be negative repercussions for them. There should be a way that both sides can live together. And eventually, whoever has committed crimes, we’ll try to find ways to find a place for them too.
(50)