RUH8 about Ukrainian hacktivism, cyber warfare and SurkovLeaks (exclusive interview) – (English)

Security News ThreatsCybercrime Uncategorized

Studying of Ukrainian hacktivism phenomenon and analysis of the information obtained by the “knights of cyberspace” have become an important part of the research work performed by InformNapalm volunteer intelligence community. This is the first article in a forthcoming series of interviews with the stars of Ukrainian hacktivism who have become extremely popular after they broke the Internet with SurkovLeaks.

Sean, a Ukrainian hacktivist from RUH8 group (still frame from VICE | CYBERWAR episode)

Today we will speak with Sean, a Ukrainian hacktivist from RUH8 group. RUH8 is a member of Cyber Alliance – several hacktivist groups that united their efforts to counter Russian aggression in cyberspace. Cyber Alliance has a proven track record of successful high-profile operations including the hack of office email account of the Kremlin’s grey cardinal Vladislav Surkov, personal adviser of Russian President Vladimir Putin; cyber attacks targeting Orenburg Oblast of Russia; the hack of gadgets belonging to Motorola (recently killed), a famous Russian chieftain of militants fighting in Donbas; the hack of mailboxes belonging to The Union of Donbass Volunteers terrorist organization (chairman – Alexader Borodai, former Prime Minister of the self-proclaimed Donetsk People’s Republic, former Russian Security Service (FSB) Deputy Director on information policy and special projects), and a number of operations tied to specific dates – #op256thDay, #opDay28, #opMay18, #OpMay9.

[embedded content]

“We know that the look of the presenter from video messages spread by Ukrainian hacktivist Cyber Alliance (FalconsFlame, RUH8, CyberHunta and Trinity groups) was inspired by the hacker from German movie “Who Am I – Kein System ist sicher”. Still, you added some Ukrainian flavor, for all your videos are said to be filmed in Lviv Metro (Translator’s note: Lviv Metro is a grotesque Internet meme that mocks Russian Ukraine-phobic myths about Lviv underground where they place a non-existent torture site; in fact, Lviv Metro city transit system was never built which makes this meme even more hilarious). We will follow the rules of genre and ask one question which may have a number of interpretations. So, WHO ARE YOU?”

As a hacktivist, I always liked to play with computers. Not literally. I do not mean playing computer games (have been playing them, too, of course), but rather playing with computers as with the object which creates stand-alone reality that is unlike anything else. After becoming more experienced I realized that computers do not exist separately from people. And I won’t deny it that I like influencing people and events. Especially when cyberspace, which is totally my element, has already become a part of everyday life. It must be called “politics”, right? The fact that post-Soviet feudal-corporate system is gradually dying out, opens up absolutely new possibilities.

I don’t dwell on revenge, though I have reasons for revenge. I can hardly be called a saboteur: collateral damage can be very substantial, but my goal, as I see it, is to collaboratively counter Russian-terrorist threat. So, at the moment I’m not looking to hack as many things as possible, but rather I want to understand how these self-proclaimed republics are managed (their organizational structure, economy, personal connections between org-men, relations with Russia) and how our society responds to terrorist threats. You must know your enemy to inflict maximum damage.

Who am I? A political activist.

“If we focus on hacktivism of the Russian-Ukrainian war period, we can see that your hacktivist community came out in full force only in the beginning of 2016. Before that mostly Russian hackers and their cyber sabotage against Ukraine and other countries would grab the headlines of news outlets. How did you start your struggle in cyberspace and how did you switch from defensive to offensive operations?”

The first time we started to apply our knowledge was in March 2014. We were trying to find out who was standing behind Russian hacker groups. Since then we never stopped acting. Yet, gradually we started to understand that war cannot not be won through scattered attacks, and, also, that we need to reinforce them with information and political support. Our attempts to cooperate with intelligence agencies gave no result at that time. A hacktivist is a person who is looking for a shortcut, the simplest solution, through complex means. Intelligence agencies and military organizations are ruled by completely different thinking. That said, the mere fact that “geeks” and “spooks”, hackers and fighters, found a common topic for discussion speaks volumes. Step-by-step a new civic movement emerges. Cyber-volunteer movement. Still, even that is not enough to win the first cyber war in the history of mankind. Changes are happening. I am sure we will win – both in the cyberspace and in the conventional war.

Dahmer – a Ukrainian hacktivist from RUH8 group (still frame from VICE | CYBERWAR episode)

“It is customary to say that Russia is leading information war against Ukraine. Cyber war is much less discussed, and it also mostly appears in the context of information warfare. What is common and where lies the difference between these two concepts?”

Information warfare is a well-known phenomenon, its purpose is, through manipulation, persuasion, agitation and propaganda, to make people change their point of view. In contrast to information campaign, information warfare is all-out, it involves all population of the countries at war. There is no way to hide or escape from the infowar either in a glamour magazine, or in a healthy-eating book.

Cyber warfare is a relatively new phenomenon. At first, there were fictional fantasies  – like Gibson’s computer virus-weapon (Translator’s note: reference to the book “Neuromancer”, a novel by William Gibson). Then, gradually, in mid-90s, computer war concepts started to evolve. Many laughed at them then (myopically!). In late 80s KGB managed to carry out a successful hacker-assisted espionage operation – if you want to learn more about it, read “The Cuckoo’s Egg” by Cliff Stoll. That said, just like some dirty laundry leak or election campaign activities cannot be called information warfare, espionage or DDoS-flashmob (remember Estonia) are not cyber warfare.

Intelligence men cannot win wars alone. If we look at conventional warfare, we can see that in the very beginning there were separate combat-ready units, then they transformed into volunteer battalions and finally turned into a regular army. Over time, as people unite and establish interaction, individual operations and sabotage attacks grow into war that covers both traditional military fields: intelligence and counterintelligence, disruption of communications, informational and conventional sabotage; and other spheres of life: some politician can gain extra influence or resign, a large company may go out of business or lose a market segment. A hacker attack can erase all content of some propaganda website or make a bank lose money, while some exotic branch of computer science gets to publish an interesting article “Back to the question of graph theory application for static analysis of executable files”.

Western countries have already deployed special cyber units, and they have been there for quite a long time, but this is only theory. Real-life practice is happening here and right now. This is where technical capabilities and geopolitical interests meet each other. Now we are on the threshold of the first Ukrainian-Russian cyber war (as it will appear in the history books).

“Is there any interaction between Ukrainian hacktivists and government security agencies as to intelligence gathering, uncovering terrorist cells and seizing saboteurs? Do you cooperate with media or, similarly to WikiLeaks, upload all gathered data and grant public access to flies by default?”

I am dead set against WikiLeaks style, although I greatly value the work done by leaktivists, hacktivists and volunteers. Information, if dumped in a huge heap, loses its importance. It gives ground for scandals and hassles that side-track public attention, raise doubts about the reliability of the released information or provoke leaks that can disrupt further operations. Like any other material, information is a resource you should work with and squeeze it dry.

If counterspies have already found and identified all enemy agents in the hacked correspondence, it does not mean there is nothing left there for the military, journalists and hackers (hell yeah!). And after that it is time to release archives, too, – for historians.

The interaction exists and it gives results. Still, the relationship between security officials, volunteers and general public can hardly be called perfect. The root of the problem is not that someone is doing a bad job. InformNapalm works great, that is why we share our data with you. Many other organizations and individuals should also grasp that there is war going on, and victory in this war requires joint action (just as it requires management, logistics, funding and political will).

“Which of your operations you think are the most successful? Tell us about your goals for the future, and where, in your opinion, lies the finish line after which you will consider your hacktivist mission accomplished?”

My goal is victory in the war with Russia and building of independent and free Ukraine. After that I can switch to the defensive mode or do other things. It is too early to tell you about the most successful operations, though in general I like all of them, even those where our role was secondary. I added Guy Fawkes mask and Ukraine’s national emblem to RUH8 logo for a reason – it symbolizes that working together for a common goal is more important than individual tactical gains.

“Many of our readers wonder whether you have some connection with the famous Anonymous hacker movement or any other international group and whether your activities ever go beyond the Russian-Ukrainian war?”

First Anonymous actions were the manifestation of hive mind born on imageboards, it was fresh and sincere. Despite the lack of clear ideology there was the lowest common denominator – for instance, confidence that the Church of Scientology must be stopped in its attempts to censor Internet. Since then any Tom, Dick or Harry started wearing Guy Fawkes mask. We have it, too :-), but we also have our own modus operandi: our operations do not pursue very broad universal ideas of justice, but have a well-defined political agenda. After the war RUH8 brand will cease to exist. I do not believe in Anonymous and I think that if we take ten random “guy-fawkes” and peek under the mask, we will find four high school students, one freak obsessed with power, three intelligence agents, one manipulator hiding behind a bunch of hackers, and, if we are lucky enough, one hacker who knows what he does and why he does that.

I am trying to connect with foreign colleagues, but they are hampered by the language barrier and the illusion that “it’s not their war”. It is necessary to explain that this is not just a local conflict, but the continuation of the Cold War that affects everyone.

“Just recently Cyber Alliance literally broke Internet with Surkov’s office mail leak. How would you rate the efficiency of #SurkovLeaks operation?”

I think that the first publication of CyberHunta was somewhat premature, but the subsequent release of Surkov’s office email data gave much better results than one could expect. For the first time since no less controversial and successful action by Myrotvorets, the operation of Cyber Alliance caused global stir. More so after the authenticity of the hacked correspondence was confirmed by independent analysts from Bellingcat and Atlantic Council’s DFR Lab.

“Most Internet users see cyber-activists through the prism of movies where hacker skills are presented almost like magic art. Perhaps, we can draw a parallel between modern times and old times and, with a small adjustment to cyberspace environment, find some analogy in the legends about kharakternyks and ordinary cossacks (Translator’s note: kharakternyks are legendary warriors-sorcerers who could defeat their enemies with unusual magical skills like stopping and turning bullets, casting fog, paralyzing fighters with terror, etc.). What are the limits of hacktivist capabilities?”

Hacking, especially targeted hacking, is the most tedious and painstaking work which embraces collection of necessary information, endless search, constant review of reports generated by automatic analyzers, and only after you find a reliable clue, you get a chance to become creative and prove your mettle. Or the other way around, first you develop a new tool (every craft has its toolkits), then you have to test it, debug it and wait for the results. And sometimes good luck simply finds and hits you. Once I “hacked” a bank, hackerish, isn’t it? ???? after a five-minute Google search, I got a bug bounty for it. I even had to hack it once again later, though it did not take me five minutes for the second time, to make sure that “luck” is always based on knowledge and years of experience.

Clark said that any sufficiently advanced technology is indistinguishable from magic. Hackers’ magic halo is supported by the fact that the resulting outcome greatly exceeds the effort. Sometimes we receive emails from people who are truly desperate and for whom computer hacker is the last hope. Anyway, however unusual it may seem, it is still a job ????


Evidence data was exclusively provided to InformNapalm by the hacktivists of the Ukrainian Cyber Alliance for analysis and processing. InformNapalm Community bears no responsibility for the sources and origin of the data.

Translated by MC Joy

Edited by Christina Dobrovolska

The interview was prepared specially for InformNapalm volunteer intelligence community website. An active link to the source for any reprint of other use of the material is required.(Creative Commons – Attribution 4.0 International – CC BY 4.0) 

Want to stay informed about the latest InformNapalm investigations? Follow us on Facebook.