DANIELLE KURTZLEBEN, HOST:
Volunteers from around the world have formed a new cyber army to help mount a defense against Russia's invasion of Ukraine. The so-called IT army is government-backed but led almost entirely by civilians.
(SOUNDBITE OF PODCAST, "CLICK HERE")
JANI: Basically, once I started hearing about civilians and children and women and elderly getting bombed or killed or starved is when I basically decided that I have to do something.
KURTZLEBEN: That's a member of the IT army speaking to journalist Dina Temple-Raston on a recent episode of "Click Here," a podcast about all things cyber and intelligence. Dina Temple-Raston is here with us to tell us more about Ukraine's cyber army. Dina, welcome.
DINA TEMPLE-RASTON, BYLINE: Thanks so much.
KURTZLEBEN: Of course. So as we just heard, you spoke with a member of this Ukrainian army. What did he tell you about how this group came to be?
TEMPLE-RASTON: Well, it's a very sort of modern story, right? There was a call to arms on Telegram, which is this encrypted messaging app. And they kind of built this force because Ukraine had been dealing with Russian hacking for years. So there was sort of a - people within the Ukraine who were it professionals who are really good at hacking or defense. And what they hadn't really expected is when they put out this call of arms - and this was actually the Ukrainian government that put out this call to arms. What they weren't expecting was how much the world would respond. And we spoke to essentially the guy who's in charge of their cybersecurity for the country. And he claims they have, you know, half a million people who are willing to try and help with this.
KURTZLEBEN: So once they do that sort of call to arms and they get this big response, do all those people who respond, do they go through any sort of vetting? Is there any screening for proficiency at hacking?
TEMPLE-RASTON: No. I mean, that's the really good question, right? So there's something in cyber known as script kiddies - kiddies like children as opposed to kittens. And script kiddies are basically people who copy other people's code and sort of talk big and have a lot of bravado. And that tape you played, that was Jani, a guy from Finland, and he said that's one of the really big problems, is that there's no vetting and that what you end up getting is a lot of sort of hacker wannabes who don't really know what they're doing. And as a result, that causes a lot of problems.
Jani said there was one instance in which he was actually on what's essentially a administrators page of an important website in Russia. And he was about to go in and actually exploit the page - you know, get in there, look at the network, et cetera, et cetera. And then all of a sudden, there was an attack that was by all these script kiddies that took the system down. They basically launched a DDoS attack, a distributed denial-of-service attack. You just ask a server to do a bunch of things, and it gets overloaded, then it drops. So Jani was doing something important. A denial-of-service attack is not really an important thing. It's just an irritant. And, boom, because there was no real vetting and because there was no real organization, it sort of undid what a real professional was trying to do.
KURTZLEBEN: And broadly speaking, what kind of impact has the IT army had so far?
TEMPLE-RASTON: It's hard to tell. I mean, some of their hacks have been sort of cute in a way. You know, one - for example, an Anonymous hack - they've sort of joined forces with the IT army. Instead of having a restaurant reviews, like, for the sort of Russian equivalent of Yelp, what they put instead of the reviews to get by censors were news clips of what's going on at the front, right? This many people died. This city hasn't fallen. This is what's going - really going on in Ukraine.
And then there was a Polish group called Squad 303, and somehow they hacked and got all these mobile numbers and email addresses of regular Russians. And they've set up a site that you could actually go to and send messages to regular Russians to tell them the truth about what's going on with the war.
So those are the sorts of things they're doing, which are not - you know, it's not taking down a power grid, but it's irritants, right? And hackers are nothing if not irritating. And what some officials believe here in the U.S. is that what's happening is because the Russian hacking teams are having to defend so much, it's sort of making it harder for them to do any sort of offensive or operations against Ukraine that they might otherwise have planned to do.
KURTZLEBEN: I want to play another clip from your interview with one of the volunteers when you asked him what kind of precedent this type of action sets.
(SOUNDBITE OF PODCAST, "CLICK HERE")
UNIDENTIFIED PERSON: Honestly, I think it's setting a good president because at the end of the day, one thing we've been saying for a while is that we believe that now, more than ever, civilians need to learn how to not only defend but fight on the cyber front.
TEMPLE-RASTON: Yeah, that's a guy from Texas that we talked to who's part of the Ukrainian IT army. And I would say that that's sort of a singular opinion. I don't think most people think this is a good idea. I mean, if you think about it, you're suddenly training a lot of people who maybe were OK at cyber. You're getting them all together, and you're teaching them new skills. And when the war is finally over, what are they going to do with all these new skills? Are we, in fact, training an entire new cohort of hackers? I mean, they're breaking a U.S. law, anyway. They're not hacking here. They're hacking elsewhere. But if they were doing this in the U.S., they'd be breaking the Computer Fraud and Abuse Act, right? So it's - it'll be really interesting. I talked to lawyers about this, and they said, well, I don't really think there are going to be too many people who are going to press charges against people who are trying to help, you know, Ukraine against the Russians. But it's setting a really, you know, unsettling precedent.
KURTZLEBEN: Right. And giving people new tools and saying, we hope you use these new tools for good.
TEMPLE-RASTON: Exactly. I mean, there's an old saying in hacking that the difference between a black hat hacker - a bad hacker - and a white hat hacker - good hacker - is intention, not skill.
KURTZLEBEN: To zoom out here, how does the Ukrainian cyber warfare effort compare to the Russian effort at this point?
TEMPLE-RASTON: Well, it's hard to tell, right? I mean, one of the things that we found that I found really interesting is that Russian hackers have this amazing reputation, right? They've hacked into Estonia's power grid. They've hacked into Ukraine's power grid. We just found out this week that the White House revealed that they've hacked into the U.S. power grid. So there's this sense that they're 10 feet tall. But what we're learning is that they're 10 feet tall when they have lots of time to plan, but they aren't all that creative or intuitive or nimble when they're hit with something they're not expecting.
So maybe the best thing that came out of all of this is maybe not so much that the Ukrainian IT army sort of hacked Russia in a way that changed things materially there. Instead, what they've done is they've kind of revealed what the weaknesses are of Russian cyber army, the same way the invasion of Ukraine has shown us that this 10 foot tall, we thought, Russian army is actually maybe not as skilled as we thought they were.
KURTZLEBEN: That was Dina Temple-Raston. She is the host of the "Click Here" podcast. Dina Temple-Raston, thank you so much.
TEMPLE-RASTON: You're very welcome. Thank you. Transcript provided by NPR, Copyright NPR.