Cyber Partisans

Cyber Partisans
Кіберпартызаны
FormationSeptember 2020
Typeanonymous hacktivist collective
Purpose
Region served
Belarus
Websitet.me/cpartisans

Cyber Partisans (Belarusian: кіберпартызаны, romanizedkiberpartyzany, Russian: киберпартизаны, romanizedkiberpartizany) is a Belarusian decentralized anonymous hacktivist collective emerged in September 2020, known for its various cyber attacks against the authoritarian Belarusian government. The group is part of the broader Belarusian opposition movement.

Membership and aims

Cyber Partisans consists of a group of Belarusian IT workers who live abroad.[1] In an August 2021 interview to Bloomberg, hackers shared some details about themselves: they are 15 people, none of whom are professional hackers; of them, only 3 or 4 perform the hacks, others deal with the analysis of obtained data; and some group members were penetration testers before joining the group.[2][3] Members are anonymous even to each other.[4] The group describes its activities as ethical hacking, as it goes only against the state and do not harm to ordinary citizens.[2][3][5] In late January 2022, the group reportedly consisted of some 30 people.[5] Its spokesperson, Yuliana Shemetovets, is based in New York.[6][7]

An anonymous spokesperson for the group told in an interview to MIT Technology Review: "What we want is to stop the violence and repression from the terroristic regime in Belarus and to bring the country back to democratic principles and rule of law."[3] In 2021 and 2022, the group affirmed that it was not collaborating with any foreign government, but "we are not against it, as long as it aligns with our depicted goals, to change the regime."[6]

History and actions

The Cyber Partisans originated in September 2020 after the 2020 Belarusian presidential election and subsequent protests against its falsification by Alexander Lukashenko. The protests were brutally suppressed by the government's police and security forces.[8][2]

Initially, actions by the group were symbolic: group members hacked state news websites (All-National TV, Belarus-1) and streamed videos showing scenes of police brutality, and inserted the names of Lukashenko and the minister of Internal Affairs, Yury Karayeu, to a police most wanted list.[9] The group also hacked government websites to add the white-red-white flag, which is favored by the Belarusian dissidents, over the official red and green flag of the country.[8][2]

Cyber Partisans work together with the BYPOL group, which consists of former Belarusian police officers working against Lukashenko's government. Their knowledge of database structure helps to plan and execute the Partisans' moves.[8][2]

In July 2021, Cyber Partisans cracked the Ministry of Internal Affairs' most sensitive databases. The group obtained a large volume of material, includes the archive of almost 2 million minutes of secretly recorded phone conversation audio; lists of alleged police informants; personal information about top government officials; and video footage gathered from police drones and detention centers. The group also obtained the databases for passports, all registered motor vehicles, recordings from the cameras in the Okrestina prison's isolation cells, and mortality statistics. The group shared these data with the journalists who calculated the excess mortality during the COVID-19 pandemic in Belarus. They concluded that from March 2020 to March 2021, this figure was 32,000 people, 14.4 times more than the authorities reported.[10][8] The group published passport data of Lukashenko and his sons to prove that they really hacked that database. The authenticity of the data was also demonstrated by data on journalists from Current Time TV, which the Partisans provided to Current Time at the outlet's request to prove the veracity of the leak.[10]

During the 2022 Russian invasion of Ukraine, Cyber Partisans was one of three main Belarusian dissident groups that worked to stymie the Belarusian involvement in the Russian invasion, specifically by targeting railroad supply lines. (The other groups were Belarusian railway workers and defectors from the government's security forces).[1] Cyber Partisans launched the first attack on the railway's systems in late January 2022, in the days immediately before the invasion slowing the movement of Russian troops before they had crossed the border.[1] The group said that it had penetrated the Belarusian Railway's network system the previous month, in December 2021.[6] A spokesperson for Cyber Partisans said that the railway company's system was vulnerable and ran on an outdated Windows XP operating system.[1] The group used a modified form of ransomware to paralyze the railway system, saying that it would return to computer network to normal if the Belarusian government released 50 political prisoners in need of medical treatment and stopped Russian forces from entering Belarus.[1][5] Partisans cracked and encrypted internal databases of the railway.[4] The group targeted freight rail to disrupt Russian military movements and cargo bound for China; the group said that it deliberately avoided affecting passenger rail.[6]

The group also obtained access to a database of all border crossing records. To prove it, one of the group members provided a Guardian journalist "a full list of his travel records to Belarus going back to 2016".[4] Cyber Partisans provided the border entry and exit data to the investigative journalism group Bellingcat.[6]

In February 2023 the group revealed that they cracked into Roscomnadzor, Russian internet censorship agency. The attack disrupted the internal network of the organization. The crackers obtained between 1.2 and 2 Terabytes of data including 1.5 million emails and 200 thousand of internal documents. Cyber Partisans gave the data to journalists, including Mediazona and Süddeutsche Zeitung.[11][12]

In July 2023, the group claimed that they attacked the Belarusian State University (BSU) and got 3 terabytes of data, encrypted and wiped the university's servers. BSU officials denied the fact of attack, though their website was down for several days. The reason of the attack was explained in a tweet:[13]

We started working on this attack 2 months ago after BSU posted a video with a student who was humiliated & forced to apologize. Since 2020 many students were detained and staff let go for political positions

According to Yuliana Shametavets (Russian: Юлиана Шеметовец) on 26 April 2024, Cyberpartisans stated on their website that they had penetrated the Belarus KGB computer network in fall 2023 accessing the files of 8,600 Belarus KGB employees and that, beginning in February 2024, Cyber Partisans had suppressed the Belarus KGB computer network for at least two months and that this "was a response" to the Belarus KGB chief Ivan Tertel because "The KGB is carrying out the largest political repressions in the history of the country and must answer for it" and added that "We work to save the lives of Belarusians, and not to destroy them, like the repressive Belarusian special services do."[14][15][16][17][18][19]

Response from Belarusian authorities

In a speech on state TV in July 2021, head of the Belarusian KGB Ivan Tertel blamed "foreign special services" for cyberattacks on government targets.[2]

In 2021, the Belarusian government (through the Belarusian Supreme Court and Ministry of Internal Affairs) declared the information resources Cyber-Partizans, its subsidiary project Cyber-Leaks, and all their Telegram channels to be an "extremist" group and a terrorist organization.[20][21] Creating or participating in such a group is a crime in Belarus.[22]

Reactions and analysis

Anthropologist Gabriella Coleman, a professor at McGill University and an expert on hacktivism and the Anonymous, commented to Bloomberg: "I don't think there are a lot of parallels to this, that they are so sophisticated and are attacking on multiple levels, it's not something I've seen before except in the movies."[2]

According to associate professor Tetyana Lokot of Dublin City University, who specializes in protest and digital rights issues in Eastern Europe, "If ever Lukashenko ends up facing prosecution in the International Criminal Court, for example, these records are going to be incredibly important."[2]

The group was praised by the Belarusian opposition, including Franak Viačorka, a senior adviser to exiled opposition leader Sviatlana Tsikhanouskaya.[5] Andrei Sannikov, a former Belarusian diplomat and a candidate at the 2010 presidential election in Belarus, in an interview to MIT Technology Review said that "They’re making the regime's crimes transparent. The information they're getting by hacking the state really is very eloquent in witnessing the criminal activities of the regime against the citizens."[3]

The group was the subject of the BBC Radio 4 series Digital Human episode that aired in March 2022.[23]

References

  1. ^ a b c d e Liz Sly, The Belarusian railway workers who helped thwart Russia's attack on Kyiv, Washington Post (April 23, 2022).
  2. ^ a b c d e f g h Gallagher, Ryan (August 24, 2021). "Hackers Release Data Trove From Belarus in Bid to Overthrow Lukashenko Regime". Bloomberg. Archived from the original on 2021-10-31. Retrieved 29 August 2021.
  3. ^ a b c d Howell O'Neill, Patrick (August 26, 2021). "Hackers are trying to topple Belarus's dictator, with help from the inside". MIT Technology Review. Archived from the original on 23 October 2021. Retrieved 29 August 2021.
  4. ^ a b c Andrew Roth (January 25, 2022). "'Cyberpartisans' hack Belarusian railway to disrupt Russian buildup". The Guardian. Archived from the original on April 24, 2022. Retrieved April 24, 2022.
  5. ^ a b c d Ryan Gallagher, 'Cyber Partisans' Say They Hacked Belarus Rail to Disrupt Russian Troops Archived 2022-04-24 at the Wayback Machine, Bloomberg (January 24, 2022).
  6. ^ a b c d e Frank Bajak, Belarus hacktivists target railway in anti-Russia effort Archived 2022-04-24 at the Wayback Machine, Associated Press (January 24, 2022).
  7. ^ How I became the spokesperson for a secretive Belarusian 'hacktivist' group Archived 2022-05-13 at the Wayback Machine, TRT World Magazine (February 10, 2022).
  8. ^ a b c d Корелина, Ольга (August 27, 2021). "Белорусские "Киберпартизаны", кажется, взломали базы данных МВД и уже месяц публикуют компрометирующую силовиков информацию". Meduza. Archived from the original on 18 November 2021. Retrieved 29 August 2021.
  9. ^ "Сайт МВД Беларуси взломали — и добавили Лукашенко в список разыскиваемых". Meduza. September 4, 2020. Archived from the original on 18 November 2021. Retrieved 29 August 2021.
  10. ^ a b Сошников, Андрей (July 20, 2021). "Противостоящие Лукашенко "Киберпартизаны" получили паспортные данные и фото ВСЕХ белорусов. Фактчек Настоящего Времени и интервью с хакерами". Current Time TV. Archived from the original on 1 December 2021. Retrieved 29 August 2021.
  11. ^ "Нейроскомнадзор. Чем пользуется РКН, чтобы следить за интернетом — и кто ему в этом помогает". Медиазона.
  12. ^ "Архитектура российской цензуры: что мы узнали из крупнейшей утечки в истории Роскомнадзора". BBC News Русская служба. February 9, 2023.
  13. ^ "Belarusian hacktivists сlaim to breach country's leading state university". therecord.media. Retrieved 29 August 2023.
  14. ^ Karmanau, Yuras (26 April 2024). "Hackers claim to have infiltrated Belarus' main security service". Associated Press. Archived from the original on 27 April 2024. Retrieved 29 April 2024.
  15. ^ RFE/RL's Belarus Service (26 April 2024). "Hacker Group Claims It Penetrated Belarusian KGB Network". Radio Free Europe. Archived from the original on 29 April 2024. Retrieved 29 April 2024.
  16. ^ Naprys, Ernestas (29 April 2024). "Belarusian KGB allegedly breached, hackers dox over 8600 agents: Cyber Partisans, a Belarusian group of hacktivists, have claimed that they infiltrated the KGB, the state's secret service. They shared data on more than 8600 KGB agents and also started to reveal the alleged KGB informants in other countries". cybernews.com. Archived from the original on 29 April 2024. Retrieved 29 April 2024.
  17. ^ Paranjape, Purva (27 April 2024). "Cyber Partisans Unleash Digital Retaliation Against Belarusian KGB". msn.com. Archived from the original on 29 April 2024. Retrieved 29 April 2024.
  18. ^ Paganini, Pierluigi (29 April 2024). "CYBER-PARTISANS HACKTIVISTS CLAIM TO HAVE BREACHED BELARUS KGB: A Belarusian group of activist group claims to have infiltrated the network of the country's main KGB agency". securityaffairs.com. Archived from the original on 29 April 2024. Retrieved 29 April 2024.
  19. ^ Жупран, Антось (Zhupran, Antos) (28 August 2023). "Как «Киберпартизаны» вытянули милицейские базы и зачем по несколько раз взламывать Академию управления: Представительница «Киберпартизан» Юлиана Шеметовец в выпуске ютуб-канала «Ток» рассказала о том, как активисты выкачали милицейские базы и что в них, а также ответила, какой смысл взламывать сайты «Прессбола» и Академии управления Лукашенко" [How "Cyber Partisans" Pulled Out Police Bases and Why They Hacked the Academy of Management Several Times: Representative of "Cyber Partisans" Yuliana Shemetovets in an episode of the YouTube channel "Tok" spoke about how activists pumped out police bases and what was in them, and also answered what is the point of hacking the sites of "Pressball" and Lukashenko's Academy of Management.]. nashaniva.com (in Russian). Archived from the original on 15 July 2024. Retrieved 15 July 2024.{{cite news}}: CS1 maint: multiple names: authors list (link)
  20. ^ "МВД признало "экстремистским формированием" телеграм‑канал и чат "Кибер‑Партизан"". MediaZona (in Russian). 2021-10-21. Archived from the original on 2022-01-11. Retrieved 2022-01-11.
  21. ^ "Верховный суд признал террористами "Киберпартизан" и еще несколько инициатив". Nasha Niva (in Russian). 2021-11-30. Archived from the original on 2022-01-11. Retrieved 2022-01-11.
  22. ^ "BAJ demands to stop using anti-extremist legislation to restrict freedom of speech". Belarusian Association of Journalists. 17 November 2021. Archived from the original on 22 December 2021. Retrieved 22 December 2021.
  23. ^ "Partisan". BBC. March 14, 2022. Archived from the original on 15 March 2022. Retrieved 15 March 2022.