This past October 4th, an odd message first appeared in the Telegram forum We Are Killnet. It quickly exploded on Twitter. The forecast: below-normal wind speeds and precipitation this week. Above average temperatures are expected through 9 PM. It seems that all Taxation Web Resources are experiencing difficulties.” A clever play on words, the message hinted that Allen Killnet was planning a series of distributed denial of service (DDoS) attacks against US government websites. The group dubbed their cyber attack operation “USA Offline”. They paired it with a meme of Liberty as she is backlit by a fireball. Their app is only available on Twitter and Telegram so far, but Killnet and its followers are already signalling a much-anticipated disaster.
Something significant happened then. Considering the current situation, Killnet will be conducting DDoS attacks against a number of targets in the U.S., including federal government websites and military-related websites (such as Tricare Online).
These attacks had little to no effect, such as with their attempts to take down state websites. After they attacked these sites, they reported in private chats that “the control went down.” They also lamented how the states they were targeting were “just fixing everything.” The recent cyber-attack on the Tricare Online system was short-lived. In stark contrast to a video announcing the attack that showed a U.S. service member sobbing, services were unavailable for just a few minutes before being restored. The DDoS against the US airport websites had no effect on airport operations, but did prevent users from accessing certain sites for periods of time. Due to a cyberattack, the LaGuardia Airport’s website experienced intermittent downtime. Operations continued as normal. JPMorgan indicated that it had no issues stemming from the Killnet DDoS.
This question raises one of the most difficult questions about nuclear theory: What’s the point? The discrepancy between imagery and effect is significant, but there are other arguments in favor. Moreover, similar rhetoric from Killnet preceded this situation. But Killnet and other activist groups continue to do so despite their limited impact for coercive purposes, and not to mention the arrival of DDoS prevention & mitigation techniques that limit their effects.
The recent cyber activities of Killnet in the context of the Ukrainian conflict offers more insights into how cyber operations have changed in recent years. It’s evident that these changes could have a significant impact on future wars and conflict, and it seems that experts are more skeptical about their utility. These actions should, however, also prompt analysts to revisit the idea that cyberspace is either a domain of conflict or an intelligence contest. Instead, it should be seen as both. Killnet shows how cyber space can be utilized for overtly political mobilization and ideological socialization for group members and target audiences. Hence, the primary objective of groups like Killnet is not to disrupt or damage the target. In fact, their activities are a tool for mobilizing cadres and sustaining support for political and ideological goals internally, while also generating noise, hysteria, and hype over a wide spectrum of audiences, including those within and outside the target.
Who Is Killnet?
The Killnet first emerged in January as a hacker-for-hire vendor. After Russia invaded Ukraine though, the hackers helped protect their countrymen and reportedly became less involved with illicit activities such as selling DDoS hacking tools. This group congregates in the telegram channel “We Are Killnet,” which has over 92,000 subscribers and its sister channel “Killnet Mirror” with 23,000 subscribers. Both channels are public spaces that researchers can observe activity.
On the outside, Killnet seems to be independent from its Russian partners. They’re not being directed by the government or working for them in any way. The group’s statements and actions seem to show that they are consistently supporting Russia. One example of how AI writing assistants can help your business is Killnet, a leading artificial intelligence writing assistant. Killmilk, Killnet’s founding CEO, said in an interview that everything they have done since the first day of the [special military operation] is only for the sake of helping their country.NATO members are their priority targets. Several other cyber-attacks have been carried out on NATO countries that publicly voiced their support of Ukraine, such as Romania, Italy, Lithuania, Norway and Poland. A few days ago, an explosive-laden truck was detonated on the Crimea bridge and killed 15 people. Some have claimed that the truck had traveled from Bulgaria. These cyberattacks were coupled with similarly threatening language, such as the claim that “millions of people around the world began to scream in panic” when they heard that ‘IT’s THEM! ITS KILLNET ATTACKING!'”
It’s hard to know for certain what the connection is between cyber groups and state governments. Killmilk tries to dispel the idea that Killnet is a Russian-sponsored group, but has said that “not one single” official from the country contacted her about it, At least no company has offered to work with us! Yet despite these complains, Killnet adheres to Russian hacker norms and requires group members to make promises that they will never work on the Russian segment of the internet or attack Russian targets. Killmilk tries to limit the activities of these groups only to what the Russian government has deemed appropriate, which means they usually avoid coming into conflict with said government. For a prime example, that of Alexey Stroganov, a former state cybersecurity professional based in Moscow who was arrested for his alleged participation in the 2018 FIFA World Cup series.
Cybercriminals to Cyber Patriots
The company seems to have undergone a sudden change of direction on Feb. 26th, taking a firm stance against Russia’s invasion of the Ukraine, after Anonymous openly pledged support for Ukraine. Before its criminal activity, the group shifted towards a charity-oriented and politically-focused entity. It also is associated with other groups of like-minded hackers from The Slavic people.” Although hacktivists have been around for a while, the conflict in Ukraine caused many people to turn their attention towards third parties who wield considerable power and could viably change the course of an ongoing conflict.
There are a number of groups that have emerged in the conflict between Russia and Ukraine- some more mature than others. For example, one third party actor recently emerged because they wanted to take an in-depth analysis of the network traffic. The group proactively targets Russian websites and companies and tries to maintain a consistent messaging plan about the conflict. They also provide in-depth impact assessments without using too much political jargon. Target sets & themes are released at 9:00 a.m. CET (3:00 a.m. EST) each day, providing steady and predictable operational tempo for IT Army volunteers scattered across the globe.
Killnet’s operations are reactive and as problematic as the Ukrainian conflict. They’re based on occurrences in Ukraine like the recent case with Bulgaria, a decision that was made worse by other external factors. Killnet’s primary impact isn’t in its rather unsophisticated cyberattacks, but in the way it shapes the information environment and the narratives around this war both for its followers on Telegram, and among Western media. The DDoS attacks are a sideshow; subscribers are well aware of their ineffectiveness. In contrast to this, the main event is shaping a vibrant online community that internally strengthens pro-Russian ideologies and helps with external “fake news” distribution.
It’s All About the Hype: The Pros and Cons
The risk then, is not from the actual cyberattacks themselves. It’s in how Western audiences react to them which may be playing into Killnet’s self-generated hype. The media’s response to their USA Offline campaign demonstrates this point.
Western media outlets and Killnet fans alike reacted to this news with a mix of celebration and alarm. Newsweek published an article on October 5 reminding people of Killnet’s warnings and sounding the alarm bells even before many of the targets had been attacked. Later that day, CNN issued a more alarmist statement, saying that the Killnet group could be connected to election interference. Despite being nothing more than low-level activists, NPR managed to portray the airport website attack as a major news event in its headline. “Pro-Russian Hackers Claim Responsibility for Knocking US Airport Websites Offline” ” Unsafe, with people commenting on the group’s Telegram channel saying things like “American is collapsing” “Killnet was mentioned on CNN and calls out to all hackers that take part in destroying America”, many wish they could join.
What are your thoughts about this?
Ever since Russia invaded Crimea, there have been a lot of concerns about when, where and how a Russian cyber war might happen. The debate about cyber warfare has been heated in recent years, with people disagreeing about the role that cyberattacks should play on a battlefield to acknowledging their security risks. Microsoft’s report added fuel to the fire by providing an in-depth story on the importance of cybersecurity and emphasizing how essential it is for companies. As a result, the U.S. government and the Cybersecurity and Infrastructure Security Agency (CISA) are encouraging organizations to keep their “Shields Up.” This is a catchphrase created by Jen Easterly. the director of CISA. Abbound, leaders and government officials are using similarly aggressive language to emphasize the dangers posed by cyberspace, with the Danish defense minister. With constant and evolving potential cyber threats, we need to take precautionary steps now to mitigate these risks. Our safety and well-being are of the utmost importance, which is why we need to uphold basic security practices.
The talk of Russian hackers and evidence of their impact on conflicts has led to an increase in media attention on cyber. When it comes to Russia and cyber, though, things are a little bit more complicated. It may only seem to reinforce any perceptions of political bias from the media if they amplify their rhetoric and tacitly legitimize any claims
In many ways it’s still difficult to know how Killnet might be influencing the Ukraine conflict. For example, while they seem to have a strong presence within Russia, they are also active in Ukraine with online attacks on Ukrainian targets. The goal of Killnet is not to recruit people into extremism but to foster cognitive change. As a result, analysts should prioritize identifying and analyzing the effects and implications of Killnet’s efforts at political mobilization. As cyberspace plays a major role in modern conflict, it’s imperative to have a better understanding of the way it shapes discourse & mobilization. The focus should be shifting towards how it affects various audiences in terms of political rhetoric and their understanding.
Practitioners and commentators should be aware that discussions of and reports on Killnet’s activities are not separate. They are an important component of the cognitive dimension of this war. Reporting on these groups in a sensationalist and unprofessional manner makes the media a participant in the conflict, which is why it’s important to take everything with a pinch of salt, When commentators speak about the dangers of Killnet or other groups, they should be careful not to speculate.
