On Monday, January 24th, a group of hackers claimed to have launched a successful ransomware attack against Belarusian Railways, the state-run national train system of Belarus. In their posted screenshots, the group appears to have gotten access to the backend systems of the railway and has claimed to have encrypted the system with malware[1]. One of their initial statements can be seen in the screenshot below:
Who are they?
Known as the “Belarusian Cyber-Partisans”, they are a group of politically minded, cyber-activists out of Belarus[2]. The group staunchly opposes the Belarusian president and dictator, Alexander Lukashenko, who won office after reportedly rigging the election in 2020. The Cyber-Partisans have launched several successful hacks against the government, since their first appearance after a number of anti-Lukashenko protests during that time[3].
What do they want?
The decryption keys to return the train network to normal, according to the Cyber-Partisans, will only be provided if the Belarus government meets a list of demands[1]. The group has called for the release of 50 political prisoners in need of medical care, who were detained along with over 900 others during the country’s protests against the president[3]. In addition, they want a commitment that Belarusian Railways will not transport Russian troops, preventing their presence in the country[1].
Why?
Belarus is a country in eastern Europe, that borders both Ukraine and Russia. One main factor in the protests that arose after the election of Lukashenko was opposition to plans of greater economic and political integration of Russia and Belarus into a “union state”[3].
Meanwhile, tensions between Russia and Ukraine have only been intensifying over the last month as Russia has amassed thousands of troops near their shared border. If Russia is able to attack from both Russia and Belarus, Ukrainian forces would be forced to spread thin across both borders[2].
The attack by the Cyber-Partisans appears to be a bid at disrupting Russian troop movements and attempting to halt the buildup of Russian troops and military weaponry in Belarus[2].
“We don’t want Russian soldiers in Belarus since it compromises the sovereignty of the country and puts it in danger of occupation. It also pulls Belarus into a war with Ukraine. And probably Belarusian soldiers would have to participate in it and die for this meaningless war.”[3]
– A member of the Cyber-Partisans, told the Guardian
What does this mean for cybersecurity?
According to Brett Carlow, a ransomware-focused researcher at security firm Emsisoft, the Cyber-Partisans’ method of using reversible encryption rather than merely wiping targeted machines would represent a new evolution in hacktivist tactics. Going on to say “This is the first time I can recall non-state actors having deployed ransomware purely for political objectives.”[1]
Cybersecurity experts have said that it is too early to know whether this attack will be fully successful or not, however, this attack does mark a possible new evolution for both cyber-activism and cyber-terrorism. Juan Andres Guerrero-Saade, a researcher at security firm SentinelOne, says that this tactic could soon bleed out to other groups who see the power of ransomware to achieve political coercion, for good and for ill.[1]
“The looming horror of ransomware is precisely just how many systems are out there about whose criticality we don’t understand until they’re unavailable. So, if this is a continued tactic of theirs, I think we’ll definitely see a ratcheting up of the pressure on both sides.”[1]
– Juan Andres Guerrero-Saade
Sources:
- Greenberg, Andy. “Why the Belarus Railways Hack Marks a First for Ransomware.” Wired, Conde Nast, 25 Jan. 2022, https://www.wired.com/story/belarus-railways-ransomware-hack-cyber-partisans/.
- Muncaster, Phil. “Belarus Activists Fire Ransomware at State Railway.” Infosecurity Magazine, 25 Jan. 2022, https://www.infosecurity-magazine.com/news/belarus-activists-fire-ransomware/.
- Roth, Andrew. “’Cyberpartisans’ Hack Belarusian Railway to Disrupt Russian Buildup.” The Guardian, Guardian News and Media, 25 Jan. 2022, https://www.theguardian.com/world/2022/jan/25/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup.
- Pietsch, Bryan. “Hacking Group Claims Control of Belarusian Railroads in Move to ‘Disrupt’ Russian Troops Heading near Ukraine.” The Washington Post, WP Company, 25 Jan. 2022, https://www.washingtonpost.com/world/2022/01/25/belarus-railway-hacktivist-russia-ukraine-cyberattack/.
It is undoubtedly an important piece of writing–providing a lot of information. It is interesting to see that cyber activism is not necessarily the only craze anymore but there is the opposite part appearing at times: Cyber terrorism. This report also should concerns the government of the least to moderate developed countries who are just trying to coping up with technology, to make appropriate measures even before this sort of terrorism takes place. The political aspect, in cyber terrorism, and consequences is another phenomena to take into serious considerations.
It is indeed a very intriguing article. It is interesting to see how politically powered people try to use the computer security systems according to their conventions. Overall, good job on the blog! It was a mind-opener.
This post has shown different side to hacking which isn’t necessarily all bad. We live in a very digital world, everything is run on or by computers, attacks of this sort can really put a stop to day to day activities for everyone. Normally a breach of systems in this way would be considered a bad thing, but in the context “Belarusian Cyber-Partisans” I would have to say I agree with what they are doing. Activism is a very important right, oppression should not be allowed. In this particularly case where physical activism would lead to physical harm this is a very smart way of keeping yourself safe, protecting others through the demands and getting their voice/point across. The threat of war is getting more serious by the day with new updates from different countries and the military power they’ll be sending. What this group is doing would not only benefit the country they live in but those all across the world as it could play in a role of deterrence towards Russia. Although I agree with this group I don’t believe it would go the same for every case, for example if the demands were not in the voice of activism. This was an amazing different perspective to breach of security and information. Really good work!
Very well-written blog, I enjoyed the read! Cyber-activism is a new concept for me, I tend to think of cyber-attacks as stemming from malicious intent.
I would like some further clarification on the impact of the reversible encryption tactic that was used. Does reversible encryption mean that the compromised systems can be restored? It is my understanding that any cyberattack that demands a ransom would need to use a reversible tactic, otherwise there would be no motivation to pay the ransom.
I only thought of hacking as means of illegally obtaining information or control for self benefit, However, here I am seeing that this act of cyber-activism is to purely standout against the unfairness ( from their belief) in the government. The group did not ask for money, nor did they want any confidential information. I am still not sure if this type of hacking is legal, but it is interesting to see you can hack into systems to stand out against problems in the nation.
Great work ! i really enjoyed reading your blog , and it was to my attention that hacking is not necessarily bad, since in this case , it was to protest against tyranny and injustice . In overall , great post !
This is an incredibly interesting blog post, and goes against the inherent negative nature of ransomware attacks that I discussed in my blog post. Using ransomware to force to governments to release political prisoners is almost on the entire opposite end of morality as using ransomware to shut down a hospital until they are paid a ransom. This political attack shows the potential for direct action against tyrannical governments. However, we must also weigh the negative costs of these attacks. Shutting down the trains may affect many poor and working people in Belarus, so if there is a better way that affects only the people in power, that would be a preferred method of attack.
Wow I had no clue that cyber-activism was a thing! I would have never thought that a group would come together, hack the government and employ ransomware in order to see change. Personally, I do not necessarily see this to be a bad thing because it allows peoples’ voices to be heard and hopefully make the government meet the demands without people physically protesting and becoming political prisoners, etc. Although I believe this certain instance of cyber-activism is a smart way to get a point across, I do not think that everyone capable to do this will be as nice and this example could lead to more malicious attacks!
I think this article is fascinating especially with the constant growing tensions in Ukraine. I’ve mostly only thought about cyber terrorism instead of cyber activism which seems to be the case here. This also shows how powerful cyber attacks can be for various things even in a large scale setting such as war and troop movements here. It also highlights the important need for increased security for everyone yet alone us with all the advancements in technology or we could be on the end of suffering from cyber attacks.
While the Cyber-Partisans seem to be doing this for a good cause, it is scary to think that a supposedly small group of people can cripple a country’s essential infrastructure. As more processes become automated and depend on technology, unless security is top-notch, people can sabotage essential services that provide millions with utility. Before the internet, terrorists would have to bomb the railway to cripple it. Now, cyberterrorists compromise digital infrastructure. Whether it is for justice or not, hacktivism elevates the notion that perhaps some processes should remain offline if it is to remain secure and functional 24/7, especially if lives depend on it and the use of the internet is not critical to the function of the system.
This is a pretty fascinating blog, and I thoroughly loved reading it. I had never heard of the phrase “cyber activism” before the hacktivist organization Anonymous re-emerged in 2020, and I had no idea how it worked. Cyber activism is not always done for a negative reason. It should not be confused with cyber terrorism. What the cyber partisans are doing is for the protection of their people, their nation, and to avert conflict by raising their voices and making the world aware of what is actually going on.
It’s interesting to see how Cyber-activist would go in order to obtain certain goals during their operations. In this day and age, as the world becomes more digitized, hacker groups will inevitably appear. This article shows the extent of this cyber attacks and what hackers can do to not only companies but even governments. While many may see these activist as cyberterrorism, sometimes it may be true but other times I may be an attempt to revealing an underlying problem within the system. In this case, the activist are calling demands for the release of politicians and the prevention of Russian military mobilization with the country. This could indicate to outsiders that there is a form of social unrest and struggle within the nation at that a potential form of corruption may be present.
That’s a very informative article to read! It is surprising to see how cyberterrorists cause problems on the internet’s infrastructure, even to that extent. This shows also how cyber-attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.Overall, great post!
Great article and very informative about the main cyber security issue, as well as great background info on turmoil that is currently happening in eastern Europe. This touches on the ‘hacktivist’ topic that was covered in the Technology Ethics class I took previous semester. It’s interesting that they took the strategy of ‘using reversible encryption rather than merely wiping targeted machines’, as I can see how this could be an attempt to be seen in a ‘better light’ if they were to hold true to their principles, actually go through with their promises (of releasing data), as well as leaving out any request for financial compensation, and simply stick to their political motivations. As we see these attacks happen more and more, with higher and higher stakes and consequences around the world, I sometimes worry that the people in power and control of these highly sensitive areas of our society do not have the knowledge or proper allocation of resources to combat future attacks, in which reminds me of a old quote:
“We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.” – Carl Sagan
This is a very good post. Cyber terrorism is indeed a very serious topic right now. But we also need to consider for these hackers if these acts are the only way they can go to the government to face up to their requests. For most people, politics is a very distant place. It is extremely difficult to get the government to acknowledge or accept the needs of the people. These hacks are not right because they affect the daily lives of others, but they are not about extorting money. In these ways, their intentions are good, but their actions are not correct.
With this signaling a potential move away from other methods of protest and towards cybersecurity threats, do you think that this is a positive development? Prima facie it’s probably better to hack into infrastructure than to blow up a train or something, but this kind of access could still very easily lead to death or injury, depending on who is behind it. So is this a positive way for things to go, in your opinion?