Ukraine cyber-conflict: Hacking gangs vow to de-escalate

By Joe TidyCyber correspondent

BBC A member of the Squad 303/Anonymous hacker group

BBC

A member of the Squad 303/Anonymous hacker group attacking Russia

The two largest hacktivist groups in the Ukraine conflict have vowed to de-escalate cyber-attacks and comply with new rules of engagement published by a war watchdog.

On Wednesday, the International Committee of the Red Cross (ICRC) issued the first list of rules for civilian hackers ever created.

Dubbed a "Geneva Code of cyber-war", it was initially criticised as unworkable.

But now Ukrainian and Russian hackers say they will comply with the rules.

Since the invasion of Ukraine there has been a steady stream of disruptive cyber-attacks against public services in both Ukraine and Russia with varying degrees of impact.

Hacktivist groups have been using largely unsophisticated forms of cyber-attack, but successfully temporarily disrupted banks, companies, pharmacies, hospitals, railway networks and civilian government services for Ukrainian and Russian citizens.

With few soft targets in government or military, hacktivists on both sides have revelled in causing friction for ordinary people to further their causes, often collecting angry social media posts from those affected by their attacks.

By vowing to comply with the ICRC rules, hacker groups will avoid cyber-attacks that affect civilians.

Speaking to the BBC, the leader of the infamous pro-Russian hacking group Killnet said he "agrees to the terms and rules of the Red Cross, let this be the first step from Killnet to peace".

Killmilk, as he is known, started the Telegram group for Killnet shortly after his country invaded, and now has 90,000 followers.

Killmilk has posted videos of himself urinating on the flags of Ukraine and Nato, and the group was highlighted as a persistent source of low-level disruptive attacks on Ukrainian targets.

Killmilk of Russian hacktivist gang Killnet

Killnet's leader, Killmilk, says he "agrees to the terms and rules of the Red Cross"

The group has been accused of having close links to the Kremlin, but has always denied this.

In April, the UK's National Cyber Security Centre highlighted groups like Killnet as a new threat facing Ukraine allies, warning UK businesses that attacks from them on are on rise.

If Killnet keeps to its word, then cyber-attacks on civilian targets, including those of Ukraine's allies, will stop.

The IT Army of Ukraine also said it would be following the ICRC's eight rules.

The group, which has 160,000 members on its Telegram channel, also targets public services such as railway systems and banks.

Its spokesman told BBC News that the group will "make best efforts to follow the rules", even though it may place them at a disadvantage to their adversaries. The spokesman added that attacks on healthcare targets have been a long-standing red line already.

The news means that there will likely be a major reduction in the number of cyber attacks as groups restrict their activities to official or military targets.

But other hacktivist groups working for other patriotic or ethical causes in the world told the BBC they would not be following the rules at all.

The ICRC issued the eight rules of engagement in an attempt to end the free-for-all that has accelerated during the Ukraine cyber-conflict, warning that unprecedented numbers of people are joining patriotic cyber-gangs.