Image: the Cyber Berkut's namesake, by Matt MacGillivray
On the eve of a crucial vote over Crimea’s would-be succession from the Ukraine, a group of purported pro-Russian Ukrainians launched three successful denial-of-service attacks against NATO websites.
The hackers, calling themselves Cyber Berkut, posted a message for NATO in Russian: “Get away from the Ukrainian land!” The hackers successfully rendered inoperable NATO’s main website, as well as the Paramilitary Assembly and the Estonia-based Cooperative Cyber Defense Center of Excellence. The attack was confirmed by a NATO spokesperson, who denied that the action has affected “the integrity of NATO’s systems.” At the moment, the damage mainly appears cosmetic.
Sunday’s succession referendum in Crimea, declared illegal by most every nation save for Russia, very well may be the catalyst to war, Ukrainian officials have warned. And there are reports that Russian troops have already crossed the Crimean border into nearby Kherson, which is strategically valuable to securing the Crimean peninsula—ramping up tensions even further.
Image: Cyber Berkut
The name Cyber Berkut, which translates from Ukrainian literally to “cyber golden eagle,” is a historical reference to special police forces set up during the Soviet era—then called OMON, and later changed to Berkut when the Ukrainian government took control in 1992—that was supposed to be responsible for high-risk police operations, such as organized crime and hostage situations. The Berkut, much like its Soviet predecessor, has a lengthy history of violence and intimidation on behalf of whoever controls Ukraine.
Ultimately, the violence associated with the group during the Euromaidan protests—the Berkut has been blamed for a large number of protestor deaths—resulted in its disbanding on Feb. 25, at the behest of the (new) Ukrainian government. Since, there have been reports of Russian passports being handed out to former Berkut officers.
The hacker group appears to have formed shortly after Feb. 25, when the Ukrainian government was turned over to its pro-Western replacement, and Berkut announced its first, somewhat lengthy list of website takedowns on March 3. While the group has not claimed to be run by former Berkut forces, there have been a steady stream of hacks coupled with politically motivated messages. The hackers claim to be Ukrainian with an pro-Russian, anti-Western political agenda. For example, in one of its earlier postings the group demanded the immediate release of a pro-Russian activist Pavel Gubarev, who was arrested several weeks ago. Cyber Berkut called NATO’s presence in Ukraine an “occupation” and demanded NATO officials “go home” and recommended that they change the passwords on their computers.
Hacks and other attacks on Ukrainian infrastructure—such as the communications centers seized in Crimea—have been an ongoing feature of the conflict in the region. Media outlets are frequent targets of both denial-of-service attacks and website defacement. But thus far the hacks have not reached the crippling level seen in Estonia in 2007 or Georgia in 2008. Propaganda too has played a role in Russia’s apparent “battlefield intelligence plus net-centric warfare” strategy. So, it’s worth looking at any messages Cyber Berkut puts out with a critical eye. After all, they may merely be Russian cyber-agent provocateurs.