When the Russian military invaded Ukraine in a blitzkrieg of heavy weapons, pro-Ukrainian hacktivists sought to eliminate www.mil.ru encountered something unexpected: a 418 error in which a server states that it cannot fulfill your request because it is a teapot.
The teapot error is a decades-old April Fool’s Day joke, sometimes repurposed to tell would-be hackers that their efforts were planned and blocked. “It’s almost like giving the middle finger,” Amit Serper, director of security research at Akamai, told BuzzFeed News. Akamai, like its competitor Cloudflare, handles much of the plumbing that supports the internet.
A few days later, the teapot error disappeared, and mil.ru and the websites of major Russian banks such as Gazprombank went dark for most Internet users outside of Russia. The government had geolocated key websites, which meant that those outside the country could not access these sites and therefore could not hack them.
“I guess the Russians have realized that no matter what they try to do to everyone else, the same thing can be done to them,” Serper said. “By geofencing, you prevent someone outside of Russia from hitting all these targets.”
In other words, Russia had expected retaliation for its invasion of Ukraine and had already anticipated the cyberattacks it suspected were coming – and they did.
One day after the start of the invasion, Reuters reported that a prominent Ukrainian entrepreneur was working closely with his government to assemble a phalanx of cybercrime and cyberdefense volunteers. While the attack would conduct spy operations, the defense would secure critical infrastructure such as Ukrainian power plants and water treatment facilities that have been targeted by Russia in the past. So Ukrainian Deputy Prime Minister Mykhailo Fedorov called for volunteers to join a Telegram channel for the IT Army of Ukraine. “There will be tasks for everyone. We continue to fight on the cyber front,” Federov said.
Since then, social media accounts associated with hacker collectives and pro-Ukraine Telegram groups claim groups such as Anonymous have taken some Russian websites and servers offline. Yet Russia’s geofence and Russia’s long history of spreading disinformation have made it difficult to confirm how well these websites were hacked and, if so, how long it took before they were hacked. be restored.
Yet, even if the hackers’ claims are true, security experts are wary of the consequences of crowdsourced attacks.