KEY POINTS

  • Team OneFist hits Russia's Rostelecom repeatedly
  • Attacks disable voice messaging and internet for those using the its digital service
  • 3-day attack timed to disrupt Russian response to Ukraine's Kherson counter-offensive

In what is probably a first, Team OneFist, an international group of volunteer hackers, has struck Russia's telecommunication infrastructure, hobbling the Kremlin's ability to respond to Ukraine's counter-offensive under way in Kherson.

Hacker-activist groups including TeamOneFist have struck inside Russia repeatedly since it invaded Ukraine in February. But this attack on voice and data networks run by Russia's largest digital service provider, Rostelecom, was different in that it was timed to further the military aims of the Ukrainians, save Ukrainian lives, and limit the effectiveness of any response the Russians could marshal against the counter attack. The Kherson counter-attack started Aug. 29.

Dubbed "Operation Sidewinder," after the U.S. military's well-known air-to-air missile, it was a three-day cyber attack that lasted Aug. 29 to Sept. 1. Two other groups, names withheld on request, working for the Ukrainian government worked with Team OneFist in the attack against Rostelecom, the "largest integrated digital services and products provider, operating in all segments of the telecommunications market in Russia."

"Operation Sidewinder was planned to take place when the Ukrainian counter-offensive started, to help provide as much logistical and communication impact against the Orcs that we could create in a short period," Voltage, the founder of the cyber volunteer group, told International Business Times in an exclusive interview. "The goal was to aid in the counter-attack by slowing down the Orc response."

Orcs are demons who feature in the Lord Of The Rings trilogy, and the Ukrainians use the term to refer to the Russian invaders.

Wednesday marked Ukraine's independence day, and six month since Russia invaded

The hackers worked round the clock for three days to brick 800 Rostelecom routers and voice gateways. "Voice Gateways are routers that carry VoIP/Voice traffic, so taking those out literally breaks the phones. They would get fast-busy signals only," Voltage said, explaining the attack's impact.

Rostelecom can of course fix and or buy new routers but that would take a few hours to days. If one router requires about 20 minutes reprogram, it would take 16,000 minutes, or over 266 hours, or 11 days, to get all of them back up and running.

Meanwhile, communication between Kremlin bosses and Russian commanders was disrupted at a crucial time when the Ukrainian counter-offensive was gathering steam.

"Orcs from hundreds of government facilities all across Russia would not be able to make phone calls from their desks nor use the Internet," Voltage said. "They would have had to resort to cell phones to make calls, and none of the work they did online can be shared outside their facility until the routers are repaired," he added, noting that "this would impact the order of supplies, the scheduling of transport for war material and anything else requiring the internet."

As with other such operations, the Russians did resist. On the second day, Rostelecom's cyber security fought back and recovered 45 voice gateways. But Team OneFist "demolished" them again.

This is not the first time Rostelecom was hit although this was Team OneFist's first major operation assigned by the IT Army of Ukraine, Voltage said. On April 15, the volunteer cyber warriors launched Operation Dark Fiber l, and Dark Fiber ll on May 8, both targeting voice gateways and routers.

Team OneFist took down "over 4,000 routers and voice gateways" in those attacks. But While Rostelecom seemed complacent, failing to strengthen the weak spots and vulnerabilities. "They did learn some (lessons), but not completely, Voltage said, adding that "after Dark Fiber I and II, they replaced a lot of the routers we attacked with new models from China."

Team OneFist returned to Rostelecom and made another attack Tuesday and deleted all the data in the company's Storage Area Network (SAN).

Team OneFist's repetitive attack on Rostelecom may have been inspired by Sun Tzu's philosophy not to repeat tactics. "Do not repeat the tactics which have gained you one victory, but let your methods be regulated by the infinite variety of circumstances," the Chinese military general had said. Or Rostelecom just got complacent and sloppy about its security.

Since this is war and "all warfare is based on deception," we will probably never know the truth.

Read more
Ukraine