Ukraine: the teacher turned hacker

Why did you decide to join the fight and become a cyber combatant?

Trokhym Babych: The first day of the war was a total shock. I didn’t know what to do or where to go. Some of my friends left Kyiv but I decided to stay. In the shelter, we kept thinking that maybe a missile would hit us or maybe our anti-aircraft system would shoot down the incoming rocket. But even if the anti-aircraft system destroys the missile, pieces of rocket or missile can still kill you.

It’s terrifying because it’s impossible to find a totally safe place where you feel comfortable and safe at the same time. On the second or third day, when I finally left the shelter, I was able to breathe and take a minute to think about what to do next. That was the moment I decided I couldn’t ignore the situation we were in and that I had to help my country and our people in any way I could.

You see yourself as a hacker and a hacktivist. What does that mean to you?

Trokhym Babych: For me, a hacker is not just someone who hacks into sites, systems and so on. I see hackers as a kind of researcher. I’m a hacktivist trying to help everyone. The way I understand the term hacker is that hackers should be working for others and not for themselves. Of course there are those who are only interested in making money, like the black hats.

What are you doing to help your country?

Trokhym Babych: I help with security and defence in the field of cybersecurity. I’m also currently working on a computer program that will focus on analysing vulnerabilities in information systems. In this war, the general principles of cybersecurity are not enough to ensure Ukraine’s security. Russia is exploiting every opportunity to cause damage to my country. And that means that in terms of cyberwarfare, Russia is trying all sorts of things. Our response is to create a training programme to train specialists to detect vulnerabilities before the Russians can exploit them.

However, I can’t really go into any more detail about what I do, because hacktivism and things like that are still illegal, as you know. Even international law offers no clear guidelines for situations like this. What I mean is that, if we were to launch an official cyberattack on Russia, it would be considered a crime.

President Zelenskyy wants to introduce a law that would legalise the actions of the IT Army and cybersquads against Russia. What are your thoughts on this?

Trokhym Babych: I think this is a great idea because, before the full-scale invasion, Russia was causing us many problems. Since 2014, the Russians have launched numerous attacks against our banking system and our infrastructure, particularly our energy infrastructure. And while we can’t respond on the battlefield, we can respond in cyberspace.

For now, even though everyone knows that Ukrainians are launching cyberattacks against Russia, it is best not to talk about this as they remain illegal in the eyes of the law. We can’t talk about it because there are many groups of hackers attacking Russia and some of its allies. The Kremlin is colluding with Iran. Tehran is supplying Russia with “Shahed” suicide drones and the Russians are bombing us with them.

Our groups of cyber combatants are also targeting Iran because it too poses a threat to our country. But in general, the IT Army focuses on targets that are not civilian. They attack military targets. While in conventional warfare you can clearly see where you will be firing, in cyberwarfare you can shoot at one target and hit others by ricochet.

What are the motives of the pro-Ukrainian hacker groups?

They are mainly political groups that are not affiliated to the government. Some of their members may work for the government, but we’re not sure. There are nationalists, anarchists and in general their ideology is very simple. When you’re sitting in a shelter waiting for the bombs to drop, it’s pretty scary and you want to do something.

These independent hacker groups are now allies of the Ukrainian government and by extension of its supporters, in particular the United States and the European Union. Once the war is over, do you think they’ll once again be regarded as criminals by Western states?

It’s a very interesting question because Ukraine is moving closer to NATO. I hope we become a member of NATO as I think it would be a strong indicator of our future security. We have also moved closer to the European Union. It’s difficult to know how cyber combatants will be perceived by Western states after the war.

If someone later uncovers what they did during the war, it could cause them serious problems. If Russia continues to exist as a state in the same way it does today and retains significant political and economic weight in the world, there is a good chance that hackers will still be labelled criminals. So for the time being, it’s safe to say that hackers and Western states are only temporary allies.

Can you tell me about the cyber capabilities the Russians have today? Are they continuing to engage in cyber combat? Are they still launching large-scale attacks?

Trokhym Babych: Russia is launching social engineering attacks using malicious software. The Russians are good at this and must still be using this technique, given the messages coming out of the official government department responsible for cybersecurity about phishing and generative adversarial network (GAN) attacks. However, they can also get around detection systems. They can create malicious software that escapes detection by machine learning-based systems. The Russians are still going down this road, but I hope that we’ll beat them in cyberwarfare, just as we’ll beat them on the physical battlefield.