Group launched cyberattacks to try to keep Russian troops out of Belarus
LEILA FADEL, HOST:
The U.S. government has warned that Russia could use cyberattacks as a weapon of war and hit at U.S. businesses. But in Belarus, which borders Russia, a hacking group has used cyberattacks of its own to try to prevent Russian troops from entering Belarus. NPR's cybersecurity correspondent Jenna McLaughlin has been following the story. Welcome, Jenna.
JENNA MCLAUGHLIN, BYLINE: Hi, Leila.
FADEL: So this group calls its members hacktivists. Who are they?
MCLAUGHLIN: So this group is calling themselves the Cyber Partisans, and they claim to have hacked into state-owned Belarusian railways. They're holding data hostage. There's still no confirmation from authorities that that's the case, but there's a couple signs that suggest it's true. The railway posted an update last week saying that online ticket sales were temporarily disrupted, and the hacking group posted screenshots of internal documents on Twitter and messaging platform Telegram that experts told me look legitimate. There's been some reporting that payroll and other things are being done manually. And a spokesperson for the group, who emailed with, said they believe some of the train schedules were impacted, though there's no evidence of disruption in troop movements.
FADEL: Do we know what they want?
MCLAUGHLIN: Yeah, so in this case, the hackers are demanding two fairly unrealistic things. First, they want the release of 50 political prisoners, the ones in most need of medical attention. Currently, there are around a thousand political prisoners in Belarus following the contested presidential election in 2020, where Alexander Lukashenko seized power, leading to widespread bloody protests. Second, they also want to delay the movement of Russian troops and cargo into Belarus. The activists say they don't want their country used as a staging ground for the Ukraine invasion. I should point out that even though the hackers say they don't want to harm civilians, some normal people weren't able to buy tickets online for the train, and that was an unintended consequence.
FADEL: So this isn't about money, and that's really different from a lot of these ransom-style cyberattacks we've seen, right?
MCLAUGHLIN: Yeah, absolutely, though we have seen the model of ransomware where cyberattackers break in, encrypt files and demand payment getting picked up by other groups for other purposes in recent months, including nation-states like Iran and Russia, who want to wreak havoc for political purposes and use ransomware as a cover. If this is truly a grassroots activist effort to use ransomware for political goals, experts are saying it's the first time they've seen it. I spoke to Allan Liska, who studies ransomware for threat intelligence company Recorded Future. Here's how he put it.
ALLAN LISKA: There's been a growing ecosystem of different methods of extortion, but it's almost always come down to money. This is the first time we've seen this from, again, a political perspective - we want these prisoners released.
MCLAUGHLIN: Of course, a lot of so-called hacktivist operations have later turned out to be state sponsored, so we may find out more.
FADEL: So it seems this was a political act, based on your reporting. Did it make a difference to the Russians' effort to get into Belarus and closer to Ukraine?
MCLAUGHLIN: Not really. To be clear, this act of hacktivism so far hasn't had a huge impact. It's not going to stop the Russians, no matter what they choose to do. But this kind of political use of ransomware might inspire others. This is just another example of the evolving nature of geopolitical conflict. Cyber is always going to be involved going forward, and that gives just even more incentive for governments and companies to protect sensitive information and critical infrastructure.
FADEL: NPR's cybersecurity correspondent Jenna McLaughlin. Thank you.
MCLAUGHLIN: Thanks. Transcript provided by NPR, Copyright NPR.