Where have cyber partisans gone?
The "Blue" left, the "red" remained / Facebook
In August 2020, two groups of Belarusian hackers - "blue" and "red" - announced their existence. After a while, the "blue" ones vanished. Euroradio spoke with representatives of the "red" cyber partisans, who also run the telegram channel "Cyber Slivy." They told us about their moral principles, how they choose their "victims" and why they still haven't hacked the banking system - even though they were going to.
What happened between the "blues" and the "reds"
Cyberpartisans: We are called "reds," sometimes "whites." "The blues" have disappeared - their admin freaked out and deleted his channel in October. We tried to cooperate with them, but their admin's main goal was to launch a cryptocurrency. We didn't get along. He often wrote about our hacks/attacks, passing them off as his. Well ok, it bothered us a little, but by and large, we didn't care. But when he started promising to turn off the banking system and the tax system and stuff - and then he didn't do it, we were very indignant, because then our group was criticized for that. So when he announced the launch of the cryptocurrency, we thought we should let everyone know that our group had nothing to do with it.
It is important to clarify that even though the admin of the "blues" vanished, many of them have joined us or are cooperating with us.
Euroradio: Everyone has the right to privacy of correspondence. And you're violating it with your leaks.
Cyberpartisans: We believe that currently this right is not guaranteed in Belarus - there is constant wiretapping of conversations/correspondence [by security forces - Euroradio].
Euroradio: You published, for example, the correspondence of Interior Ministry press secretary Volha Chamadanava. But she's not a riot police fighter, she didn't detain people.
Cyberpartisans: She is an accomplice in the usurpation of power, with the help of her propaganda many employees of the Interior Ministry and some citizens are misinformed. Innocent people are being detained, jailed, repressed.
Euroradio: Why haven't you been declared an extremist channel so far?
Cyberpartisans: That's a good question. I think they don't want to PR us. Being declared extremist legitimizes the channel in people's eyes.
What's up with the banks?
Euroradio: The "blues" have threatened to break the banking system, but you haven't made such high-profile statements. Why not?
Cyberpartisans: We haven't given up on it, it's just that these kinds of hacks take a very long time. And announcing them in advance makes no sense, it would allow getting protected from them.
Euroradio: It feels like the activity of "cyber partisans" has faded away.
Cyberpartisans: Here is by no means a complete list of the projects that have already been carried out: changing the broadcast of BT+ONT; hacking and encrypting of databases, documents, and backups of the Administration Academy; providing information security during protests; providing communications during protests; hacking internal databases and mass disclosure of personal data of riot police, IC; hacking and damaging the network and databases of the Enforcement Division; hacking of state websites; hacking of the database of the Presidential Administration; hacking of the Academy of the Interior Ministry; hacking of the emails belonging to law enforcement, the Interior Ministry, Eismant, the Chamadanaus, Baskau, judges, BT, trade unions. This is far from all, but only a fraction of what we are willing to make public at this point. There are other attacks that we can't disclose yet to maintain access and source security.
Filtering targets
Euroradio: What criteria do you use to select your targets?
Cyberpartisans: We attack officials/punishers/regime supporters-- anyone we can. Usually [channel recognized as extremist] and [channel recognized as extremist] do a good filtering of "targets". We consult with the banned channel of former siloviki, as well as with the most mass extremist channel. We have a connection with almost all channels, with some organizations there the connection is unofficial.
We believe that the names of government employees should be made public. They work for the people -- the people have a right to know who they are. In a country where laws are enforced, they have nothing to fear if they don't commit crimes. As for the EMERCOM, for example, they are involved in repression. If the people don't think they are guilty of anything, then making their data public doesn't do them any harm. So why are they all so worried?
Euroradio: How do you assess the damage your actions have done?
Cyberpartisans: The security forces open criminal cases, conduct investigations, waste resources. Sometimes there is a reaction in social feeds and personal messages, where "victims" are criticized by their acquaintances. People from lists also sometimes write to us, asking us to delete them, afraid they will be judged or worse. We have often removed [people from lists]if there was doubt or if it was clear that the employee had quit and had not committed a serious crime.
So far we haven't encountered any serious obstacles
Euroradio: You have also published quite a bit about judges. Why are they receiving so much attention?
Cyberpartisans: We noticed that most people in Belarus still believe that there is an opportunity to do something in the legal field. We decided to show people that the laws and the courts do not work. Or rather, they do work, but not in favor of the people. Everyone should know about it.
Euroradio: After the hacking of judges' accounts, you were engaged in a dialogue on behalf of judges. Did the people who communicated with you not recognize the trick?
Cyberpartisans: Often they don't recognize it. And sometimes even after they realize it's us, a dialogue develops. We'll be posting two such cases soon. Usually, they're trying to protect the person we attacked, they start blaming us, trying to de-anonymize us. Leaks won't kill the regime, but they do put psychological pressure.
Euroradio: Are the authorities resisting your attacks?
Cyberpartisans: Yes, there was a case where we hacked the internal network. They noticed us and tried to kick us out for a long time. Eventually, they succeeded. We also know that the security services are now trying to plug holes in the state networks. But they have a terrible lack of staff in the field of information security. They usually don't notice us until the very end.
Euroradio: Have any of "your people" already been identified by the security services?
Cyberpartisans: No.
Euroradio: Any idea how the siloviki tracked down the administrators of the protest chats?
Cyberpartisans: It was done through acquaintances, by accident, due to admins' carelessness. We haven't studied every case of detention, so it's hard to say. By following the basic principles of information security, you can significantly reduce the likelihood of getting de-anonymized. We seem to have been pretty good at it for 9 months now.
For example, you should go online only through a VPN, register Telegram to a fake virtual number or a fake SIM card outside the Belarus/Russian Federation, enable two-step authentication. At online services in Belarus and Russia, you should write only about cats and the weather, and so on. For channel admins, there are several more measures worth considering. We are working on an article on this topic. In fact, we have laid out our plan on the channel @cpartisans [not yet recognized as extremist in Belarus -- Euroradio], and whoever wants to read it, should do it.
