When the Russian military invaded Ukraine in a heavy-arms blitzkrieg, pro-Ukraine hacktivists seeking to take down www.mil.ru encountered the unexpected: a 418 error, the server declaring that it could not complete your request because it was a teapot.
The teapot bug is a decades-old April fools joke that is occasionally repeated to tell hackers that their efforts have been predicted and blocked. “It’s almost like giving the middle finger,” Amit Sarper, director of security research at Akamai, told BuzzFeed News. Akamai, like its competitor Cloudflare, runs most of the plumbing that supports the Internet.
A few days later, the teapot bug disappeared, and the websites of mil.ru and major Russian banks Gazprombank went dark for most Internet users outside of Russia. The government had geofenced important websites – meaning that those outside the country could not access these sites and therefore could not hack them.
“I think they realize what the Russians are trying to do to everyone else, the same thing can be done to them,” Sarper said. “By geofencing you are making it impossible for anyone outside of Russia to reach all those targets.”
In other words, Russia expected retaliation for its Ukraine invasion and already suspected that cyberattacks were coming — and they did.
A day after the attack began, Reuters reported that a prominent Ukrainian businessman was working closely with his government to assemble a phalanx of volunteers for cybercrime and cyberdefense. While the offense conducts espionage operations, the defense secures critical infrastructure such as Ukraine’s power plants and water treatment facilities previously targeted by Russia. Then Ukrainian Deputy Prime Minister Mykhailo Fedorov called for volunteers to join the Telegram channel. IT Army of Ukraine. “Everyone has tasks. We will continue to fight on the cyber front,” Federov said.
Since then, social media accounts associated with hacker collectives and pro-Ukraine Telegram groups have claimed that groups such as Anonymous have taken some Russian websites and servers offline. Yet Russia’s geofences and Russia’s own long history of disinformation make it difficult to confirm to what extent these websites were hacked and, if so, how long it took to restore them.
Even if the hackers’ claims are true, security experts are wary of the implications of crowdsourced attacks.