“We have made good strong hits, and a lot of websites don’t work,” says Dmytro Budorin, the CEO of Ukrainian cybersecurity startup Hacken. When the war started, Budorin and colleagues altered one of the firm’s anti-DDoS tools, called disBalancer, so it could be used to launch DDoS attacks.
While Kaspersky’s analysis says the number of DDoS around the world has returned to normal levels as the war has progressed, the attacks are lasting for longer—hours rather than minutes. The longest lasted for more than 177 hours, over a week, its researchers found. “Attacks continue regardless of their effectiveness,” Kaspersky’s analysis says. (On March 25, the US government added Kaspersky to its list of national security threats; the company said it was “disappointed” with the decision. Germany’s cybersecurity agency also warned against using Kaspersky’s software on March 15, although it didn’t go as far as banning it. The company said it believed the decision was not made on a technical basis.)
Budorin says DDoS has been useful for helping Ukrainians contribute to the war effort in other ways than fighting and says that both sides have improved their attacks and defense. He admits DDoS may not have a huge impact on the war, though. “It doesn’t have a lot of effects with respect to the end goal, and the end goal is to stop the war,” Budorin says.
Since Russia began its full-scale invasion, the country’s hackers have been caught trying to disrupt power systems in Ukraine, deploying wiper malware, and launching predictable disruption attacks against the Ukrainian government. However, Ukrainian officials now say they have seen a drop in activity. “The quality decreased recently as the enemy cannot prepare as much as they were able to prepare,” Yurii Shchyhol, the head of Ukraine’s cybersecurity agency, the State Service for Special Communication and Information Protection, said in a statement on April 20. “The enemy now mostly spends time on protecting themselves, because it turns out their systems are also vulnerable,” Shchyhol said.
Budorin says that, beyond pivoting his company’s technology to help launch DDoS attacks, it also created a bug bounty program for people to find and report security flaws in Russian systems. More than 3,000 reports have been made, he says. He claims this includes details of leaked databases, login information, and more severe instances where code can be run remotely on Russian systems. The company validates the vulnerabilities and passes them on to Ukrainian authorities, Budorin says. “You don’t go through the main door,” he says. “You go through the regional offices. There are so many bugs, so many open windows.”