Ukrainian Cyber Alliance: Difference between revisions

copy edit: clarity, consistency, conciseness, some tone, linking – could use additional sources and could be a little more balanced. See notes on talk page regarding primary source quotations.
(beginning copy edit)
(copy edit: clarity, consistency, conciseness, some tone, linking – could use additional sources and could be a little more balanced. See notes on talk page regarding primary source quotations.)
{{POV|date=July 2020}}
'''The Ukrainian Cyber Alliance''' (UCA, [[Ukrainian language|ukr.]] ''Український кіберальянс'', УКА) is a community of Ukrainian [[Internet activism|cyber activists]] from various cities in Ukraine and around the world. The alliance emerged in the spring of 2016 from the merger of two cyber activists, FalconsFlame and Trinity, and was later joined by athe group of cyber activists RUH8 and individual cyber activists from the CyberHunt group.<ref>{{Cite web|date=2016-12-06|title=Український кіберальянс (Ukrainian Cyber Alliance)|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>. The [[hacktivist]]s united to counter Russian aggression in Ukraine.{{Infobox website
| name = Ukrainian Cyber Alliance
| logo = Ukrainian Cyber Alliance.png
=== Operation #opDonbasLeaks ===
In the spring of 2016, the UCA conducted about one hundred successful hacks of pageswebsites and mailboxes of militants, propagandists, their curators, and hacked mailboxes of terrorist organizations operating in the occupied territories. TheAmong hacktiviststhe alsotargets hackedwas the mailbox of the Russian organization "Union of Volunteers of Donbass". From this was obtained passport data and photo documents of citizens of Italy, Spain, India and Finland, who are fighting in the ranks of the [[Prizrak Brigade]], for which Russia opens and, if necessary, extends visas.<ref>{{Cite web|date=2016-04-03|title=Росія відкриває візи для терору в Україні — витік паспортних даних найманців|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>. It was found that Russian terrorists who were wounded during the fighting in eastern Ukraine were being treated in military hospitals of the Ministry of Defense.<ref>{{Cite web|date=2016-04-07|title=Медичні послуги для VIP-найманців Росії. Листування, документи, ідентифікація бойовиків|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref><ref>{{Cite web|date=2016-04-08|title=Хакери та OSINT-аналітики розкрили подробиці гібридної історії військового ЗС Росії|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>
=== Hacking of the propaganda site ANNA News ===
=== Operation #OpMay9 ===
On May 9, 2016, the UCA conducted operation #OpMay9.<ref>{{Cite web|date=2016-05-09|title=9 зломів 9 травня: українські хакери успішно провели операцію #OpMay9 (ВІДЕО)|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref><ref>{{Cite web|title=Українські хакери зламали дев'ять сайтів ДНР на День перемоги|url=|access-date=2020-03-08|website=РБК-Украина|language=ru}}</ref> Nine sites of [[Donetsk People's Republic]] (DNR) terrorists, propagandists, and Russian private military companies (RPMCs) were hacked. The broken sites were left with the hashtags #OpMay9 and #oп9Травня and three short videos about World War&nbsp;II and [[Ukraine in World War II|Ukrainian contributions to the victory over Nazism]] – what UCA called the "serum of truth".<ref>{{Cite web|date=2016-05-10|title=Українські хакери до Дня Перемоги зламали сепаратистські та російські сайти|url=|access-date=2020-03-08|website=ТСН.ua|language=uk}}</ref> The hacktivists also posted their new video message on the brokenterrorist resources of terroristssites.<ref></ref>. VideoThe messagevideo textstated:
{{Cquote|God forbid. And we are in the Lviv metro again. After our previous video on April 29, some viewers decided we were joking. But we are not joking, we are speaking quite seriously. After our last attack, the popular site of aggressive Russian propaganda Anna News was unavailable for about 5 days. It is an information resource aimed at spreading lies against Georgia, Ukraine and Syria. Our first video call hung on this site for more than 5 hours, and the administrators took more than 100 hours to at least partially restore the resource. At the same time, they lost much of their data forever. It was our small gift to society for the Great Feast of the Resurrection of Christ. We have shown how light easily destroys darkness. We have enough strength and will to successfully defeat the aggressor, we just need to believe and work hard for everyone to win together. And now about the victory. Kievan Rus, and then its successor Ukraine, the Cossacks of the Zaporozhian Sich and the Kholodny Yar, soldiers of the Ukrainian Insurgent Army and Ukrainians in the ranks of the Allied armies. These are our ancestors who fought with unbreakable strength of will and shed blood for their land and freedom. 70&nbsp;years ago, the Ukrainian people lost about 7&nbsp;million of their sons and daughters in the fight against the aggressor and the occupier. Now a new brown plague has come to our borders, disguised by the colors of striped ribbons and Russian tricolors. But no matter how strong the enemy may seem, his destiny is to be defeated and covered with shame. The Ukrainian people, their soldiers, patriots, volunteers have already proved that the indomitable will is embedded in their genetic code. Today, on the Day of Remembrance and Victory, we are giving a new gift to Ukrainian society. On this day, the entire network of information resources of the aggressor and the sites of Russian terrorists in Donbass will be paralyzed. This video message and other materials exposing the occupiers' lies will appear on many enemy websites. We won then, we will win now. To the glory of ancestors, to the glory of the heroes of the past and the future. Glory to Ukraine!
}}{{longquote|date=September 2020}}
=== Channel One hacking ===
The UCA hacked the website of [[Pervy Kanal]] (Channel One Russia), according to hacktivists, as part of a project to force Russia to deoccupy Donbass and fulfill its obligations under the [[Minsk agreement]]s.<ref></ref> Details of Pervy Kanal propagandist Serhiy Zenin's cooperation with Russian state-owned propaganda network [[RT (TV network)|Russia Today]] were also revealed, along with documentation of Zenin's salary and lavish lifestyle.<ref>{{Cite web|title=Українські хакери зламали дані та листування пропагандиста Путіна|url=|access-date=2020-03-08|website=Апостроф|language=uk}}</ref>. In Zenin's cloud storage were found 25 videos of DNR terroristsmembers shooting in the settlement of Nikishine.<ref>{{Cite web|date=2016-06-16|title=Злом пропагандистів РФ. Частина 3: обстріл Нікішиного|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>
=== Operation #opDay28 ===
In 2016, on the eve of [[Constitution Day (Ukraine)|Constitution Day]], the UCA conducted operation #opDay28.<ref>{{Cite web|title=Хакери зломали 17 російських сайтів: Захарченко і Плотницький вибачаються перед українцями|url=|access-date=2020-03-08||language=uk}}</ref> 17 resources of Russian terrorists were hacked, aand newthe videohacked fromsites played another Lviv Metro was posted on the hacked sitesvideo<ref></ref>. Onwhich behalfpurported ofto be from the leader of the terrorist organization «DNR», O. &nbsp;Zakharchenko, the hacktivists published the following appeal on the broken resources:<ref>{{Cite web|date=2016-06-28|title=Українські хакери провели операцію #opDay28|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>:{{Cquote|"On June 28, Ukraine celebrates another anniversary of the adoption of the Constitution. But now this holiday is overshadowed by the conflict in Donbass, which we, inferior fools, have resolved, and caused numerous violations of the constitutional rights of normal citizens. I have to admit that despite the work done by my stupid press service and loyal sly dogs of the mdb dnr, the whole world sees that we started playing not in our sandbox, because of which the civilian population of Donbass suffers and dies. The truth is that Rashka has once again framed us and is trying to squeeze the Donbass after the Crimea with our own hands. I personally apologize to all the people of Ukraine for their idiocy and I hope that this anniversary of the Constitution of Ukraine will be a turning point in the relations of Donbass with its Motherland - Ukraine! Contrary to racist propaganda, we are cured of schizophrenia, and the Ukrainian constitutional order will prevail in the Donbass! ”
MDB DNR, the whole world sees that we started playing not in our sandbox, because of which the civilian population of Donbass suffers and dies. The truth is that Rashka has once again framed us and is trying to squeeze the Donbass after the Crimea with our own hands. I personally apologize to all the people of Ukraine for their idiocy and I hope that this anniversary of the Constitution of Ukraine will be a turning point in the relations of Donbass with its Motherland - Ukraine! Contrary to racist propaganda, we are cured of schizophrenia, and the Ukrainian constitutional order will prevail in the Donbass!
=== Hacking of the Russian Ministry of Defense of the Russian Federation ===
In July 2016, the Ukrainian Cyber AllianceUCA hacked the document management server of the Department of the [[Ministry of Defense of the Russian Federation to ensure the state defense order. As a result, documents on defense contracts of theDefence (Russia)|Ministry of Defense of the Russian Federation]], withand termsmade ofpublic defense contracts executionexecuted during 2015 were withdrawn and made public.<ref>{{Cite web|title=Українські хакери зламали сервер департаменту Міноборони РФ|url=|access-date=2020-03-08|website=5 канал|language=uk-UK}}</ref>. The success of the operation was largely determined by the negligence of Russian Rear Admiral Vernigora Andrei Petrovich.<ref></ref>. At the end of November &nbsp;2016, the Ukrainian Cyber AllianceUCA broke into the Ministry ofserver Defense of the Russian Federation for thea second time and obtained confidential data on the provision of the state defense order of the Russian Federation in 2015-20162015–2016. According to analysts of InformNapalmInform Napalm, the documents show that Russia is developing a doctrine of air superiority in the air in the event of full-scale hostilities with Ukraine. In particular, this is evidenced byciting the amount allocated for maintenance, modernization and creation of new aircraft.<ref>{{Cite web|title=Росія розробляє військову доктрину переваги в повітрі – українські хакери|url=|access-date=2020-03-08|website=Радіо Свобода|language=uk}}</ref>.
=== Operation #op256thDay ===
Before [[Day of the Programmer|Programmer's Day]], UCA conducted operation # op256thDay., Thein interface ofwhich more than 30 &nbsp;sites of theRussian aggressorforeign wasaggression destroyedwere or carried outdestroyed. On many propaganda resources, the hacktivists embedembedded an [[Inform Napalm]] video demonstrating evidence of Russia's military aggression against Ukraine.<ref>{{Cite web|last=|first=|date=|title=Привиди львівського метро|url=|access-date=2020-03-08||publisher=|language=}}</ref><ref>{{Cite web|date=2016-09-13|title=Хактивісти відсвяткували День програміста ударною операцією #op256thDay|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>.
=== Operation #OpKomendant ===
The activists gained access to the postal addresses of 13 regional branches of the so-called «"military commandant's office»" of the DNR terrorist organization. Thisin operation is called #OpKomendant. For 6six months,<ref>{{Dead link|date=July 2020}}</ref>, the data from the boxes werewas passed for analysis toby [[Inform Napalm]] volunteers, employees of the Peacemaker Center, as well as Ukrainian security officers - the [[Security Service of Ukraine]] and the [[Special Operations Forces (Ukraine)|Special Operations Forces of Ukraine]].<ref>{{Cite web|last=Цензор.НЕТ|title=Операція "Комендант": українські хакери зламали пошту "військових комендатур" російських окупантів у Донецькій області. ДОКУМЕНТИ+ВІДЕО|url=|access-date=2020-03-08|website=Цензор.НЕТ|language=uk}}</ref>.
=== Hacking of the terrorist Oleksii Mozghovyi ===
In October 2016, UKAUCA openedobtained two hundred and forty240 pages of e-mail correspondence of the leader of the ghost «Prizrak» ofBrigade, the terrorist organization «LPR»[[Aleksey Mozgovoy|Oleksii Mozghovyi]]. Judging by the correspondence, before the liquidation MozgovyiMozghovyi was completely under the control of an unknown agent with the callcodename sign «"Diva»".<ref>{{Cite web|date=2016-10-19|title=Як "Діва" привела бойовика Мозгового до ліквідації: листування|url=|access-date=2020-03-08|website=ФАКТИ ICTV}}</ref>.
=== Hacking of the terrorist Arsen Pavlov («Motorola») ===
The Ukrainian cyber allianceUCA obtained data from the gadgets of the[[Arsen RussianPavlov|Arsen terrorist Arsen"Motorola" Pavlov]], leader of the [[Sparta Battalion]], and his wife Olena Pavlova (Kolienkina): photos, videos, correspondence, photos of documents. In the weeks leading up to his death, the terroristPavlov was alarmed by the conflict with Russian curators.<ref>{{Cite web|title=Напередодні вбивства “Мотороли” з будинка, де він жив, знімали охорону|url=|access-date=2020-03-08|website=Українська правда|language=uk}}</ref>.
=== SurkovLeaks operation ===
{{Main|Surkov leaks}}
In October 2016, the hacktivistsUCA gained access toaccessed the mailboxes of the[[Vladislav receptionSurkov]], ofVladimir thePutin's Officepolitical ofadviser theon Assistantrelations towith the President of the Russian Federation Vladislav SurkovUkraine. DumpingsAcquired of two mailboxes in Surkov's receptionemails were published onby theInform website of the international volunteer community InformNapalmNapalm in late October (SurkovLeaks, part ofand early November) (SurkovLeaks, part 2).<ref>{{Cite web|date=2016-10-25|title=Злом Суркова: хактивісти кіберальянсу передали докази злому помічника президента РФ (1 Гб даних)|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref> <ref>{{Cite web|date=2016-11-03|title=SurkovLeaks (part 2): хактивісти опублікували новий дамп пошти приймальні Суркова|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>. The dumpsemails do not know the details of the Minsk process,revealed plans to destabilize the situation in Ukraine, plans toand federalize Ukraine, and with other materials thatdemonstrated provehigh-level thatRussian Russiainvolvement is atfrom the higheststart level involved inof the war in eastern Ukraine. A US official told NBC NEWSNews that the dump materialsemails corroborated information that the United StatesUS had previously provided.<ref>{{Cite web|title=Payback? Russia gets hacked, revealing top Putin aide's secrets|url=|access-date=2020-03-08|website=NBC News|language=en}}</ref>. The authenticity of the dumpsemails was confirmed by international[[Atlantic organizations: AtlanticCouncilCouncil]]<ref>{{Cite web|last=@DFRLab|date=2016-10-26|title=Breaking Down the Surkov Leaks|url=|access-date=2020-03-08|website=Medium|language=en}}</ref><ref>{{Cite web|last=@DFRLab|date=2016-11-03|title=Putin’s Email Scandal Continues|url=|access-date=2020-03-08|website=Medium|language=en}}</ref>, and [[Bellingcat]],<ref>{{Cite web|date=2016-10-26|title=Разбор слитой переписки Суркова|url=|access-date=2020-03-08|website=Беллингкэт|language=ru-RU}}</ref>. SurkovLeaks has beenand published inby leadingnumerous Western publications:news BBCsources.<ref>{{Cite news|last=Burridge|first=Tom|date=2016-11-03|title=Ukrainian pair claim Kremlin email hack|language=en-GB|work=BBC News|url=|access-date=2020-03-08}}</ref>, Time<ref>{{Cite web|title=Hacked Kremlin Emails Could Signal a Turn in the U.S.-Russia Cyberwar|url=|access-date=2020-03-08|website=Time|language=en}}</ref>, The New York Times<ref>{{Cite news|last=Kramer|first=Andrew E.|date=2016-10-27|title=Ukrainian Hackers Release Emails Tying Top Russian Official to Uprising|language=en-US|work=The New York Times|url=|access-date=2020-03-08|issn=0362-4331}}</ref>, The Times & The Sunday Times<ref>{{Cite news|last=Kiev|first=Maxim Tucker|title=Press tycoon tried to win support for Putin|language=en|url=|access-date=2020-03-08|issn=0140-0460}}</ref><ref>{{Cite news|last=Kiev|first=Maxim Tucker|title=Hackers leak Putin plan to carve up Ukraine|language=en|url=|access-date=2020-03-08|issn=0140-0460}}</ref>, The Guardian<ref>{{Cite news|last=Walker|first=Shaun|date=2016-10-26|title=Kremlin puppet master's leaked emails are price of return to political frontline|language=en-GB|work=The Guardian|url=|access-date=2020-03-08|issn=0261-3077}}</ref>, «Radio Liberty»<ref>{{Cite web|title=Inside The Ukrainian 'Hacktivist' Network Cyberbattling The Kremlin|url=|access-date=2020-03-08|website=RadioFreeEurope/RadioLiberty|language=en}}</ref><ref>{{Cite web|title=Hackers Release More E-Mails They Say Tie Putin Aide To Ukraine Crisis|url=|access-date=2020-03-08|website=RadioFreeEurope/RadioLiberty|language=en}}</ref>, The Sydney Morning Herald<ref>{{Cite web|last=Miller|first=Nick|date=2016-11-03|title=SurkovLeaks: new cache of emails alleges Russian plan to destabilise Ukraine|url=|access-date=2020-03-08|website=The Sydney Morning Herald|language=en}}</ref>, The Independent<ref>{{Cite web|date=2016-11-04|title=Hackers are turning the tables on Vladimir Putin, and the fallout could be huge|url=|access-date=2020-03-08|website=The Independent|language=en}}</ref>, Forbes<ref>{{Cite web|last=Brewster|first=Thomas|title=Meet The Ukrainian Hackers Targeting The Kremlin's Master Manipulator|url=|access-date=2020-03-08|website=Forbes|language=en}}</ref>, Bloomberg<ref>{{Cite web|title=Bloomberg - Are you a robot?|url=|access-date=2020-03-08|}}</ref>, Newsweek<ref>{{Cite web|last=EDT|first=Damien Sharkov On 10/27/16 at 8:07 AM|date=2016-10-27|title=Kremlin denies Putin aide's email was hacked—'he does not use email'|url=|access-date=2020-03-08|website=Newsweek|language=en}}</ref>. AfterIn the break-upsaftermath of the leaks, Surkov's chief of staff, Oleksandr Pavlov, resigned.<ref>{{Cite web|date=2017-01-20|title=Скандальний "злам" пошти Суркова українськими хакерами призвів до відставки в Кремлі - ТСН|url=|access-date=2018-01-09|language=uk-UA}}</ref>. OnAdditional November 2, 2017, dumps of two more mailboxes (SurkovLeaks, part 3)emails belonging to people from Surkov's environs were published, in particular,early the mailbox of Inal Batuvich ArdzinbaNovember, Chiefdetailing Adviser of the Russian PresidentRussia's Office for CIS Affairs, First Deputy Vladislav Surkov. He supervised and financed projectsfinancing of so-calledthe «"soft federalization»" of Ukraine: «Slobozhanshchina», «Porto-Franco», «People's Republic of Bessarabia», «People's Council of Nikolaev». Documents proving Russia's subversive activities were found in the dumps. For exampleUkraine, the project of seizing power in Zaporizhia region<ref>{{Cite web|title=Як сепаратисти у 2014-му планували захопити Запоріжжя (ДОКУМЕНТ) –|url=|access-date=2020-03-08||language=uk}}</ref>, therecruiting list of recruited - current and former - employees ofin the Ministry of Internal Affairs of Odesa region, the report on provocations in Odesa for the first half of February 2015, the list of athletes (titushki) for violent actions in Ukraine, theses of the bill «On a special region of development Slobozhanshchina»,and evidence of Russia's funding of some election campaigns in the Kharkiv region, etc.<ref>{{Cite web|date=2017-11-02|title=SurkovLeaks (part 3): аналіз листування першого заступника Суркова Інала Ардзінби|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>. The emails stated that Yuriy Rabotin, the head of the Odessa branch of the Union of Journalists of Ukraine, appearsreceived in the dumps. It is known from the correspondence what sums he receivedpayment from the Kremlin for his anti-Ukrainian activities.<ref>{{Cite web |script-title=uk:Одеська #медіаспільнота: не все то медіа, що блищить|url=|access-date=2020-03-08|}}</ref>. On April &nbsp;19, 2018, the British newspaper ''The Times'' published an article stating that the leak of SurkovLeaks documents exposed Russia's use of misinformation about the downing of [[Malaysia Airlines MH17Flight flight in 201417]] in order to accuse Ukraine. SurkovLeaks is written evidence that the Russian state is actively developing disinformation strategies and trying to spread them to a global audience<ref>{{Cite news|date=2018-04-19|title=Russian leaks reveal spin on MH17 disaster - The Times|work=The Times|url=|access-date=2018-04-24}}</ref>.
=== Hacking of the «DNR Ministry of Coal and Energy» of the terrorist organization «DNR» ===
In November 2016, due to the hackingUCA theobtained mailboxemails offrom so-calledthe DNR's «"Ministry of Coal and Energy»", of the terrorist organization «DNR» hacktivists obtainedincluding a certificate prepared by the [[Ministry of Energy (Russia)|Ministry of Energy]] of the Russian Federation in January &nbsp;2016, which showsdetail the plans of the occupiers for the coal[[Coal industry ofin Ukraine|Donbass coal industry]].<ref>{{Cite web|date=2016-11-10|title=Оцінка стану вугільної промисловості окупованих територій Донбасу|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>.
=== FrolovLeaks operation ===
In December 2016, operationOperation FrolovLeaks was conducted in December 2016,<ref>{{Cite web|title=FrolovLeaks Archives|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>, asand aproduced resultcorrespondence of whichKyrylo the correspondence ofFrolov, the Deputy Director of the CIS Institute, ([[Commonwealth of Independent States]]) and Press Secretary of the Union of Orthodox Citizens Kyrylo Frolov, for the period 1997-2016 was published1997–2016. The correspondence contains evidence of Russia's preparation for aggression against Ukraine (long before 2014).<ref>{{Cite web|title=#FrolovLeaks: Про "Донецьку республіку" у Кремлі заговорили ще 1999 року|url=|access-date=2020-03-08|website=5 канал|language=uk-UK}}</ref>. TheIt correspondencealso revealed Frolov's close ties with [[Sergey Glazyev]], the Russian president's adviser on regional economic integration, Moscow Patriarch [[Patriarch Kirill of Moscow|Vladimir Gundyaev]], Moscow's patriarch, as well asand [[Konstantin Zatulin]], a member of the Foreign and Defense Policy Council, an illegitimate<ref>{{Cite web|last=|first=|date=|title=Про Заяву Верховної Ради України "Про невизнання Україною легітимності виборів до Державної Думи Федеральних Зборів Російської Федерації сьомого скликання|url=|access-date=|website=|publisher=|language=}}</ref> member of the Russian State Duma and director of the CIS Institute. The letters containmention hundreds of other names in one way or anotherothers connected with the subversive activities of Russia's «[[fifth column»]] organizations in Ukraine.
=== Hacking of Lugansk intelligence chief ===
=== Computer of the Chief of Intelligence 2 AK (Lugansk, Ukraine) of the RF Armed Forces under the control of the UCA ===
UCAFor activistssome fortime, aUCA long timeactivists monitored the computer of the Chief of Intelligence 2 AK (Lugansk, Ukraine) of the Russian Armed Forces,. whoThis officer sent reports with intelligence obtained with the help of regular Russian [[unmanned aerial vehicle]]s (UAVs) – «Orlan»,<ref>{{Cite web|date=2017-01-05|title=Начальник розвідки 2 АК ЗС РФ під контролем UCA. Part 1: БЛА «Орлан-10»|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>, «[[Forpost»]]<ref>{{Cite web|date=2017-01-17|title=Начальник розвідки 2-го АК ЗС РФ під контролем UCA. Part 2: БЛА «Форпост»|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>, «and Takhion»<ref>{{Cite web|date=2017-01-26|title=Начальник розвідки 2-го АК ЗС РФ під контролем UCA. Part 3: Де впав БЛА «Тахіон», координати|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>, which were also used to adjust fire artillery, chiefs of intelligence of the 12th command of the reserve of the RF Armed Forces (Novocherkassk, Rostov region). Documents have also been published proving the existence of the Russian ground reconnaissance station PSNR-8 «"Credo-M1»" (1L120) in the occupied territory, which was adopted by the Russian Armed Forces in 2002 and was never delivered to Ukraine.<ref>{{Cite web|date=2017-03-09|title=Начальник розвідки 2 АК ЗС РФ під контролем UCA. Part 5: ПСНР-8|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>. In July &nbsp;2017, on the basis of datathe obtained by the UCA from the computer of the intelligence chief of the occupation 2 AK (Lugansk, Ukraine) of the RF Armed Forcesdata, additional reconnaissance was conducted on social networks and the service of the Russian UAV «Takhion» - (servicemen of the 138th OMSBR of the RF Armed Forces Private Laptev Denis Alexandrovich and Corporal Angalev Artem Ivanovich).<ref>{{Cite web|title=Волонтери InformNapalm ідентифікували кадровиків РФ на Донбасі|url=|access-date=2020-03-08|website=5 канал|language=uk-UK}}</ref>. DueThe tosurveillance theprovided fact that from oneevidence of thetroop computersmovements ofto the intelligence department 2 AK (Lugansk, Ukraine) of the RF Armed Forces came to his personal mailbox Doroshenko Oleg Vladimirovich (as of mid-2014 - Chief of Staff of the reconnaissance battalion of the 136th OMSBR of the RF Armed Forces, in / h 63354, Captain of the RF Armed Forces), received documentary evidence of the transfer of servicemen of the 136th OMSBR to the border with Ukraine in August &nbsp;2014 in accordance with the combat order of the Chief of Staff of the 58th Army of the RF Armed Forces.<ref>{{Cite web|title=Гаага чекає на танкістів: волонтери знайшли докази перекидання військ РФ до України у 2014-2015 роках (фото)|url=|access-date=2020-03-08||language=uk}}</ref>. A list of tankersthese of the 136th OMSBRsoldiers, their personal numbers, ranks, exact job titles, and information on awards for military service in peacetime were published.<ref>{{Cite web|date=2017-03-31|title=Гаага жде танкістів 136-ї бригади ЗС РФ: списки, документи, накази - OSINT+HUMINT|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>. ItThe wasoperation also managed to restoredetermined the chronologytimeline of the invasion of the Russian artillery unit of the 136th OMSBR of the Armed Forces of Ukraine in Ukraine in the summer of 2014, from the moment of loading equipment for transfer to further fixation of Russian artillerymenfortifying in the occupied territory of Ukraine in Novosvitlivka, Samsonivka, and Sorokine (formerformerly Krasnodon).<ref>{{Cite web|title=Архівована копія|url=|archive-url=|archive-date=31 July 2017|access-date=29 July 2017}}</ref>.
=== Hacking of Oleksandr Usovskyi hacking ===
In February- and March 2017, the Ukrainian Cyber AllianceUCA exposed the correspondence of aBelarus fancitizen ofAlexander the «Russian world»Usovsky, a publicist whose articles were often published on the website of [[ViktorUkrainian MedvedchukChoice]]'s, projectan «anti-Ukrainian Choice»{{abbr|NGO|non-government organization}} backed by oligarch [[Viktor Medvedchuk]].<ref>{{Cite web|title=Александр Усовский - Авторы {{!}} VYBOR.UA|url=|access-date=2020-03-08||language=ru}}</ref>, a citizen of Belarus Alexander Usovsky. <ref>{{Cite web|title=Хакери з’ясували, хто намагається посварити Україну та Польщу|url=|access-date=2020-03-08|website=24 Канал}}</ref>. InformNapalmInform Napalm analysts conducted a study of the data provided by the hacktivistsemails and published two articles<ref>{{Cite web|date=2017-02-23|title=За антиукраїнськими акціями в Польщі стоїть Кремль — аналіз викритого листування|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref><ref>{{Cite web|date=2017-03-01|title=Як Кремль фінансує польських радикалів: завдання, оплата, звіт у Москву|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref> on how the Kremlin financesfinanced anti-Ukrainian actions in Poland and other Eastern European countries. The published materials caused a resonanceoutrage in Poland,<ref>{{Cite web||url=,75399,21412578,czy-kreml-chce-nas-sklocic.html?disableRedirects=true|access-date=2020-03-08|}}</ref><ref>{{Cite web|last=Redakcja|first=About The Author|date=2017-02-24|title=Rewelacje „Inform-Napalmu”: bardzo dziwna sprawa – Marcin Rey|url=|access-date=2020-03-08|website=Portal Międzymorza JAGIELLONIA.ORG|language=pl-PL}}</ref><ref>{{Cite web|last=Redakcja|first=About The Author|date=2017-03-01|title=Jak Kreml finansuje polskich radykałów – zadania, wypłaty, raport do Moskwy|url=|access-date=2020-03-08|website=Portal Międzymorza JAGIELLONIA.ORG|language=pl-PL}}</ref><ref>{{Cite web|date=2017-03-02|title=Zdrajcy Polski na pasku Kremla. Tak raportowali do Moskwy. NOWE FAKTY|url=|access-date=2020-03-08|website=NIEZALEZNA.PL}}</ref><ref>{{Cite web||url=,75968,21448276,rosyjskie-odciski-dloni-wsrod-polskich-nacjonalistow.html?disableRedirects=true|access-date=2020-03-08|}}</ref><ref>{{Cite web|title=Majątek za szerzenie propagandy Kremla|url=|access-date=2020-03-08|website=Gazeta Polska Codziennie}}</ref><ref>{{Cite web|title=Архівована копія|url=|archive-url=|archive-date=8 August 2017|access-date=26 July 2017}}</ref><ref>{{Cite web|last=Redakcja|date=2017-02-23|title=Ukraiński portal sugeruje związki polskich polityków z „antyukraińskimi akcjami” w Polsce » Kresy|url=|access-date=2020-03-08|website=Kresy|language=pl-PL}}</ref><ref>{{Cite web|title=W "Newsweeku": Wielbiciel Hitlera, który z pieniędzy z Rosji finansował skrajną prawicę w Polsce. Kim jest Aleksander Usowski?|url=|access-date=2020-03-08||language=pl}}</ref>, the Czech Republic<ref>{{Cite web|last=Soukup|first=Ondřej|date=2017-03-13|title=Hackeři odhalili ”otce” proruských akcí v Česku. Na organizaci demonstrací ve střední Evropě dostal 100 tisíc eur|url=|access-date=2020-03-08|website=Hospodářské noviny (|language=cs}}</ref><ref>{{Cite web|last=Soukup|first=Ondřej|date=2017-03-15|title=Rusko Ondřeje Soukupa: Pomozte Kremlu, stát vám potom odpustí|url=|access-date=2020-03-08|website=Hospodářské noviny (|language=cs}}</ref>, and Ukraine.<ref>{{Cite web|title=Антиукраїнські акції в Польщі влаштовував білорус на замовлення Затуліна - ЗМІ|url=|access-date=2020-03-08|website=Українська правда|language=uk}}</ref><ref>{{Cite web|title=Польські націоналісти проводили акції проти України за гроші Росії - Wyborcza|url=|access-date=2020-03-08|}}</ref><ref>{{Cite web|title=Як російський олігарх Малофєєв організовував антиукраїнські акції в Чехії та Угорщині|url=|access-date=2020-03-08||language=uk}}</ref><ref>{{Cite web|title=Як за гроші "Газпрому" Росія сварить Україну та Польщу - новини Еспресо TV {{!}} Україна|url=|access-date=2020-03-08|}}</ref>. CommentingIn onan theinterview publishedwith data of Usovsky's, Polish General Roman Polko, the founder of the [[Polish Special Forces|Polish Special Operations Forces]],<ref>{{Cite news|date=2019-02-18|title=Roman Polko|language=en|work=Wikipedia|url=|access-date=2020-03-08}}</ref>, said in an interview with hestated ishis convincedconviction that the anti-Ukrainian actions in Poland and the desecration of Polish monuments in Ukraine were inspired by the Kremlin. The generalPolko said that the information war posed a threat to the whole of Europe, and that the Polish radicals were useful idiots usedmanipulated by Russia.<ref>{{Cite web|title=Gen. Roman Polko dla Frondy: To Kreml nakręca polsko-ukraińską niechęć|url=,88028.html|access-date=2020-03-08||language=pl}}</ref>.
=== InstituteHacking of CIS countries hackingInstitute ===
AsAn a resultanalysis of thehacked analysisemails offrom dumpsCIS ofInstitute the Institute([[Commonwealth of CISIndependent countries, it becameStates]]) clearrevealed that this non-governmentalthe organizationNGO is financed by the Russian state company [[Gazprom]]. Gazprom allocated $2 &nbsp;million a yearannually to finance the anti-Ukrainian activities of the CIS Institute.<ref>{{Cite web|date=2017-04-19|title=Активісти розкрили схему фінансування "Газпромом" дестабілізації в Україні за $ 2 млн на рік|url=|access-date=2020-03-08|website=ТСН.ua|language=uk}}</ref>. The head of the CIS Instituteinstitute, State Duma deputy [[Konstantin Zatulin]], helpshelped terrorists and former [[Berkut (special police force)|Berkut]] members who fled to Russia to obtain Russian passports.<ref>{{Cite web|date=2017-05-30|title=Депутат Держдуми РФ Затулін вирішує паспортні питання бойовиків «ДНР» (документи)|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>.
=== AggressiveHacking of Russian «softFoundation for Public power»Diplomacy ===
Access to the mail of O.&nbsp;M. Gorchakovan, an employee of the Russian Foundation for Public Diplomacy, namedprovided after O.M.Gorchakov made it possibleinsight to reveal the forms of Russia's foreign policy strategy. On the eve of the war, funding for a six-month propaganda plan in Ukraine reached a quarter of a million dollars.<ref>{{Cite web|date=2017-06-25|title=Агресивна російська «soft power» в Україні на порозі війни|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>. Under the guise of humanitarian projects, subversive activities were carried out in Ukraine, Serbia, Bosnia and Herzegovina, Bulgaria, Moldova,<ref>{{Cite web|title=SOFT POWER - ul rusesc în Republica Moldova şi nu numai. Partea I|url=în-Republica-Moldova-şi-nu-numai-Partea-I.htm|access-date=2020-03-08|website=Deschide.MD|language=ro}}</ref>, and the Baltic States.<ref>{{Cite web|date=2017-07-30|title=Агресивна російська «soft power» у Європі|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>.
=== Hacking a telephone terroristof Oleksandr Aksinenko ===
ActivistsUCA of the Ukrainian Cyber Allianceactivists gained access to the mailbox of a telephone miner -Oleksandr Aksineko, a citizen of Russia and Israel Alexander Aksinenko. The correspondence showsindicates that Aksinenko's terrorist activities are supported by the Russian FSB,[[Federal becauseSecurity afterService]] searches conducted at his request by the SBU(FSB), the FSB officerswhich advised him to «"work in the same spirit»". Aksinenko also sent anonymous letters to the [[Security Service of Ukraine]] (SBU) and other structures in Ukraine.<ref>{{Cite web|last=Цензор.НЕТ|title=Громадянин РФ та Ізраїлю Аксіненко "мінує" українські об`єкти під протекцією ФСБ, - InformNapalm. ФОТОрепортаж|url=|access-date=2020-03-08|website=Цензор.НЕТ|language=uk}}</ref>.
=== #FuckResponsibleDisclosure flashmob ===
At the end of 2017, the UkrainianUCA Cyber Alliance, together withand other IT specialists, held an action for almosta two-month monthsaction to assess the level of protection of Ukrainian public resources. Volunteers decided, to check whether officials arewere reallyresponsible concerned aboutwith information security.<ref>{{Cite news|date=2017-11-19|title=#FuckResponsibleDisclosure – флешмоб IT-фахівців з UCA змушує українські держструктури дбати про інформаційну безпеку - (Українська)|language=uk-UA| (Українська)|url=|access-date=2017-12-16}}</ref>, andMany foundvulnerabilities awere lot of vulnerabilitiesuncovered in the information systems of government agencies. ActivistsThe did not break anything, they onlyactivists identified vulnerable resources, reported aboutthese itvulnerabilities openly and in messages markedto those who could influence the situation. According toThe activists, publicitynoted inthe sucheffectiveness situationsin ispublicly very important, because whenshaming government agencies are ashamed in public, it has an effect.<ref>{{Cite news|date=2017-12-01|title=Огляд тижневиків: чи легко "хакнути" українську владу - BBC Україна|url=|access-date=2017-12-16}}</ref>. For example, it was found that the computer of the Main Directorate of the [[National Police of Ukraine|National Police]] in Kyiv region could be accessed without a password and found on a network drive 150 &nbsp;GB of information, including passwords, plans, protocols, and personal data of police officers.<ref>{{Cite news|date=2017-11-18|title=Злом хакерами особистих даних учасників АТО: в мережі розкрили скандальні деталі - Апостроф|language=uk-UA|url=|access-date=2017-12-16}}</ref>. It was also found that the [[Bila Tserkva]] police website had been hacked for a long time, and only after the volunteers noticed did the situation improve. SCFM{{expand hasacronym|date=September 2020}} had not updated servers for 10 &nbsp;years.<ref>{{Cite news|date=2017-12-01|title=Український кіберальянс: «Держструктурам не варто лишати двері для хакерів прочиненими» - Тиждень|language=uk-UA|url=|access-date=2017-12-16}}</ref>. ItActivists also turned outfound that the website of the Judiciary of Ukraine kept reports onof the courts in the public domain. The [[Kherson Oblast Council|Kherson Regional Council]] has opened access to the joint disk.<ref>{{Cite news|date=2017-11-16|title=На зламаному сервері Херсонської облради знайшли заготовлені авіабілети в Ростов - Херсон.city|language=ru|url=|access-date=2017-12-16|archive-url=|archive-date=2017-12-17}}</ref>. The CERT-UA website (Ukraine's [[computer emergency response team]]) posted a password from one of their email accounts.<ref>{{Cite news|date=2017-11-23|script-title=uk:Українські хакери перевірили, як захищають сайти держустанов |website=Zik |language=uk-UA |url=|access-date=2017-12-16}}</ref>. One of the capital's taxi services keepswas found to keep open information about whoclients, whenincluding dates, from which phone numbernumbers, to which address he called theand cardeparture and wheredestination he was goingaddresses.<ref></ref>. Vulnerabilities were also revealed in Kropyvnytskyi's Vodokanal, Energoatom, Kyivenerhoremont, NAPC, Kropyvnytskyi Employment Center, Nikopol Pension Fund, and the Ministry of Internal Affairs (declarations of employees, including special units, were made public).<ref>{{Cite news|date=2017-12-06|title=Активісти підбили підсумки флешмобу #FuckResponsibleDisclosure з виявлення вразливостей державних IT-систем України - (Українська)|language=uk-UA| (Українська)|url=|access-date=2017-12-16}}</ref>. The police opened a criminal case against the activist under the nickname «Dmitry Orlov», who took part in the flash mob and revealed many vulnerabilities on the information resources of state structures. Before that, they tried to hack his page, for a short time they succeeded and a post was written on the page threatening physical violence if he continued his activities. The activist commented on the situation as follows: «A criminal case has been instituted for hacking state resources. They want to make an exemplary detention with TV. Here the strange cooperation of the services - the SBU and the Cyberpolice - can interact whenever they want». The owner deleted the Dmytro Orlov page and said that it had fulfilled its main function - to draw attention to the problems of cybersecurity in Ukraine<ref>{{Cite news|date=2018-02-02|title=Полиция завела уголовное дело на участника акции Украинского киберальянса -||url=|access-date=2018-02-02}}</ref>.
The police opened a criminal case against "Dmitry Orlov", the pseudonym of the activist who publicized the vulnerabilities in a flash mob. They also allegedly tried to hack the Orlov website, leaving a message which threatened physical violence if he continued his activities. The activist deleted the website as it had fulfilled its function.<ref>{{Cite news|date=2018-02-02|title=Полиция завела уголовное дело на участника акции Украинского киберальянса -||url=|access-date=2018-02-02}}</ref>
=== List-1097 ===
ActivistsUCA ofactivists theobtained Ukrainianrecords Cyber Alliance managed to obtainof orders to provide food for servicemen of 18 separate motorized rifle brigadebrigades of the Russian Armed Forces, who were sent on combat missions during the Russian occupation of Crimea.<ref>{{Cite news|date=2018-04-16|script-title=uk:Волонтери розповіли деталі окупації Криму в 2014 році |work=Тиждень.ua|url=|access-date=2018-04-24|archive-url=|archive-date=2018-04-25}}</ref>. [[Inform Napalm]] volunteers searched open sources of information andfor foundthe insocial thenetwork profiles of social networks of servicemen named in the orders, and discovered photo evidence of their participation in the occupation of Crimea,. foundRecords outalso waysrevealed to transferhow troops had been transfered to the Crimea, their location inat Voinka.<ref>{{Cite news|date=2018-04-22|script-title=uk:Список-1097: як 18-та ОМСБр ЗС Росії окупувала Крим | |url=|access-date=2018-04-24|archive-url=|archive-date=2018-04-25}}</ref>.
On January 31, 2017, the central German state TV channel [[ARD (broadcaster)|ARD]] aired a story about the cyber war between Ukraine and Russia.<ref></ref>. The story wasdocumented aboutthe repeated cyber attacks by Russian hackers on the civilian infrastructure of Ukraine, asand wellefforts asto counteringcounter Russian aggression in cyberspace, in particular, hacking the mailboxSurkov of the reception of Russian Presidential Aide V. Surkovleaks. Representatives of the UkrainianUCA Cyberwere Allianceportrayed also becameas the heroes of the plotstory.
In connection with the resonant statements of the formerFormer State Duma deputy [[Denis Voronenkov]] (who received Ukrainian citizenship) thatmade statements V.that Surkov was categorically against the annexation of Crimea. In response, the Ukrainian Cyber AllianceUCA released exclusive photos and audio recordings of the congressesthe congress of the Russian terrorist organization "Union of DonbDonbas Volunteers" , whichfrom took placeMay&nbsp;2016 in the annexed Crimea in Mayand November&nbsp;2016, as well as in Moscow, inat Novemberwhich 2016.Surkov Thewas the guest of honor at these congresses was personally Vladislav Surkov.<ref>{{Cite web|date=2017-02-18|title=Хакери показали ціну заявам екс-депутата Держдуми Вороненкова про невинуватість Суркова (фото й аудіозапис)|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>.
Volunteers of the [[Inform Napalm]] community created a film about UCA's activities -called «''Cyberwar: a review of successful operations of the Ukrainian Cyber Alliance in 2016»''.<ref></ref><ref>{{Cite web|date=2017-02-02|title=Кібервійна: огляд найуспішніших публічних операцій Українського Кіберальянсу в 2016 році|url=|access-date=2020-03-08| (Українська)|language=uk}}</ref>.
== References ==