Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Cyber attackers are looking to exploit people who want to help Ukraine, security experts warn

Andrew Griffin
Tuesday 01 March 2022 17:42 GMT
A hit list has been drawn up of corporations Anonymous intend to attack
A hit list has been drawn up of corporations Anonymous intend to attack (Getty Images)
Leer en Español

Cyber criminals are looking to exploit those trying to help Ukraine, cyber security experts have warned.

In recent days, some online activists have encouraged people to get involved with attacks on important Russian websites. That has led to distributed denial of service attacks – which overwhelm a site with requests so that it goes offline – which have taken down pages including the Kremlin’s official site and others.

But some of those tools being shared online could be used for more nefarious aims, experts have warned, by criminals who are looking to exploit people’s interest in helping the people of Ukraine.

Such tools can allow anyone to support a distributed denial of service or DDoS attack by allowing their computer to be used as a weapon – allowing it to be used as one of many computers pointed at a given service or site and taking it offline.

In some cases, tools to help with such attacks are being shared online with the promise of supporting attacks on Russian targets but which could in fact be pointed at any other website by other operators, security experts said.

Downloading such tools also comes with a range of risks and could put anyone involved at higher risk of retaliation.

That has led to a warning from cyber security firm Avast that users should be careful about downloading any such tools and becoming involved in those attacks.

“We have identified initiatives being shared through social media that encourage regular people to become hackers, by downloading DDoS tools to support DDoS attacks on Russian targets,” said Michal Salat, threat intelligence director at Avast.

“The analysis of one of these tools shows that it isn’t secure, as it collects personal data that can make users identifiable, such as your IP address, country code, city, location derived from IP address, user name, hardware configuration and system language. Since the configuration is downloaded from a remote server, the tool can also support a DDoS attack on any target the server operator/ tool author picks without you knowing.

“Although people might find it compelling to join these cyber forces as a way to voice their opinion on the war, it is still a cyber attack with all consequences. Users may think these tools provide a way to anonymously attack certain targets, however they don’t protect the privacy and anonymity of the user, and can put the person at risk of retaliation attacks.

“We strongly recommend that people do not engage with these initiatives, as they will escalate the situation and the ‘simple user friendly tools’ shared through these initiatives can be a privacy and security risk for the person downloading it.”

Those behind the tools identified by Avast are not the only cyber attackers attempting to exploit people who are looking for ways to help those in Ukraine. Cyber security researchers ESET said that scammers had been promoting fraudulent sites that suggested they would send donations to Ukraine.

“We often see cybercriminals take advantage of global crisis situations and they are very quick to make authentic looking websites for their own personal gain,” said Jake Moore, global cybersecurity adviser at ESET.

“Unfortunately many charitable people will be unaware of the official sites where their donations will be guaranteed to make a difference. It is always advised to verify any website requesting donations buts especially after a crisis as multiple scams will populate over the coming weeks.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in