Cyber risks of modern warfare have led Western powers to debate the need for an autonomous cyber-service within its defenses. The world views the precedent of all-out cyber war through the first conflict that can be formally called a “cyber war” waged between Ukraine and Russia, and encompassing everything from deepfakes to telecom takedowns.

On March 25, a report from the Foundation for the Defense of Democracies highlighted key arguments for making an independent cyber force in the United States military. In Ukraine, by contrast, the feats of the IT army paint a picture of the efficiency a volunteer cyber defender corps can create for organized armies.

The Precedent

Russia’s full-scale invasion of Ukraine in February 2024 unleashed what is considered the first all-out cyber war between two nation-states. Many feared that Ukraine would suffer from a “Digital Pearl Harbor,” but that moment never came.

What the cyber war between Russia and Ukraine has shown the world is that the average person can play a role in warfare and these opportunities will only grow into the future. A volunteer hacker army in wartime is not meant to replace state services that are waging cyber war, but rather, allow volunteer hackers to support cyber war efforts.

As the world becomes digitalized, the more vulnerabilities there will be to target, and more of the world’s economy will sit in the digital world. Therefore, the impact of having a volunteer IT Army will continue to have a growing importance in the future for states like Taiwan.

A Volunteer Cyber Force Militia

The IT Army of Ukraine has offered volunteers from around the world the opportunity to contribute to Ukraine’s cyber offensive against Russia, executing a wide variety of attacks. These include leaking documents from Russia’s central bank, disrupting Internet services in territories occupied by Russia, incapacitating one of Moscow's major Internet providers, and targeting private corporations to hinder economic activities, among other cyber-attacks.

Russian cyber-attacks gradually fizzled out in 2022 and Ukraine with help from both public and private partnerships from the West withstood Russia’s cyber onslaught. In parallel, the Ukraine Ministry of Digital Transformation spearheaded the effort to bootstrap an IT Army to ensure maximum resistance.

IT Army Tactics

The main tactic of the IT Army involves executing Distributed Denial of Service (DDoS) attacks. DDoS attacks coordinate a large number of computers to launch a concerted attack on a specific network or website. By flooding the target with an overwhelming volume of requests, the strategy aims to overload the system, ultimately causing it to crash. Apart from disclosing its DDoS operations, the IT Army has been less revealing on other types of operations they conduct and how which military missions they were supporting with cyber attacks.

The IT Army has had an impact on “democratizing” DDoS operations, engaging civilians in a manner that has “profound implications” for the future of cyber operations, Pascal Geenens, the Director for Threat Intelligence of Radware wrote in a February 2024 analysis of the group’s contributions to the Ukraine war effort.

___

The IT Army’s Impact

IT Army representatives assessed that the group has inflicted economic losses on Russia estimated to be between $1 and $2 billion. Consequently, the cyber warfare conducted by the IT Army represents a novel and innovative form of sanctions against their adversaries.

By June 2022, the IT Army conducted over 2000 attacks. One DDoS attack by the IT Army was aimed at Russia's sole product authentication system (Chestny Znak). As a result, Russia was forced to abolish labeling and verification of certain products, leading businesses across Russia to suffer extensively. In December 2023, the IT Army conducted a DDoS attack and disrupted Bitrix24 servers, which is one of the most popular CRM systems for medium and small businesses in Russia.

“Economic exhaustion plays a decisive role in the outcome of conflicts, and cyber operations, including DDoS attacks and hacker interventions, are powerful tools in achieving this objective,” the spokesperson for the IT Army of Ukraine, “Ted” explained.

“The number of DDoS attacks on Russian companies doubled year on year in the first quarter. Mostly companies from critical industries...Roskomnadzor speaks of repelling almost three times more attacks in the first quarter alone than in the entire 2023,” the Russian news site Kommersant wrote.

While Russia has invested billions of dollars in building out its satellite internet network, Ukraine’s IT Army launched an attack in April 2024, that took out “two of the largest providers, Astra and Allegrosky” for more than several days.

Militia in an Organized Cyber War

However, assembling a volunteer IT Army presents a significant challenge because it introduces civilians to uncharted waters. This involvement helps to decentralize key aspects of warfare, showing how wars will increasingly be fought in the digital age. Ukraine has been attempting to draft legislation to provide a more formal legal structure to the fairly informal IT Army.

Earlier this year, Nataliya Tkachuck, Secretary of Ukraine’s National Coordination Center for Cybersecurity, explained to Newsweek that legislative processes were attempting to create cyber forces within Ukraine’s Defense Ministry. Such legislation would allow the IT Army to formalize, and foreign volunteer hackers would be compelled to join Ukraine’s cyber reserves.

Vasileios Karagiannopoulos, an Associate Professor in Cybercrime and Cybersecurity at the University of Portsmouth, believes that if the IT Army were incorporated into Ukraine’s cyber reserves, it could help offer legal protections for civilians participating in cyber war by offering “legal protection as combatants and potentially shield them from prosecution for their actions during the war.”

Recruiting Setbacks

At its peak, the IT Army had 300,000 members, The Guardian reported in 2022. That number has since dwindled, with roughly 170,000 members recorded by the Center For Strategic and International Studies estimated in an August 2023 report, a declining adjusted figure from original membership.

Overall subscriber count and the associated impact can be misleading, as while subscriber counts have decreased on the Telegram channel, the IT Army’s attacks have been growing in effectiveness and scale. This is because, at the start of the war, individuals were subscribing to a wide variety of channels related to the war, and over time, they began unsubscribing.

However, not all preparations will need to be technical, such as scouting targets to conduct potential DDoS attacks. One limitation that Ukraine’s IT Army has faced is engaging with non-technical audiences. To scale the work of effective botnets and DDoS attacks, more people are needed to join the attacks. However, the average civilian citizen does not consider themselves capable of conducting cyberattacks against the enemy.

Payoff

The IT Army’s spokesperson told Frontsight Media journalist David Kirichenko, in a prior interview from 2023, that the group has collaborated before with Ukraine’s army. If there is a battlefield objective and the military needs to disable a target, then they could relay a request to the hacker army to initiate an attack and support the takedown initiative. For example, if Ukraine’s hacker army attacked Russian satellite systems or attacked Russian telecom providers in occupied territories, which they have done before.