Belarusian Cyber Partisans Declared War on Lukashenka's Regime
- 16.09.2020, 8:31
Hackers attack more and more targets.
In less than 10 days, three state websites were hacked in Belarus. The group "Belarusian cyber partisans" claimed responsibility for the incident, writes the Daily Storm.
On September 3, the largest Belarusian protest portal NEXTA published a training manual titled "Victory Plan" - a strategy on how to "return power to the people of Belarus" and achieve the fulfillment of the "three popular demands":
- the departure of Aliaksandr Lukashenka and the holding of new free elections;
- release of all political prisoners;
- fair trial over all those guilty of murders, tortures, and beatings of Belarusians.
Victory plan
The "Victory Plan" from NEXTA meant the creation of several protest fronts: street (marches, actions, strikes), economic (withdrawal of deposits from state banks, delay or non-payment of taxes and utilities, refusal of food and clothing produced at state-owned enterprises), the front of justice (assistance in identifying "punishers" and conducting investigations in relation to those killed and maimed by security forces).
The big strategic plan also included a chapter on battles on the information front: spreading the news on social networks and expanding the Telegram sector, creating thematic video and photo content. The item "Hacker War" was highlighted separately.
"The invaders attacked the IT specialists in vain - and they will regret it," says the tactical manual for hackers.
The drafters of the plan, in particular, proposed to include Viktor Tsoi's song "Changes" or the composition "Lyapis Trubetskoy" on advertising panels of Belarusian cities (it is not clear how this can be implemented technically on billboards not equipped with speakers; the proposal was not implemented).
The proposed plan for the "hacker war" was not limited to this:
"How about databases? Security forces, "those next to the trough" [probably officials. - Note by Daily Storm], any supporters of the regime. How about collecting data on real violations and unfair persecution of citizens? More and more projects like the "Black Book of Belarus" appear on the Web [86 thousand subscribers to Telegram. - Note. Daily Storm], collecting evidence on any crimes against the Belarusian people".
The manual's drafters suggested that cyberwar participants find a way to "disable" DPI blocking of opposition sites and resources of independent media, which the largest Belarusian Internet provider Beltelecom is responsible for: "So that the occupiers stop terrorizing the Internet."
The authors of the "hacker war" plan assured the followers that "their experience [of the cyber protest], fantasy, and dream of a new, free country will suggest many more interesting ideas. Lukashenka has declared war on his own people. The IT community announces his first hacker guerrilla."
Start
On September 2, the unknown hacktivists hacked the main page of the Lukashenka's administration website: instead of the usual interface, the "main" one displayed an image of a white-red-white flag [the official flag of the Belarusian People's Republic in 1918-1919] and a photo of Viktar Sheiman, head of the administration. The hackers chose a photo where Sheiman, in a ceremonial uniform, stands stretched out, and his head is covered with a photoshopped hat of Verka Serduchka.
"All the money went to punishers and propaganda, but nothing was spent on cybersecurity?" - the large Belarusian Telegram channel Luxta wrote mockingly.
On September 3, hacktivists broke into the website of the Belarusian Ministry of Internal Affairs. Two new "criminals" have appeared in the "Wanted" section: Lukashenka and Interior Minister Yury Karajeu. They were also included in the lists of "missing," and August 9, the day after the presidential elections in Belarus, was indicated as the date of "disappearance." In the column "Additional," Aliaksandr Lukashenka's section states: "He is accused of war crimes against the Belarusian people and usurpation of power in the Republic of Belarus." In the column "Special signs": "Severely limps when walking."
Then the site of the Belarusian Ministry of Internal Affairs "went down" and, at the time of publication of the material, was still inaccessible.
Cyber partisans
The next day after the hacking of the main police portal, the website of the Academy of the Ministry of Internal Affairs of the republic was attacked. An archival photo with young fascists from the Hitler Youth appeared on the main page, and next to them, instead of Adolf Hitler, Aliaksandr Lukashenka was photoshopped. The photo was accompanied by the red-green inscription "Academy of the Ministry of Internal Affairs." Above it, activists posted a message:
"The Academy of the Ministry of Internal Affairs is a school for liars, rapists, and murderers. Interior Ministry officers stained the honor of their uniforms with the blood of beaten and tortured people. If you are innocent, leave the Ministry of Internal Affairs ranks and join the people in the struggle for the freedom of Belarus. After a change of regime, you will be able to return to the department and serve the people, not the dictator! "
The newly formed group of hacktivists "Belarusian cyberpartisans" took responsibility for the hacking. They write about themselves:
"Sabotage, resistance, silence - this is about us." The description of their Telegram channel contains a binary code consisting of zeros and ones; the phrase "Long live Belarus!" is encrypted in it. The avatar of the "Belarusian Cyber Partisans" channel is an animated guy in glasses and a hood, working on a laptop with a white-red-white sticker pasted on.
On September 9, "Cyberpartisans" again hacked the main page of the Academy of the Ministry of Internal Affairs website. Instead of the usual interface, a picture appeared, in which a cheerful guy in a hood was drinking coffee while working at a laptop with a sticker of the Belarusian coat of arms "Pahonia."
A puzzle was placed next to the image:
"A and B were sitting on a pipe. And A fell. B is gone. Where is the KGB hiding? The answer is on the link."
This was followed by a link to the file hosting service, where the archive with the "answer" was located. Among the documents laid out by the hacktivists, there were scans of the KGB payments for the communal apartment.
Telegram channel NEXTA drew attention to the fact that the scans indicated addresses different from the one at which the main building of the KGB is located: Minsk, Independence Avenue, 17.
"What are the Chekists doing / were doing there [at these addresses]? Riddle! But clearly nothing good ... "- summed up the authors of NEXTA.
After the hacking of the Academy of the Ministry of Internal Affairs, "Cyberpartisans" identified the next target for the "hack" - state online lotteries.
On September 11, "Belarusian Cyber Partisans" launched an online room in the encrypted Keybase messenger - to communicate and interact with those wishing to join the ranks of hacktivists.