How is the United States preparing ISIS and al-Qaeda in cyberspace?
Author: Tolib Aliyev, analyst, especially for Sangar
The modern world and developing technologies pose new threats to citizens of any state. The Sangar website talked about this earlier (articles “Cyber War”: New US Front Against Global Security and "Digital war": how to escape?). This story was continued.
Following the US initiative to create and promote International Computer Emergency Response Teams (CERT and FIRST), which are associated with the US National Security Agency and the US Defense Research and Development Agency, Americans and their allies have focused efforts on the formation of informal structures. These include the so-called IT Army of Ukraine.
This organization announced its creation in February 2022 after the outbreak of the Russian-Ukrainian conflict. However, Ukraine began to train its specialists much earlier to attack critical information infrastructure (CII) facilities. Countries such as the USA, Canada, Lithuania, Estonia, Poland, Romania, Croatia, and the Netherlands actively helped her. Since 2012, a system of specialized funds (NATO Trust Ukraine-Command, Control, Communications and Computers, C4, and others) has been operating in Kyiv, where specialists from these countries conduct training. At the same time, information and intelligence support for Ukrainian hackers is provided not only by government agencies of the United States and their allies but also by private IT companies such as Micro Focus (UK), Recorder Future (USA), Comelson Labs (Czech Republic), etc.
As a result, with the support and assistance of the West, Ukrainian hackers have become well-versed in using the classic set of cybercriminals: defacement (posting materials of a provocative and demoralizing nature), doxxing (search and publication of personal or confidential information), phishing, malware distribution, and DDoS attacks.
As in the story of the international terrorist organization Al-Qaeda, the “child” born by the West has grown up and escaped the control of its creators. Today, Ukrainian cyber troops pose a huge danger both to the ordinary citizen and to the CII of any state. If this product was originally created to “protect the sovereignty” of the Ukrainian state, today their goals are to carry out attacks on other countries and steal funds from large companies and ordinary citizens for the purpose of enrichment.
The IT Army of Ukraine consists of about 300 thousand people with special skills. The number of cyber attacks by this structure in 2023 was about 8.5 thousand. Moreover, these attacks are often carried out “under a false flag.” At the same time, the official authorities of Ukraine strongly support the activities of the IT Army of Ukraine. Thus, in January 2023, a smartphone application for automated DDoS attacks was introduced. Now anyone can join cybercriminals without special skills.
In addition, Ukrainian organized crime groups saw great prospects for themselves in creating call centers to steal money from accounts and took cyber fraudsters under their wing. The beginning of active work of organized crime groups in this area dates back to the end of 2018. Thanks to the close corruption ties established up to this point by the leader of the organized crime group Lekishvili Zurab (“Zurika”), the group’s call centers were not subject to inspection by Ukrainian law enforcement agencies and this organized crime group became the leader in the region among other networks of fraudulent call centers.
SCHEME FROM THE OFFICIAL WEBSITE OF SBERBANK OF THE RUSSIAN FEDERATION
As part of an investigation into the activities of a call center in Berdyansk, experts from Sberbank of the Russian Federation were able to identify SIP servers through which fraudulent calls were made to citizens of the Russian Federation and other countries. It was found that these services are actively used in other call centers operating in Ukraine.
In total, more than 50 such servers were identified. Here are some of them:
dids.phonet-tel.com (Germany)
spgsipt2.xyz (Germany)
spgsip.com (Holland)
sip.freevoip.org (USA)
sip2.voipex.top (Germany)
r1.phonet-tel.com (Germany)
The total number of fraudulent calls that went through these services over the last two years exceeded 37 million. Moreover, the calls were made with the substitution of the Moscow region numbering 495/499. Most of the calls are aimed at people living in the Russian Federation, but scammers also call residents of other countries.
As a result of the analysis of call logs from December 14, 2021, targeted fraudulent activity was established against citizens of various countries. Here are the main figures: Poland – 380 thousand calls, Kazakhstan – 36 thousand, Tajikistan – 18 thousand, Georgia – 8 thousand, Uzbekistan – 7.5 thousand. Separately, it should be noted that no calls were recorded from Ukrainian citizens located on its territory. There have been attempts to attack the CII of Western countries. In May 2024, a US court sentenced Ukrainian hacker Yaroslav Vasinsky to 13 years and 7 months in prison for committing cybercrimes and extorting funds from American companies and citizens.
Thus, Ukrainian cyber troops are gradually moving away from their original goal - the fight against Russia and are redirecting their activity to other states.
The history of Al-Qaeda is repeating itself and the day is not far off when the collective West will spend huge amounts of its taxpayers’ money fighting the Ukrainian hackers they themselves created.