Cyber activists opposed to Belarusian President Alexander Lukashenko claim to have broken into the state railways’ computer system and threatened to cripple trains bringing Russian troops and artillery to the country for a potential attack on Ukraine.
Their goals include freeing political prisoners, withdrawing Russian soldiers from Belarus and preventing Belarusians from “dying for this meaningless war”, a person involved in the attack told the Guardian.
A member of ‘Cyberpartisan’ says the hacktivist group has so far encrypted or destroyed internal databases that Belarusian railways use to control traffic, customs and stations, an action that could lead to delays for commercial and non-commercial trains and “indirectly affect Russia”. troop movement.
They had so far avoided taking more drastic measures to cripple trains by taking down signaling and emergency control systems, but said they “may do so in the future if we are satisfied that innocent people will not be harmed”.
The group demanded that Belarus stop serving as a staging ground for a buildup of Russian military troops and armaments, some of which are within a few miles of the Ukrainian border.
“We don’t want Russian soldiers in Belarus because it compromises the country’s sovereignty and puts it at risk of occupation,” the Cyberpartisan member told the Guardian. “It also drags Belarus into a war with Ukraine. And probably Belarusian soldiers should take part in it and die for this meaningless war.
An unverified local report had indicated that the buildup could include nearly 200 trains with Russian troops and equipment (military exercises in 2021 involved only 29 trains), although Cyberpartisans said they had no not yet searched or found confirmation of this number in hacked databases.
To relinquish control of the Belarusian Railways computer system, the group also demanded the release of more than 50 political prisoners from Belarusian prisons in need of medical assistance. National human rights group Viasna has counted more than 995 political prisoners in Belarus following Lukashenko’s bloody crackdown on protests after a fraud-tainted election in 2020.
The latest hack highlights the prominent role cyber operations against infrastructure could play in a coming conflict in the region and shows how Lukashenko’s domestic battles could follow him into his closer alliance with the Kremlin. One of the key drivers of the anti-Lukashenko protests that began in 2020 has been opposition to plans for greater economic and political integration of Russia and Belarus into a “State of the Union”.
Among Lukashenko’s staunchest opponents are the Cyberpartisans, a group of around 25 anonymous computer experts and other activists who have pulled off an impressive and embarrassing series of hacks against the government since first emerging after the 2020 protests.
This included a daring raid on the servers of the Belarusian interior ministry, giving them access to data on thousands of police officers on duty in a country where many had sought to hide their identities while brutally suppressing civil protests.
They also gained access to passport databases, secret files belonging to KGB spies and Belarusian security officials, police informant databases and prison CCTV networks confirming brutality and torture policewomen. They released hundreds of thousands of hours of taped phone conversations, including those of senior officials.
Recently, the group has expanded by targeting state enterprises and companies that serve as sources of cash for Lukashenko, using ransomware attacks to demand the release of political prisoners rather than money.
“As it has become very dangerous for people to openly protest against the regime, we have now become the only force capable of operating in Belarus,” said a member of the group, identified by the Cyrillic letter Ж (Zh). “We are showing the real results of our work by both hacking and attacking government institutions and conducting physical impact operations.”
To confirm access to a recent database of hacked border crossing records, Zh sent a Guardian correspondent a full list of his Belarus travel records dating back to 2016. “We have it for sure,” Zh wrote. “Just a second.”
The data would also allow the group to identify Belarusian and Russian spies crossing the country’s borders, Zh said, as well as “trips made by Lukashenko and his cronies and his close entourage, and would help expose illegal activities and their impose penalties”.
“We now know more about his secret assets, lovers and criminal schemes” thanks to the hacks, Zh said. “We believe he is only now realizing the amount of information we may have gathered and how harmful it is to him.”
The series of hacks has clearly shaken the government. The Cyberpartisan and two other pro-democracy groups were labeled as extremists this summer, and Lukashenko responded to the series of leaks by telling his top officials to handwrite the information instead.
“If you can’t… protect the information on your computers, then go back to paper,” Lukashenko told his ministers at a meeting in mid-August. “Write it by hand and put it in your office.”
Although members of the group remain anonymous (even to each other), their operations are still dangerous, they say, because they sometimes force insiders on the ground to take risks. To access the Interior Ministry’s network, “our people entered a regime facility and installed bridges that allowed us to connect to the MIA network remotely,” Zh said.
Threatening to disrupt Russia’s military buildup near Ukraine is likely to force the government to redouble its efforts to track down the group.
We are “concerned for our safety and to be honest, our lives,” Zh wrote. “The Belarusian government is trying to infiltrate us but hasn’t succeeded yet.”