Search

‘Cyber Partisans’ hack Russian military buildup in a resistance first

A railcar carrying Russian military hardware sits at a railway station in Belarus. Cyber-activists penetrated the state railway’s computer system and threatened to paralyze trains moving Russian troops and equipment to the Ukraine border. [Russian Defence Ministry/Tass]

In a 21st century twist on an old wartime theme, hacktivists in Belarus penetrated the state-run railway’s computer network and threatened to paralyze trains moving Russian troops and equipment bound for a potential invasion of Ukraine.

The group Belarusian Cyber Partisans said on Jan. 24 it had encrypted servers, databases and workstations, disrupting ticket sales and stalling freight trains. It destroyed some backup systems and encrypted others. It threatened further action if its demands were not met.

The Cyber Partisans first breached the railway network in December 2021.

Belarus’s self-described dictator, President Alexander Lukashenko, is a close ally of Russia. More than 100,000 Russian troops were amassed on the Belarus-Ukraine border for what was described as an exercise. Western leaders feared an imminent attack.

The 15- to 30-member hacktivist group, formed during elections last August, was demanding the release of 50 political prisoners in need of medical care and the exit of Russian soldiers from Belarusian territory.

Speaking to Bloomberg News, the exiled Belarusian opposition leader, Svetlana Tikhanovskaya, described the hack as a “massive action” that “could paralyze the railroad infrastructure.”

Belarusian Cyber Partisans logo. [Wikimedia]

“At the command of the terrorist [Lukashenko], #Belarusian Railway allows the occupying troops to enter our land. We encrypted some of BR’s servers, databases, and workstations to disrupt its operations,” the hackers tweeted, noting that they were careful not to affect systems that could endanger rail customers.

The Cyber Partisans first breached the railway network in December 2021, when they entered its signaling and control system but decided against tampering with it for safety reasons, a spokesperson said.

At 1:10 a.m. on Feb. 2, a suitcase bomb exploded on the bridge, blowing out windows across Vanceboro and St. Croix.

 

From Lawrence of Arabia in the First World War to French Resistance efforts in the second, railroads have long been a favourite target of small groups seeking disproportionately large impacts. German operatives even bombed a railway bridge spanning the St. Croix River between New Brunswick and Maine in 1915.

The seemingly innocuous Saint Croix-Vanceboro Railway Bridge running 30 metres between the sleepy villages of St. Croix, N.B., and Vanceboro, Me., was targeted by German operatives after the Maine Central Railroad allowed the Canadian Pacific Railway to transport Canadian troops and materiel along its line to Halifax for shipment overseas. America would not join the war for two more years, and this was against the provisions of its Neutrality Act. Germany protested, but to no avail.

At 1:10 a.m. on Feb. 2, a suitcase bomb exploded on the bridge, blowing out windows across Vanceboro and St. Croix. Some bridge beams were twisted and bent, but the damage was minor and it was repaired within days.

The bomber, Werner Horn, was convicted on a U.S. explosives charge and served time in an Atlanta prison. A New Brunswick court then convicted him of sabotage. He was extradited and sentenced to 10 years in Dorchester Penitentiary, but was released in 1921 on grounds of insanity and deported to Germany.

 

T.E. Lawrence, widely known as Lawrence of Arabia, was at the forefront of attacks by Arab forces fighting against Ottoman Turks, many of them involving railway links. The most famous of them was the pivotal Hallat Ammar train ambush.

Historians widely agree that the action during the Arab Revolt of 1916-1918 was a key event in defining the tactics used in modern guerilla warfare.

Depicted in the David Lean film Lawrence of Arabia, the September 1917 ambush in the Arabian desert employed mortars, two Lewis light machine guns, more than 20 kilograms of blasting gelatine and 80-some riflemen posted in a line just below the lip of a low ridge running about 140 metres parallel to the railroad.

A train sits abandoned in the Arabian desert a century after it was ambushed by T.E. Lawrence (Lawrence of Arabia) and his band of rebels. [Reddit]

The initial blast destroyed the train’s two engines. The ensuing firefight—described by Weapons and Warfare as “sudden, bloody and one-sided”—lasted all of 10 minutes. Seventy Turks were killed. Another 30 were wounded and 90 captured. Only two Arabs died and three were wounded.

“The moment it ended, the Arabs rushed the train and tore it apart. The scene was transformed from one of close-quarters killing to one of frenzied plundering.

“The withdrawal was chaotic but successful.”

In 2016, archeologists found a single Colt 1911 automatic pistol bullet among hundreds of other spent rounds at the site near the Jordanian border. Experts say it could only have been fired by Lawrence, whose account of his role in the battle had, until that point, been questioned.

Lawrence on the Brough Superior SS100 that he called “George V.” He died six days after a motorcycle crash on May 13, 1935, two months after leaving the military. [Wikimedia]

Railways were a preferred target of resistance efforts in occupied Europe during the Second World War. For German forces, railways were a critical means of transporting men and equipment across broad expanses of conquered territory. For small bands of partisans, they were relatively easy prey—sparsely patrolled, high-value targets.

French Resistance fighters were famous for their sabotage of railways throughout the German occupation of 1940-1944, culminating in a series of pre-D-Day attacks they co-ordinated with the British.

A resistance fighter sets a charge along a railway line somewhere in France during the Second World War. [Credit: IWM/HU56936]

The operation, known as Plan Vert or Operation Vert, involved the Résistance-Fer (“Iron Resistance”), composed primarily of French national railway workers. Their efforts helped prevent German troop deployments to the front and later hindered their retreat.

Some 150 Résistance-Fer agents were shot and about 500 deported, half of whom died in the process.

Railways were also targeted by resistance fighters in Poland, through which virtually all German supplies to the Eastern Front passed, as well as Denmark, Greece, Norway, Romania, Yugoslavia and the Soviet Union, where broken and overextended supply lines figured greatly in the Wehrmacht’s defeat.

 

Today, simmering wars are increasingly fought in the virtual world. In spite of the rise in cyber attacks at many levels, however, Wired magazine described the Belarusian group’s effort as a “geopolitically charged” first.

“This is the first time I can recall non-state actors having deployed ransomware purely for political objectives,” Brett Callow, a researcher at security firm Emsisoft, told the magazine. “I find this absolutely fascinating, and I’m surprised it didn’t happen a long, long time ago.

The effort ultimately destroyed hundreds of networks worldwide.

“It’s far more effective than waving placards outside a puppy-testing lab.”

State-sponsored hackers have used ransomware and related software for political coercion in the past, writer Andy Greenberg reported in the magazine’s online edition on Jan. 25.

North Korean hackers planted destructive malware on machines across the Sony Pictures network in an attempt to prevent release of the Kim Jong-un assassination comedy The Interview in 2014. In 2016 and 2017, Russian hackers known as Sandworm, part of the country’s GRU military intelligence agency, used a form of ransomware to destroy computers across Ukraine while posing as profit-seeking cyber criminals. The effort ultimately destroyed hundreds of networks worldwide.

Franak Viačorka, a technical advisor to the Belarusian opposition leader, said the Cyber Partisans are genuine grassroots hacktivists.

Since last summer’s disputed elections, the group has breached government and police databases and leaked their contents, exposing the inner workings of a government crackdown on protestors and cover-up of COVID-19 infection rates.

Viačorka explained the Cyber Partisans are part of the Belarusian Supraciu (solidarity) movement of political dissident activists seeking the overthrow of Lukashenko’s regime. Belarus designated the Supraciu terrorists last November.

Added Viačorka: “Cyberspace has become the domain of battle in our fight for freedom. This is not only their revenge on the regime but how we keep the regime accountable.”

 

 


Advertisement


Most Popular
Sign up to our newsletter

Stay up to date with the latest from Legion magazine

By signing up for the e-newsletter you accept our terms and conditions and privacy policy.

Advertisement
Listen to the Podcast

Sign up today for a FREE download of Canada’s War Stories

Free e-book

An informative primer on Canada’s crucial role in the Normandy landing, June 6, 1944.