Hackers release data trove from Belarus in bid to overthrow Lukashenko regime

File picture: Pexels

File picture: Pexels

Published Aug 25, 2021

Share

By Ryan Gallagher

Opponents of the Belarus government said they have pulled off an audacious hack that has compromised dozens of police and interior ministry databases as part of a broad effort to overthrow President Alexander Lukashenko's regime.

The Belarusian Cyber Partisans, as the hackers call themselves, have in recent weeks released portions of a huge data trove they say includes some of the country's most secret police and government databases. The information contains lists of alleged police informants, personal information about top government officials and spies, video footage gathered from police drones and detention centers and secret recordings of phone calls from a government wiretapping system, according to interviews with the hackers and documents reviewed by Bloomberg News.

Among the pilfered documents are personal details about Lukashenko's inner circle and intelligence officers. In addition, there are mortality statistics indicating that thousands more people in Belarus died from Covid-19 than the government has publicly acknowledged, the documents suggest.

In an interview and on social media, the hackers said they also sabotaged more than 240 surveillance cameras in Belarus and are preparing to shut down government computers with malicious software named X-App.

Belarus's interior ministry didn't respond to requests for comment. On July 30, the head of the country's KGB security agency, Ivan Tertel, said in a speech aired on state television that there had been "hacker attacks on personal data" and a "systematic collection of information," which he blamed on the work of "foreign special services," according to local news website Zerkalo.io.

While the immediate impact of the hack isn't entirely clear, experts said the long-term consequences could be significant, from undermining government proclamations to bolstering international efforts to sanction or prosecute Lukashenko and his subordinates. "If ever Lukashenko ends up facing prosecution in the International Criminal Court, for example, these records are going to be incredibly important," said Tanya Lokot, an associate professor at Dublin City University who specializes in protest and digital rights issues in Eastern Europe.

Nikolai Kvantaliani, a Belarusian digital security expert, said the data exposed by the Cyber Partisans showed "that officials knew they were targeting innocent people and used extra force with no reason." As a result, he said, "more people are starting to not believe in propaganda" from state media outlets, which suppressed images of police violence during anti-government demonstrations last year.

The hackers have teamed up with a group named BYPOL, created by former Belarusian police officers, who defected following the disputed election of Lukashenko last year. Mass demonstrations followed the election, and some police officers were accused of torturing and beating hundreds of citizens in a brutal crackdown.

Aliaksandr Azarau, a former police lieutenant colonel in Belarus who headed an organized crime and corruption unit, said he quit his job last year after witnessing election fraud and police violence. He moved to Poland and joined BYPOL, which he said had been working with the Cyber Partisans since around late last year. Azarau said the information the hackers released is authentic and that BYPOL plans to use it to hold corrupt police and government officials accountable.

The wiretapped phone recordings obtained by the hackers revealed that Belarus's interior ministry was spying on a wide range of people, including police officers-both senior and rank-and-file-as well as officials working with the prosecutor general, according to Azarau. The recordings also offer audio evidence of police commanders ordering violence against protesters, he said.

"We are cooperating closely with the Cyber Partisans. The information from them is very important for us," Azarau said. "They hacked most of the main police database, and they downloaded all information, including information from the security service wiretapping department, the most secret department of our police."

"We found that they were wiretapping the most famous law enforcement agents," he said. "And now we can listen to them and understand their orders to commit crimes against people." Azarau said the group hopes to use the information to pursue sanctions against Belarusian officials in the EU and the U.S.; earlier this month, both the U.S. and the U.K. announced sanctions against individuals and entities tied to Lukashenko's regime.

During other periods of unrest in recent years, activist hackers, known as hacktivists, have breached government computers. During the Arab Spring in 2011, hackers affiliated with the Anonymous collective carried out distributed denial of service attacks to bring down government websites in Tunisia and Egypt. Meanwhile, in Turkey, a Marxist hacker group named RedHack breached police, corporate and government databases in a series of attacks staged between 2012 and 2014. In 2016, a group of hackers calling themselves the Ukrainian Cyber Alliance formed to counter Russian aggression in Ukraine. They compromised Russian Ministry of Defense servers and breached emails of alleged Russian militants and propagandists.

Gabriella Coleman, a professor at McGill University and an expert on hacktivism, said that the Cyber Partisans' highly organized and persistent hacks, paired with its collaboration with former police officers, set it apart from other groups, whose operations have often been chaotic and experimental. "I don't think there are a lot of parallels to this," said Coleman. "That they are so sophisticated and are attacking on multiple levels, it's not something I've seen before except in the movies."

A spokesman for the Cyber Partisans, who requested anonymity due to security concerns, said in an interview that the group includes about 15 people, three or four of whom focus their efforts on what he described as "ethical hacking" of Belarusian government computers. The rest work on data analysis and other tasks, he said. Most of those involved with the group are Belarusian citizens who work in the information technology business, the spokesman said, and some had worked on so-called penetration testing, a method of evaluating the security of computers and networks by simulating an attack on them.

Earlier this year, an affiliate of the group obtained physical access to a Belarus government facility and broke into the computer network while inside, the spokesman said. That laid the groundwork for the group to later gain further access, compromising some of the ministry's most sensitive databases, he said. The stolen material includes the archive of secretly recorded phone conversations, which amounts to between 1 million and 2 million minutes of audio, according to the spokesman.

The hackers joined together in September 2020, after the disputed election. Their initial actions were small and symbolic, according to screenshots viewed by Bloomberg News. They hacked state news websites and inserted videos showing scenes of police brutality. They compromised a police "most wanted" list, adding the names of Lukashenko and his former interior minister, Yury Karayeu, to the list. And they defaced government websites with the red and white national flags favored by protesters over the official Belarusian red and green flag.

Those initial breaches attracted other hackers to the Cyber Partisans' cause, and as it has grown, the group has become bolder with the scope of its intrusions. The spokesman said its aims are to protect the sovereignty and independence of Belarus and ultimately to remove Lukashenko from power.

Franak Viačorka, a senior adviser to Belarus' exiled opposition leader, Sviatlana Tsikhanouskaya, said the hackers were engaged in "non-violent resistance."

"When people face terror and repression, they can't defend themselves with arms. They can defend themselves with creativity," Viačorka said.

Names and addresses of government officials and alleged informants obtained by the hackers have been shared with Belarusian websites, including Blackmap.org, that seek to "name and shame" people cooperating with the regime and its efforts to suppress peaceful protests, according to Viačorka and the websites themselves. That has created difficulties for officials working for the Lukashenko regime, Viačorka said.

"It creates pressure on them," Viačorka said. "It creates fractures within the government and a feeling that you can't trust anyone when you are in the system."

The Cyber Partisans said they are working with other groups to continue to hack government infrastructure. They are progressing toward what they call Moment X, a period that will combine computer sabotage with physical uprising on the streets, resulting in what the group hopes will be the overthrow of the Lukashenko government.

Azarau, the former police lieutenant colonel, is pursing the same goal, working with BYPOL to create an "undercover Belarusian army," he said. "We are building structures inside, and one day we will be ready to change the power, the regime."

Bloomberg

Related Topics: