The Anonymous hacktivist collective has been bombarding Russia with cyber-attacks since declaring “cyber war” on President Vladimir Putin in retaliation for the invasion of Ukraine. Several people operating under its banner spoke to the BBC about their motives, tactics and plans.
Of all the cyber-attacks carried out since the Ukraine conflict started, an Anonymous hack on Russian TV networks stands out.
The hack was captured in a short video clip which shows normal programming interrupted with images of bombs exploding in Ukraine and soldiers talking about the horrors of the conflict.
The video began circulating on the 26 February and was shared by Anonymous social media accounts with millions of followers. “JUST IN: #Russian state TV channels have been hacked by #Anonymous to broadcast the truth about what happens in #Ukraine,” one post read.
It quickly racked up millions of views.
The stunt has all the hallmarks of an Anonymous hack – dramatic, impactful and easy to share online. Like many of the group’s other cyber-attacks it was also extremely hard to verify.
But one of the smaller groups of Anonymous hackers said that they were responsible, and that they took over TV services for 12 minutes.
The first person to post the video was also able to verify it was real. Eliza lives in the US but her father is Russian and called her when his TV shows were interrupted. “My father called me when it happened and said, ‘Oh my God, they’re showing the truth!’ So I got him to record it and I posted the clip online. He says one of his friends saw it happen too.”
Rostelecom, the Russian company that runs the hacked services did not respond to requests for comment.
The hackers justified their actions saying innocent Ukrainians were being massacred. “We will intensify the attacks on the Kremlin, if nothing is done to restore peace in Ukraine,” they added.
Anonymous says it also taken down Russian websites and stolen government data, but Lisa Forte, a partner at cyber-security company Red Goat says most of these attacks have so far been “quite basic”.
Hackers have mostly been using DDoS attacks, where a server is overwhelmed by a flood of requests, she said. These are relatively simple to carry out and only take websites offline temporarily.
“But the TV hack is incredibly creative,” she said, “and I would think quite difficult to pull off.”
The hacktivist collective first emerged in 2003 from the website 4chan
The group has no leadership, its tagline is “We are legion”
Anyone can claim to be a part of the group and hack for any cause they want, but they generally they attack organisations accused of misusing power
Their symbol is a Guy Fawkes mask, made famous by Alan Moore’s graphic novel V for Vendetta in which an anarchist revolutionary topples a corrupt fascist government
The group has many social media accounts, with 15.5 million followers on its Twitter pages alone
Anonymous hackers have also defaced Russian websites. Forte says this involves gaining control of a website to change the content displayed.
So far, the attacks have caused disruption and embarrassment, but cyber-experts have become increasingly concerned by the explosion of hacktivism since the invasion.
They are worried that that a hacker might accidentally knock out a hospital’s computer network or interrupt critical communication links.
“I’ve never seen anything like this,” says Emily Taylor from the Cyber Policy Journal.
“These attacks do carry risks. [They] could lead to escalation, or someone could accidentally cause real damage to a critical part of civilian life.”
Anonymous has not been this active in years. Roman, a Ukrainian tech entrepreneur who heads a group of hackers called Stand for Ukraine, had no links with the organisation until Russia invaded his country.
But he told me that when he and his team briefly defaced the website of the Russian state news agency, Tass, with an anti-Putin poster, they included an Anonymous logo.
Roman works from his sixth-floor apartment in Kyiv, co-ordinating his team as they create websites, Android apps and Telegram bots to help Ukraine’s war effort, and hack Russian targets.
“I am ready to go and pick up a rifle for Ukraine, but at the moment my skills are better used at the computer. So I’m here in my home with my two laptops, co-ordinating this IT resistance.”
He says his group took a Russian regional train ticket service offline for a number of hours, although the BBC has not been able to verify this.
He defends his actions saying: “These things are illegal and wrong until there is a threat to you or your relative.”
Another group that has merged with Anonymous is a Polish hacking team called Squad 303, named after a famous Polish fighter squadron in World War Two.
“We work together with Anonymous all the time and I now consider myself a member of the Anonymous movement,” says one of the group, who uses the name of WW2 pilot Jan Zumbach as his moniker.
He didn’t want his photograph published but another member of his team, a Ukrainian, sent a picture of himself in a helmet and mask. He described his situation as “on the barricade with a rifle during the day and hacking with the Squad/Anonymous at night”.
Squad 303 has built a website allowing members of the public to send text messages to random Russian phone numbers, telling them the truth about the war. They claim to have facilitated more than 20 million SMS and WhatsApp messages.
Two Anonymous groups I spoke to cited this as the most impactful thing the collective has done so far for Ukraine.
Asked how he justified the Squad’s illegal activity, Jan Zumbach said they did not steal or share any private information and were only trying to speak to Russians, with the aim of winning the information war.
However he also said they were planning a more impactful hack in the coming days.
Vigilante groups in Russia are also carrying out attacks on Ukraine, but seemingly on a smaller scale.
There have been three major waves of co-ordinated DDoS attacks against Ukraine since January, plus three incidents of more serious “wiper” attacks that deleted data on a small number of Ukrainian computer systems.
On Wednesday a manipulated video of President Zelensky appeared on the Ukraine 24 TV channel website after an apparent hack.
In the current environment, though, it’s hard to know exactly who is behind any given cyber-attack.
“The Achilles heel of Anonymous is that anyone can claim to be Anonymous, including state actors operating against what we’re fighting for,” says long-standing Anonymous hacker Anon2World.
“With our current rise in popularity, it’s (almost) a given that there will be obvious repercussions from a government entity. As for adding to the chaos, we’re used to chaos, especially online.”