In 2023 the international community will face the question of how to decommission the IT army of Ukraine. Governments around the world will seek to return to the status quo that existed before the Russian invasion of Ukraine and before hacktivism was legalized. This may be easier said than done.
With a quarter of a million subscribers to the Telegram channel of the Ukrainian IT army and a bilingual website with attack instructions, target statuses, command-and-control tools, and distributed denial of service (DDoS) bots, it’s easy to see why governments have warned their citizens are against joining. The problem is not that the case is unfair, but that civilians involved in offensive cyber operations are not protected by law.
History provides a valuable lesson here. AT WIRE article, journalist Matt Burgess rightly noted that “a government-led volunteer unit designed to operate in the middle of a fast-paced war zone…is without precedent” in the IT space. We have precedents for ground wars involving international volunteers. For the International Brigades that fought against fascism in the Spanish Civil War of the 1930s, immortalized by Ernest Hemingway and George Orwell, legal protection lasted only as long as they were active combatants. After they were disbanded by order of the international committee, the attitude towards them in their homeland largely depended on their country of origin. In some countries they were welcomed as heroes, in others they were persecuted by the authorities, removed from military service or threatened with deprivation of citizenship. Their permanent protection was not provided.
Similarly, by answering calls to Russian websites and networks, Ukraine’s IT army volunteers can be flagged as suspects and even eventually prosecuted for cybercrimes. Justifying action in support of a good country against an evil oppressor does not translate into criminal law. DDoS is DDoS is DDoS.
Thus, in 2023, the distinction between those volunteers who simply work to bolster Ukraine’s defenses and those who are actively involved in offensive operations will become increasingly important, as will the distinction between profit-oriented criminal groups (Conti), long-time hacktivist collectives (Anonymous) and morally motivated people who joined the IT army “for once”.
Reports the fact that more and more so-called screenwriters and rookie hackers are joining the IT army also raises the possibility that Ukraine’s call to action may have spurred some people onto a career path. The key question in 2023 will be how to use these skills for good.
As Center for Strategic and International Studies found that the coordination of civilian volunteers can be problematic. The International Brigades of the Spanish War did not have to wait long for another conflict: World War II was just around the corner. Without effective command and control, the former military personnel of the IT army of Ukraine can simply disperse. Some of them may decide to use their services as cyber mercenaries. Others may seek motivation in another issue of social justice, whether it be state aggression or human rights violations. Just like freedom of the press and political dissent, post-repeal reproductive rights Rowe vs. Wade.
Thus, in 2023, voluntary cyber operations in support of Ukraine may prove to be both an opportunity and a challenge. It would be useful for governments to consider the IT army of Ukraine as a recruiting platform – a reserve of talent for official cyber volunteer programs. Without an international amnesty, it is also possible that members of this international brigade will become targets of interest.
WIRED has teamed up with Jobbio to create WIRED, a dedicated job marketplace for WIRED readers. Companies that want to advertise their jobs can visit WIRED Hired to post open jobs while anyone can search and apply for thousands of jobs. Jobbio is not affiliated with this story or any editorial content.