Eugene Dokukin is a 32-year old Ukrainian web security specialist and enthusiast. In 2014 he created Ukrainian Cyber Forces to counteract Russia’s warfare in cyberspace.
Since then Dokukin with occasional volunteers has taken down terrorists’ websites and social media accounts, blocked their accounts in payment systems as well as has collected footage documenting presence of Russian equipment and troops in the occupied areas. EMPR talks to Ukraine’s cyber warrior.
EMPR: When did you engage into the cyber warfare? How big is your team?
E.D.:I created the Ukrainian Cyber Forces on 9 June, 2014. I have had quite a few volunteers helping me since 1 September, 2015. By now many of them have quit. Their number has decreased even more since the beginning of 2016. I now have one person who is following public cameras in Crimea. Another one is doing geolocation using Google Earth. There is a person who is also doing geolocation and has his own team.
In addition, one person from Germany help me to block PayPal accounts.
EMPR: What do the Ukrainian Cyber Forces do to counteract Kremlin’s warfare in cyberspace?
E.D.: Since their first days of action the Ukrainian Cyber Forces were working to shut down websites of terrorists. There are hundreds of Kremlin’s propagandist websites in foreign languages, English in particular, hosted in Russia and to a lesser extent in Ukraine, there are also websites in Russian hosted in the west. Part of them are so-called “official” web sites of “DPR” and “LPR” – websites of terrorists or of their “agencies” as well as their “official” news sites. Me and my team of the Ukrainian Cyber Forces were dealing with these sites. I counted over one thousand operational web sites. We have shut down 163 such web sites either by DDoS attacks or by complaints to hosting providers. When we cannot close down these websites officially, we organize DDoS attacks on them and make them do so. Earlier in half of the cases and now almost in all of them our appeals to shut down the websites are refused until the official police order is issued. When I get this answer from Russian hosting companies, it is clear that I will not address the Russian police that listen only to Putin’s orders. In Ukraine the Security Service has closed down quite a few websites since 2014. There used to be around 100 such websites hosted in Ukraine, there are now 50 left. The rest were either closed down at the request of Ukraine’s Security Service or disabled by us. However, they have simply changed their hosting and are now hosted outside Ukraine.
I have been following the developments [in the occupied areas of Donetsk and Luhansk regions as well as in the annexed Crimea – EMPR] through public and private web cameras. I make photos and record videos of movement of [Russian] equipment and troops. I have published hundreds of such videos. BBC once used a photo I made, and there is also a video of a terrorist base. FSB [Federal Security Service of the Russian Federation – EMPR] has been following me. Once a base is published, the web camera goes off. For private cameras they change passwords. As to the public web cameras, they switched them off in Luhansk very quickly. There was one web site of the company that owned these cameras. They were immediately ordered to switch them off. In Donetsk and in other cities they were switching public cameras off manually. I have a video from August 2014 showing a “DPR” terrorist tearing down a camera with his hands. I have the last seconds of the camera’s life recorded. Another video we recorded was from Horlivka. There were no public cameras; we were using security cameras of commercial companies instead. Many vehicles were passing along the road that the camera was overlooking and we were recording it. Until a man in plain clothes came and took it down.
EMPR: What makes you say the personnel and equipment you spotted were actually Russian?
E.D.: They have a specific manner as they speak and a Russian accent. They may use the words that we do not use. They may be wearing clothes with stars or “pilotka” field hat – and look like the fans of the USSR. I also published many photos from the web cams where Russians are visiting the tourist places. In particular, they go to Donbas Arena [stadium in Donetsk] and make pictures of themselves with the soccer ball [monument installed in 2009]. Locals had their occasions to make the photos a thousand times before. I was constantly watching there people in military uniforms, Russian ones, with “pilotka” field hats, sometimes they were wearing common green uniforms same as terrorists had, sometimes ceremonial dress.
Russian T-90 tanks that are exclusively produced in Russia can be sometimes seen on selfie photos that Russians were making already in 2014. Starting from 2015 photos are being published of powerful military equipment that Russians did not use back in 2014 and that is Russian-produced. We were spotting Russian armored vehicles in 2014 and 2015. Unfortunately, over 2014 and 2015 many public web cameras were switched off including in Crimea. Even the web cameras at the Donbas Arena was turned off in November 2015. There are no operational public cameras left in Donetsk and Luhansk regions. There are some left in Crimea. I spot some military equipment there, but quite rarely. However, we are still registering [movement of equipment] at the Kerch ferry line. There is a person who is watching the Kerch ferry line 24/7. But we watch private web cameras and DVR in Donetsk and Lugansk regions, Crimea and Russia. We took control over 10000 private cameras in the last years.
EMPR: Do you get support from the Ukrainian government?
E.D.: I have been registering hacks into the Ukrainian government sites since 2006, I publish this information on my website and on social media. Ninety nine percent of the attacks pass unnoticed. Unless media create some fuss or the cases are high-profile. Say, when the Trojan malware was allegedly discovered on the website of the Central Election Commission [ahead of the Presidential elections in 2014], or when the blackout in the power system of the entire Ivano-Frankivsk region happened [in December 2015].
I counted that last year all Ukraine’s law enforcement agencies had a total budget of up to UAH 100 billion. Ukraine’s Security Service had UAH 4 billion of the budget last year. Neither of the agencies disbursed a single penny for cyber ATO [antiterrorist operation] neither in 2014, nor in 2015. I pay my bills myself, and I sometimes cover expenses of the volunteers who work with me at the Ukrainian Cyber Forces. Nevertheless, law enforcement personnel have been regularly addressing me for assistance since 2014. Apart from assistance requests from law enforcement I have had over 23 thousand requests from Ukrainian citizens asking me to take down this or that website.
We do not have bot networks. We take websites down from one IP address. I had someone helping me to hack into a website in January 2016 and with performing of DDoS attacks in autumn 2015. DDoS attacks cost from USD 100 to USD 1,000 per day per one site. I got 1,000 such websites. We are doing it without money, using our own efforts whenever we can. However, almost no websites are left in 2016 that we can take down on our own. There are web sites for which Putin spends a million per year to protect them. There is a couple of websites left from 2015 that we keep under DDoS attacks, they shut down and keep silent for a while and then restart. There are a lot of terrorists sites that we hacked or performed DDoS attacks upon them, but they recovered and reinforced protection. They have good budgets. Over the past two and a half years Ukrainian authorities have never thanked me or the Ukrainian Cyber Forces and gave no support.
EMPR: How the international community can help Ukraine fight terrorism in cyber space?
E.D.: Since August 2014 I have been calling on the U.S. citizens that I know to sue Google, Facebook and Twitter for support of terrorism. It includes their reluctance to close down such web sites or block accounts. In almost 100 percent of the cases when we submitted complaints they have been refusing to shut them down. One needs to have a U.S. lawyer for that, it is more simple to do for an American. In one of my posts I even mentioned what U.S. legislation is violated by separatists and terrorists [who use web services of these and other American companies].