Cyber-activists opposed to the president of Belarus, Alexander Lukashenko, say they have penetrated the state-run railway’s computer system and threatened to paralyse trains moving Russian troops and artillery to the country for a potential attack on Ukraine.
Their goals include freeing political prisoners, removing Russian soldiers from Belarus and preventing Belarusians from “dying for this meaningless war”, a person involved in the attack told the Guardian.
A member of the “Cyberpartisans” said the hacktivist group had so far encrypted or destroyed internal databases that the Belarusian railways use to control traffic, customs and stations, an action that could cause delays to commercial and non-commercial trains and “indirectly affect Russia troops movement”.
They had so far avoided taking more drastic steps to paralyse trains by downing the signalling and emergency control systems, but said they “might do that in the future if we’re confident innocent people won’t get injured as a result”.
The group has demanded that Belarus cease serving as a staging ground for a buildup of Russian troops and military weaponry, some of it just miles from the Ukrainian border.
“We don’t want Russian soldiers in Belarus since it compromises the sovereignty of the country and puts it in danger of occupation,” the member of the Cyberpartisans told the Guardian. “It also pulls Belarus into a war with Ukraine. And probably Belarusian soldiers would have to participate in it and die for this meaningless war.”
An unverified local report had said that the buildup may include nearly 200 trains with Russian troops and equipment (military exercises in 2021 involved just 29 trains), although the Cyberpartisans said they had not sought or found confirmation of that number in the hacked databases yet.
To relinquish control over the Belarusian railways’ computer system, the group has also demanded the release of more than 50 political prisoners from Belarusian jails requiring medical assistance. The domestic human rights group Viasna has counted more than 995 political prisoners in Belarus following Lukashenko’s bloody crackdown on protests after elections marred by fraud in 2020.
The latest hack highlights the prominent role that cyber-operations against infrastructure could play in an upcoming conflict in the region, and shows how Lukashenko’s domestic battles may follow him into his tightening alliance with the Kremlin. One key factor in the anti-Lukashenko protests that began in 2020 was opposition to plans for greater economic and political integration of Russia and Belarus under a “Union State”.
Among Lukashenko’s staunchest opponents are the Cyberpartisans, a group of about 25 anonymous IT experts and other activists who have pulled off an impressive and embarrassing series of hacks against the government since they first appeared after the protests of 2020.
That has included a daring raid on the servers of the Belarus Ministry of Interior Affairs, giving them access to data on thousands of serving police officers in a country where many had sought to hide their identities while brutally cracking down on civil protests.
They have also obtained access to passport databases, secret files belonging to Belarusian KGB spies and security officials, police databases of informants, and prison CCTV networks confirming police brutality and torture. They have released hundreds of thousands of hours of wiretapped telephone conversations, including those of top officials.
Recently, the group has expanded into targeting state companies and firms that serve as sources of cash for Lukashenko, using ransomware attacks to demand the release of political prisoners rather than money.
“Since it became very dangerous for people to openly protest against the regime, we now became the only force capable of operating in Belarus,” said a member of the group, identified by the Cyrillic letter Ж (Zh). “We show real results of our work both by hacking and attacking government institutions and conducting physical impact operations.”
To confirm access to a recent database of hacked records of border crossings, Zh sent a Guardian correspondent a full list of his travel records to Belarus going back to 2016. “We have it for sure,’ wrote Zh. “Just a sec.”
That data would also allow the group to identify Belarusian and Russian spies crossing the country’s borders, Zh said, as well as “trips made by Lukashenko and his cronies and close circle, and would help reveal illegal activities and put sanctions on them.
“We know now more about his assets, his lovers, and secret criminal schemes” because of the hacks, Zh said. “We think he only now realises how much information we were able to gather and how harmful it is for him.”
The series of hacks has clearly shaken the government. The Cyberpartisans and two other pro-democracy groups were named as extremists this summer, and Lukashenko addressed the series of leaks by telling his top officials to write down information by hand instead.
“If you cannot … protect information on your computers, then go back to using paper,” Lukashenko told his ministers at a meeting in mid-August. “Write by hand and put it in your desk.”
Although members of the group remain anonymous (even to one another), their operations are still dangerous, they say, because they sometimes require insiders on the ground to take risks. To access the Interior Ministry network, “our people entered a regime’s facility and installed bridges that allowed us to connect to the MIA network remotely,” Zh said.
Threatening to disrupt Russia’s military buildup near Ukraine is likely to force the government to redouble its efforts to track down the group.
We are “concerned for our safety and to be honest, our lives,” wrote Zh. “The Belarusian government tries to infiltrate us but has not succeeded as of yet.”