People protest in front of the Chancellery against the Russian invasion of Ukraine on February 24, 2022 in Berlin, Germany. (Photo by Hannibal Hanschke/Getty Images)

WASHINGTON: In the global rush to support Ukraine against Russian invasion, some Ukrainian nationals and many others from around the world are heeding the call of a top Ukrainian official to join a volunteer “IT army.” But while the idea may appear sound in theory, a leading cybersecurity expert warns the digital free-for-all could backfire.

“They can cause more harm than good. I think that’s bluntly the biggest concern,” Adam Meyers, senior vice president for intelligence at CrowdStrike, told Breaking Defense in an interview. “The people doing this are arguably well intentioned, but that doesn’t mean they can’t do things that are not helpful.” 

Meyers didn’t fault the Ukrainians for the plan, saying, “I think Ukraine’s coming at it from a place of desperation at this point. […] They’re literally in a fight for their lives and they’re willing to bring any capability that they need to bear that they can because they have to. They don’t have a choice in this matter.”

The call for the “IT army” came over the weekend, when Ukraine’s deputy prime minister and minister for digital transformation Mykhailo Fedorov announced the effort on Twitter.

“We are creating an IT Army,” Fedorov said in Feb. 26 tweet. “We need digital talents. All operational tasks will be given here: t.me/itarmyofurraine. There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.”

The announcement came after several cyberattacks earlier this month targeting Ukrainian government and bank websites with a distributed denial-of-service (DDoS) attack, Fedorov confirmed on his own Telegram channel, and warnings from Ukraine’s government cybersecurity agency, CERT-UA, of potential hacks.  

Russia has not claimed responsibility for cyber attacks. However, White House Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger in a Feb. 18 press briefing said Russia was the likely culprit.

“The U.S. government believes that Russian cyber actors likely have targeted the … Ukranian government, including military and critical infrastructure networks, to collect intelligence and pre-position to conduct disruptive cyber activities,” Neuberger said.

Days ago a US official told reporters there are indications that Russia recently also conducted cyber attacks against the Kakhovka hydroelectric power plant. (Satellite imagery showed Russian forces at the plant, Reuters reported.)

RELATED: ‘Local’ Russian GPS Jamming In Ukraine Hasn’t Affected US Support Ops, So Far

As of Wednesday morning, more than 272,000 people had subscribed to the ‘IT Army of Ukraine’ Telegram channel. The first “task” in the channel included a hit list of 31 Russian banks and government organizations, including one of it’s largest banks, Sberbank, and oil producer Lukoil, for IT specialists, including hackers from foreign countries, to “use any vectors” of cyber and DDoS attacks.

Other messages asked volunteers to gather the social media accounts of close relatives of Russian oligarchs and phone numbers of Russian elites, including celebrities and opinion leaders. On Feb. 27, officials asked volunteers to target websites in Belarus. 

Meyers said that a country throwing out a Bat-Signal to the hacker community is not something you typically see and it could have repercussions those involved don’t realize, including legal issues. There’s no guarantee — and no prerequisite — that everyone involved must be a trained cyber professional, either.  

That lack of training “could potentially do some harm” against Ukraine’s own digital infrastructure, he said. For example, a DDoS attack could knock offline a key node that is used for internet traffic, Meyers said. He added having a bunch of individuals joining this effort also means they’re not able to “go through the deconfliction process and the things that a nation state might do” prior to launching a cyber attack. 

That’s before calculating in other non-state groups, like prolific ransomware gangs who have already publicly taken sides in the fight.

RELATED: No ‘noticeable’ changes to Russian nuclear posture: US official

Meanwhile, US companies remain on heightened alert for any potential cyber attacks at home. Meyers said some of CrowdStrike’s customers who are “actively engaged” in sanctions against Russia are concerned about possible implications in the cyber realm. 

“If you become involved in this either willingly or unwillingly, as a result of, let’s say, economic sanctions or other things, there could be blowback against you,” he said. “In this world that we live in, cyber conflict is a real and present danger that our customers see everyday. And so when there’s geopolitical context, they have to assess and understand what does that mean for them, what risk is occurring for them, which threats do they need to be aware of? Because it is a real concern for them.”

And their concerns are valid. Take for example the 2017 NotPetya cyber attacks, blamed on Russian actors, that started in Ukraine, but spread around the world. According to the Brookings Institution, the NotPetya cyber attack caused $10 billion in damage globally. One of the victims, multinational food company Mondelez International, headquartered in Chicago, was hit by the malware “disrupting the company’s email systems, file access, and logistics for weeks.” Total damages for that company alone were estimated at more than $100 million. 

President Joe Biden has been firm that the federal government will respond to any Russian cyber aggression.

“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” Biden said during a Feb. 24 White House briefing. “For months, we have been working closely with … the private sector to harden their cyber defenses, sharpen our ability to respond to Russian cyberattacks as well.” 

Meyers told Breaking Defense that although he sees avenues for cyber attacks closing as a result of “disruption of infrastructure” in Ukraine, and there haven’t been any globally crippling cyberattacks yet as a result of the conflict, that could change.

“Just because the window of cyber activity is closing in Ukraine, it doesn’t mean that’s closing elsewhere,” he said.