Russia’s military began sending large numbers of weapons and troops into Belarus in late January. The official purpose of the movement was a joint military exercise, but Belarus, which has a 650-mile border with Ukraine and a government closely aligned with Moscow, was also a logical staging point for Russian President Vladimir Putin to carry out an invasion.
Several days after the troops arrived weird things started happening to the computer systems that ran the Belarus national railway system, which the Russian military was using as part of its mobilization. Passengers gathered on train platforms near Minsk, the capital, watched as information screens flickered and normal messaging was replaced by garbled text and an error message. Malfunctioning ticket systems led to long lines and delays as damaged software systems caused trains to grind to a halt in several cities, according to railway employees and posts that circulated on Belarusian social media.
The cause of the delays was a ransomware attack in which hackers had encrypted crucial files on the railway’s computer systems, rendering them inoperable. The perpetrators of such attacks usually demand money in exchange for unlocking the seized files. But the assailants in this case, a group of hackers identifying themselves as the Cyber Partisans, said they would provide the key to unlock the computers only if Russian troops left Belarus and the Belarusian government freed certain political prisoners.
The authoritarian government of Alexander Lukashenko was well aware of the Cyber Partisans, who’d become a key part of an opposition movement openly trying to overthrow his government. Lukashenko, a former Soviet official who’s been president of Belarus since 1994, is widely known as Europe’s “last dictator.” In 2020 he claimed victory in an election that the US and other countries have declared fraudulent, then ordered a violent response to the subsequent protests. The result has been a grinding conflict between his government and a broad movement of dissidents.
The anti-Lukashenko movement has been notable for the way it’s mixed analog forms of popular protest with online activism. Lukashenko’s opponents started by breaking into the websites of the government and state news agencies, a form of politically motivated hacking with a long history. Since then they’ve begun to branch into cyberattacks that result in physical damage, a tactic traditionally seen as the domain of state-sponsored agents. The result is beginning to look like a new model for revolutionary groups seeking to wage asymmetrical warfare, says Gabriella Coleman, a Harvard professor and an expert on hacking culture. “They are really innovating in a way I have not seen before,” she says of the Cyber Partisans. “It’s like traditional forms of sabotage, but using computer methods. What they are doing has taken hacktivism to the next level.”
In the purest sense, the cyberattack on the train system didn’t succeed. Russian troops didn’t leave the country, and Belarus didn’t free the political prisoners. But the train system remains impaired. The operation also signaled a major escalation in what had been a domestic conflict. The Belarusian dissidents now see a single, broader struggle against both Lukashenko and Putin and have begun to join forces with an informal and chaotic global coalition of pro-Ukraine hackers.
These groups have targeted dozens of Russian government agencies, dumping huge troves of stolen emails and documents online. Andriy Baranovych, a spokesman for the Ukrainian Cyber Alliance, one of the groups working with the Cyber Partisans, says that while information gathering is a goal of his organization, it’s also moving past that: “Political information has little value now. We are trying to cause disorder, disruption, deception—anything that could delay or stop Russia’s actions.”
Aliaksandr Azarau, a former Minsk police chief, arrived at a cafe near Warsaw’s central rail station one day in mid-March to tell the story of how he joined what he considers a war against Lukashenko’s government. Azarau, 45, is a stocky guy in a checked shirt and black jacket, with a piercing stare. He mentioned that he has to be wary of spies as he travels around Poland and regularly glanced at his phone for updates on the fighting in Ukraine.
For more than two decades, Azarau was a police officer in Belarus, working as a detective in a department focused on human trafficking, illegal immigration, and religious extremism. He rose to become a lieutenant colonel, heading a unit of an organized crime and corruption agency. He says he never supported Lukashenko but avoided criticizing the government until August 2020, when he says he personally witnessed fraud in the presidential election and overheard commanders issue what he described as illegal orders to attack and arrest peaceful pro-democracy protesters.
Azarau quit the force and fled to Poland, where he was later joined by his wife and two young daughters. He quickly fell in with the Belarusian exile community in Warsaw and signed up to join ByPol (the name is shorthand for Belarus Police), a group of self-described “honest officers” from Belarus’s law enforcement community who were advocating for free and fair democratic elections.
ByPol’s members weren’t hackers. But they soon linked up with the Cyber Partisans, who showed how their skills could help gather evidence of human-rights violations that could be used to argue for sanctions against government officials.
The hackers broke into government websites. They disclosed mortality statistics indicating that tens of thousands more people in Belarus died from Covid-19 than the government had publicly acknowledged. They also began releasing data including secret police archives, lists of alleged police informants, personal information about top government officials and spies, video footage gathered from police drones and detention centers, and secret recordings of phone calls from a government wiretapping system. ByPol members, with their knowledge of the inner workings of the regime, helped to analyze, authenticate, and distribute the hacked files.
Azarau says that information gathered by the hackers has been vital in documenting police abuses. But the cyberattacks were useful for doing more than simply embarrassing Lukashenko. One database the Cyber Partisans broke into included 10 million passport and driver’s license photos, which ByPol has used to create its own facial recognition system. It’s used it to identify suspected spies, as well as police officers shown attacking protesters in videos. If the group has a picture of a suspected Belarusian spy, it runs a check on the photograph. “People ask us, ‘Who is this person?’ We can say that it is not a problem, if it is just a student,” Azarau says. “Or we can see if it is a spy.”