The Cyberpartisans have claimed responsibility for several high-profile hacks, their latest targeting military trains headed from Russia to Belarus.

Yuliana Shemetovets was in New York when large-scale anti-Lukashenko protests broke out in Belarus in August 2020, when she received an unusual offer: to become the spokesperson for a group of hackers who had exposed state brutality against protestors. 

The 28-year-old moved to the city five years ago to study political science, but has kept close ties with Belarus, where she’s been involved in opposition politics for over a decade.

“Back when I was at university I joined some protests and participated in several opposition discussions freely,” Shemetovets recounts.

 “In those days, the regime was detaining some active and popular opposition leaders, but mainly let others be in opposition without severe repressions,” she added. Unwilling to be recruited into the foreign affairs ministry, a path many of her fellow faculty students pursued, she left to study abroad.

 “Even five years ago there were not as many people that were ready to show their dissatisfaction with the regime openly,” Shemetovets says, “many people were apolitical.”

 The turning point for the Belarusian opposition was 2017, when the government introduced a tax on the unemployed infamously known as the “tax on social parasites”, targeting people who worked less than 183 days a year. The government backtracked after widespread protests, which consolidated the opposition but also toughened the government’s tolerance of dissent.

“When I first heard about protests that finally started in my homeland [in 2020] I naturally wanted to come back and support people but because of covid and some other restrictions I couldn’t do it,” Shemetovets says. Many people in her inner circle were detained and are still in prison.

“I learned about [them] from the news while being here in New York,” she says.

As tens of thousands of people took to the streets to protest the results of elections they said had been rigged – and that longtime leader Alexander Lukashenko officially won by a landslide – a small group of anonymous tech experts made headlines when they hijacked a TV station to stream scenes of police brutality.

The group, now known as the Cyberpartisans, has since graced headlines for major hacks including defacing government websites and leaking phone calls from an interior ministry database. Last month, they made global headlines when they orchestrated a cyberattack aimed at disrupting trains carrying military equipment and personnel headed from Russia to Belarus - where the Russian government has stationed an unknown number of troops as tensions with the West over neighbouring Ukraine escalated.

“At first I refused to be honest. I was afraid,” Shemetovets, who has a day job at an NGO, explains over a video call from New York City. “But then nothing changed in Belarus. There was still repression. It affected my friends, family, everyone.” 

The Cyberpartisans' social media logo
The Cyberpartisans' social media logo (Cyberpartisans logo)

Targeting the government

The Cyberpartisans — whose tactics include the use of irony, website defacement and hacking to reach political goals are reminiscent of those used by Anonymous — have refined their tactics and communications since the early days. Rather than hacking for ransom or profit, they identify themselves as “hackvists” whose actions aim to attain political goals.

It’s easy to see why Shemetovets was picked for the job: unimposing but confident in her manner of speaking, her oversized glasses, tight hair bun, and casual linen shirt striking the right balance of hip and stern.

“I rationally thought about it. I do agree with the goals and values that Cyberpartisans have,” Shemetovets says. 

Lukashenko has ruled Belarus since 1994, when he rose from the ashes of the Soviet Union’s collapse three years earlier, winning the country’s first – and many would say last – free elections. 

As people on the streets of Belarus demanded economic reforms and democracy, in September 2020 the Cyberpartisans leaked the personal details of about 1,000 police officers to expose the identity of those responsible for executing the crackdown, which saw thousands of people arrested as thousands more fled the country.

“No one will remain anonymous, even under a balaclava,” the group, which distributed the leak through a popular Telegram channel, said at the time.

At around the same time, the Cyberpartisans defaced the website of the Belarusian presidency, replacing its front page with the image of a silly-looking army general. It also tampered with the most-wanted list on the ministry of interior’s website, adding Lukashenko and the minister to it.

Despite the sometimes playful tactics, the group – which is part of a larger movement called Suprativ - does not make it a secret that their ultimate aim is regime change in Belarus - often referred to as “Europe’s last dictatorship”. Lukashenko has in turn accused the opposition of harbouring terror cells supported by Western governments

The group’s biggest hack, arguably, took place in September 2021, when it claimed to have gained access to more than five million wiretapped phone conversations saved on the servers of the interior ministry, which allegedly exposed how security forces were ordered to crack down and beat peaceful protesters.

The Belarusian government has never commented directly on the leaks, but KGB official Ivan Tertel told Belarusian state TV there had been a “systematic collection of information” by forces connected with “foreign special services.” 

According to Shemetovets, the government’s strategy towards the Cyberpartisans has been to pretend they don't exist, and that also extends to the largely government-controlled media.

“We think they are trying not to advertise the Cyberpartisans so that people who watch TV won’t want to learn more about them,” she says.

Shemetovets denies the group receives any funds or support from Western governments, but says their international network includes Bypol, an association of former Belarusian security officials based outside Belarus, who support opposition leader Svetlana Tikhanovskaya.

“I know that cyber partisans share some data, some information with them,” Shemetovets says. The former officers group has helped Cyberpartisans identify officers who had been “giving unlawful orders” they later targeted with their leaks.

“There is some coordination, and Cyberpartisans are helping them too by [supplying] the data,” she adds.

Non-professional “hacktivists”

Despite the group claiming high impact hacking operations against the government, Shemetovets maintains the group’s members are all former IT sector professionals who learned everything “on the go”.

“They're not hackers, none of them were hackers at any point,” Shemetovets says. Belarus has a thriving IT sector driven by considerable tax advantages, which turned the country into a regional tech hub. When protests broke out, many of those IT professionals, who tend to be pro-democracy liberals, joined the marches.

She says neither she nor the majority of about 30 members affiliated with the group have hacking skills, as only a core of three to five members are responsible for conducting the actual hacks, or able to gain full access to the data. Other roles include developers, testers, and data analysts. 

“I don’t know who they are, and I don’t want to know,” she says. “Even if someone gets access to my phone … they are not going to find anything that can reveal any sensitive information.”

The latest attack on the Russian trains was the most sophisticated the group has ever conducted, according to Shemetovets.

“They got access to the signalling system, to the automation system. So at some point they were able even to basically shut down everything,” she says, adding that they refrained from doing so over fears that tampering with complex databases could put passengers in danger. 

The Belarusian state-run railway company confirmed that some disruption had taken place, but even the Cyberpartisans don’t know to what extent they were able to disrupt the military cargo trains headed to Belarus. The Belarusian government, which maintains “channels of communications” with the group, had not responded to their request for the release of 50 political prisoners. 

“The purpose of this attack was to indirectly slow down Russian troops on the territory of Belarus, and show [its] strategically most important infrastructure is overlooked by Lukashenko,” Shemetovets says.

“One of the reasons why Cyberpartisans wanted to target these freight trains is also because Belarus is at the centre of Europe and a lot of other countries are using these systems” she says, “It’s to show that Lukashenko is not only not safe for the people of Belarus, but also for its neighbours.” 

Source: TRT World