Anti-war hacking leads to digital xenophobia and a more hostile internet

The horrific Russian military invasion of Ukraine led to a backlash against Russia. Temptation is to name anything Russian, from government media And the the students to the cats, bad and prevented to indicate anger and ostracism. This kind of thinking has infected the open source and internet security communities as well – a horrific idea with potentially disastrous consequences.

Recently, the popular open source Node JS package maintainer “node-ipc” released a new plugin called “peacenotwar”. The Node JS package is publicly available JavaScript code that developers use to add functionality to applications. According to the admin, this plugin will display a message of peace on users’ desktops, as a non-violent protest against Russian aggression. Some versions of the node-ipc package, a networking tool that has been downloaded millions of times, will run this invocation program automatically. Then a post on Github claimed that some versions of the node-ipc package were deleted and Overwrite all files with a heart emoji if the package is installed on a computer with a Russian or Belarusian IP address.

If the accusations are true, this is a terrible idea that could lead to all sorts of horrible and unintended consequences. What if a Russian human rights or anti-war organization, or a Russian hospital, is using this particular software package? This action – although considered a minor peaceful protest by the package maker – could result in the loss of important footage of protests or war crimes, the loss of medical records, or even the death of innocent people.

Now the trend of unbaked hacking activity involving internet users is increasing daily Websites and games which encourages users to become part of DDoS (Distributed Denial of Service) attacks against certain Russian digital assets. For the same reasons mentioned above, randomizing attacks without thinking about the potential consequences and collateral damage are heart-wrenching actions that amount to shooting in the dark. The consequences for users who were part of this campaign are also unknown. Do users realize that their IP addresses can be logged by a potentially aggressive and retaliatory target? It is an incredibly irresponsible measure that gives tools to ordinary users without the due diligence they deserve, putting innocent lives at risk on all sides.

Targeting every computer with a Russian or Belarusian IP address with this kind of hack as a way to protest government actions is downright absurd and harmful. Developers who live in countries that commit war crimes, Including the United StatesThey may want to think about how they would feel if the tables were turned.

However, this kind of digital xenophobia did not start with the Russian military invasion of Ukraine. For many years, a common advocate for the network has been to block some notorious countries from your network, effectively creating IP block lists. Most of the traffic coming from Russia or China is believed to be malicious, so why not block all traffic coming from Russian or Chinese IP addresses? Putting aside for a moment the question of whether Russian and Chinese hackers have heard of VPNs, this part of the network security scene ensures that entire countries are thrown under the bus, and many may find your service useful, due to a few bad actors.

Calls escalate to Unplug Russia from the Internet Since the Russian invasion of Ukraine. This is a horrific idea and it is treating Russia once again as a monolith, punishing the Russian people for the actions of their authoritarian leaders. Russians who may be looking for information about a protest or trying to find news of war dead will be banned. Someone who lives in Ukraine in a region bordering Russia or Belarus can have their IP address incorrectly classified as Russian or Belarusian. Their communications and ability to access relief or evacuation efforts websites may be blocked.

We have warned against reformulating the basic infrastructure protocols of the Internet—Such as disconnecting Russia from the Internet by revoking top-level domain names or revoking IP addresses — to protest war is likely to lead to a host of serious and long-term consequences. It will deny people a powerful tool to share information when they need it most, threaten security and privacy, and undermine trust in the global communications infrastructures on which we all depend.

Treating a country’s population as a monolith risks alienating and denying services to people who agree with you, people who are your allies, and people who are most in need of sources of information and assistance. It makes the internet less open and more hostile to all involved. Equating people with their authoritarian governments in your performance activity is never a good idea.