Operation “Heat”: Cyber Partisans Told about the Contents of the Secret Clusters of the Database of the Ministry of Internal Affairs

Sooner or later, all information will be made public.

“If you cannot protect the information in your computers, then go back to paper media. Write by hand and put it in your drawer,” Aliaksandr Lukashenka said at a meeting on 17 August. This is the only official comment that can be associated with the hacking of the database of the Ministry of Internal Affairs of Belarus.

The hack was announced by Cyber Partisans - an anonymous team of IT specialists, who, as they claim, had a system with passport data of all Belarusians, audio recordings of wiretapping of security officials and officials, data from the Internal Security Directorate of the Ministry of Internal Affairs and much more. Some of this information has already been posted on the Web. Cyber Partisans communicate with the audience through the telegram channel of the same name. It has over 77 thousand subscribers.

Deutsche Welle arranges interviews with Cyber Partisans via a chatbot, communication takes place in writing in an anonymized chat. Cyber Partisans answer questions within three days. According to their representative, sometimes they reply to journalists by voice, but never in real time: "We record audio, process ("anonymize"), then send it."

In a minute - all passport data

Cyber Partisans claim that they hacked the Passport system, into which the personal data of all Belarusians were entered. We check if this is really the case.

I give my name (this article is signed with a pseudonym - ed.), and I get the answer in a minute: there are only two people with that name in Belarus. A minute later, they send me photographs that were used in all issued passports, as well as personal data, registration address, and information about parents. Everything coincides - and even a mistake that an employee of the Citizenship and Migration Department introduced into the database a few years ago. They do have access to the data of the Passport system.

Who are the Cyber Partisans?

"Cyber Partisans are part of the "Supratsiu" organization, which consists of Cyber Partisans, "Busly liatsiats," and "People's self-defense squad." According to Cyber Partisans, they have a "small backbone of admins" and about 12-15 volunteers. All these people are from the IT sphere, there are no professional hackers, our interlocutor emphasizes. "We learned everything on the go. Three or four "cybers" are mainly engaged in hacking networks and databases, and another 3-4 do it at the basic level. The rest develop applications, such as PartisansTelegram and P-SMS," says one of the members of the Cyber Partisans team.

The Cyber Partisans refuse to discuss their location "for security reasons." As well as how their group was formed and the people with what background they are included in it.

Cyber Partisans remain anonymous

DW: Do you realize that database hacking is a real crime?

Cyber Partisans: We are aware that when the laws in the Republic of Belarus were respected, our activities could be considered criminal. In 2020, power was usurped. The constitution is grossly violated by the so-called "law enforcement agencies." In this situation, it is our civic duty to resist the seizure of power in the Republic of Belarus.

DW: There are real people on your team who had to commit a crime. How do you perceive it?

Cyber Partisans: We do not act under the influence of emotions. We believe that in the current situation of legal collapse in Belarus, we - those who are really capable of fighting tyranny - are responsible before our conscience.

According to a representative of the team, after the hacking of the databases, they counted on "stargazing and the dismissal of the top of the Ministry of Internal Affairs," but this did not happen."But we still think it will eventually happen, just probably with a delay. Criminal cases (on hacking. - ed.) are likely to be filed. We will try to hack the database, where it is recorded - and then we will know for sure," Cyber Partisans say in an interview with DW. They assure that no serious threats have yet been received against their team.

How Do Cyber Partisans Ensure Data Security?

DW: What criteria do you focus on when choosing what to hack?

Cyber Partisans: We focus on the most vulnerable points of the regime. The strike against the Interior Ministry is of strategic importance. He throws the whole system into disorientation. While the regime is trying to extinguish this conflagration, we are already intensively working on other strikes against the props of the regime. Previously, we dealt with smaller and more targeted hacks. We hacked what we could, for example, websites, various databases in semi-open access, etc. But in the background, we were building up serious cybers and entrenched in the regime's networks.

A lot of time is spent on unsuccessful hacking attempts and preparatory work. In such complex operations, there are rarely blitzkriegs. Even a goal as simple as the Presidential Academy of Management has taken more than six months since the goal was announced. Hacking the Academy again was more like a blitzkrieg. In a matter of days, we invalidated the databases and put the internal network down.

According to the interlocutor, hacking internal networks takes "many months of work. There are also unsuccessful attempts. The data obtained as a result of the hacking, according to a representative of Cyber Partisans, is stored in an encrypted format and is "inaccessible directly from the Internet." According to him, third-party "trusted organizations" also have limited access to some databases. Among them are ByPol, ChKB, Punishers of Belarus, NAU, a member of the Cyber Partisans team lists.

DW: You stated that you hacked into the database with wiretapping of the security forces, the database of the Internal Security Directorate of the Ministry of Internal Affairs, and others. That is, we learned how this system looks and functions from the inside. What struck you the most about it?

Cyber Partisans: Sometimes basic security measures are not followed. For example, using simple passwords and reusing them, limiting access with active directory, isolating subnets from each other. Some of the central databases are located on the same subnet as the departments of the ROVD. The system was clearly tailored to the ideology of preventing cyberattacks exclusively through intimidation and terror.

DW: Under current laws, data obtained in violation of the law cannot be considered evidence of someone's fault. What then is the purpose of your hacks?

Cyber Partisans: Firstly, it was not established in what way the data was obtained. Second, they can be used to persuade Western countries to impose tougher sanctions. Also, these data can be used at the trial in The Hague. The most important thing is that the people receive leaked conversations and draw their own conclusions. And the remaining security officials can no longer justify their participation in this in front of family and friends so easily.

"So far we have not managed to process even 0.1% of records."

DW: You write that you hacked the database with wiretapping of security forces and officials. And who else, besides themselves, does the Belarusian state "listen" to?

Cyber Partisans: Our focus at the moment is officials and security forces, and we have not yet punched out all the numbers that were on the wiretap. Already now we can state that objects from state-owned enterprises and health care institutions, as well as entrepreneurs and businessmen, are being tapped by the regime. There are several hundred thousand hours of audio recordings on the wiretapping servers in DOORD (Department of Operational-Investigative Activities of the Ministry of Internal Affairs. - ed.). We need some time to process everything that is and sort it out. So far we have not managed to process even 0.1% of records.

DW: You have at your disposal the data of millions of Belarusians. Where is the guarantee that their personal data will be safe and no ordinary people will be harmed?

Cyber Partisans: In the Ministry of Internal Affairs, this data is clearly not protected. We are fairly well versed in cybersecurity and believe that our citizens' data will be better protected than the regime.

DW: During the test, I asked you for the data of a colleague who permitted me to do so. Nevertheless, you provided it without her personal consent, taking my word for it. How do you ensure that someone does not try to make a similar request and use this data for fraudulent purposes?

Cyber Partisans: We "confirm" journalists before transmitting any data about civilians to them. Our protocols on this topic are still under development. In your case, we made a mistake.

DW: How do you control within your team whether someone gets access to the data for personal reasons?

Cyber Partisans: Only we, the admins, have access to the databases in their raw form. For everyone else who needs to work with databases, we have developed an author search engine, they have limited access, all requests are logged to avoid abuse. The number of requests per day is limited; there are also additional monitoring mechanisms.

DW: You intend to publish the data of the KGB officers. But, probably, not all of them participated in illegal actions against their own citizens. Someone must have dealt with external threats, and the publication of their data could harm Belarus. How will you determine which data to share and which not? By what principle?

Cyber Partisans: We believe that the KGB is an exclusively punitive body, and their contribution to national security is currently insignificant. They are mainly engaged in repression.

There are nearly 39,000 people in the Riot database

Cyber Partisans claim that the Interior Ministry has created a database called Riots. According to their information, over the past year, about 38,600 citizens were brought there. There you can find passport data for each, the date of detention, and its consequences: "a protocol has been drawn up," "released," "placed in a temporary detention center / CIP / Zhodzina." This is confirmed by the screenshots that Cyberpartisans provided to DW.

Most of the citizens who ended up in this database were involved under Article 23.34 of the Administrative Code (current 24.23, an article by which protesters are often judged). It also contains those who were detained for insubordination and petty hooliganism. In addition, the database contains suspects under the criminal Article 293 "Mass Riots."

Another "trophy" of the Cyber Partisans group is the automated information system Passport. It stores the passport data of all citizens of Belarus, as well as their registration addresses, information about their relatives, and some of them have their place of work and position. In this database, according to Cyber Partisans, there are hidden records - there are about 16 thousand of them. Only a limited list of people from the Interior Ministry has access to them.

DW: Hidden data - about whom? What can you say about this?

Cyber Partisans: As a rule, all members of the Lukashenka family, the Bakiev family (the former president of Kyrgyzstan, who is in Belarus) are hidden. In addition, the security forces. We haven't finished analyzing these records yet. The lists definitely contain employees of the KGB, Alfa, and other special forces, sometimes members of their families.

In the AIS Passport, one can find, among other things, the data of the KGB and GRU officers, their photographs. But identifying them requires a lot of manual work. The most interesting conclusions are obtained when we combine the AIS Passport with other bases that we have at our disposal. Now we are compiling a dossier for each KGB officer and are planning to merge them in stages.

What was found in the database of the Ministry of Internal Affairs

According to the members of the Cyber Partisans group, they also penetrated the database of the Internal Security Directorate of the Ministry of Internal Affairs. According to the hackers, the database contained over 6600 misdemeanors and crimes committed by employees of the department.

DW: What exactly are we talking about?

Cyber Partisans: There are many violations of information security rules - what interested us the most. In addition, the database contains fights, facts of drunkenness (...). Some employees were fired or imprisoned, but most remained in the system.

DW: You also state that you got access to the video from the IVS in Akrestsin Street. For what period do you have data? Is there a video of what happened on August 9-13, 2020? Why don't you publish them?

Cyber Partisans: We broke into the broadcasting of cameras from prisons and temporary detention facilities, as well as the temporary storage of video recordings, where they are located for 1-2 weeks. Since we are still working on this hack, we cannot comment further. Be sure that as soon as we have information that is important to convey to the people, we will do it immediately.

DW: You probably have more data at your disposal than you publish?

Cyber Partisans: We release data gradually for several reasons. First, most of the data is of no interest to anyone. Secondly, the databases contain the personal data of citizens. You need to filter, and it takes a long time. Thirdly, we do not want to bring people to informational and emotional saturation. If you merge everything in one fell swoop, then most of the important information will not receive the attention it deserves.

We believe that it is too early to bring some information to light. Many people are now demoralized and depoliticized as a result of the repression. We strive to awaken the people and inform them about what was, is, and will be.

DW: You published the personal data of the security forces, a map, who lives where, and so on. That is, you use the same methods as the state propaganda, which published the data of the "traitors" in its telegram channels and on various sites. Do you find it acceptable to use the same methods as those against whom you are fighting?

Cyber Partisans: The regime has the entire power apparatus at its disposal. They write laws, manage the money of the people. They have all the instruments of struggle, and despite all this, they are dealing with the de-anonymization of civilians. We will publish mainly the data of those who have committed crimes - violence, abuse of authority, complicity in the usurpation of power, etc. We believe that our working methods are perfectly acceptable in the current situation.

We are sure that the security forces have already understood that nothing will remain classified. Sooner or later, all information about their crimes will be made public. And we believe that the most important consequence of disclosing data is reducing the likelihood of violence and violations of laws in the future.