“Yugoslav hackers hit NATO Web site” – The Philadelphia Inquirer, Thursday April 1st, 1999

On April 3rd 1999 Ashley Dunn, writing in the Los Angeles Times, described how the Kosovo War was “turning cyberspace into an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks.”

The Kosovo War lasted from February 1998 through to June 1999. The war was fought between the forces of the Federal Republic of Yugoslavia (at this time, Serbia and Montenegro), which controlled Kosovo before the war, and the Kosovo Albanian rebel group known as the Kosovo Liberation Army (KLA), who were fighting for regional autonomy. The conflict ended in June of 1999, after NATO intervention through air strikes in March 1999 against Yugoslav infrastructure which resulted in Yugoslav forces eventually withdrawing from Kosovo.

In parallel with the brutal physical conflict was an online battle between hackers from Russia, the US, China, Brazil, Netherlands and of course parts of the former Yugoslavia, among others, forming a truly international ‘cyberwar’. The aftermath of this ‘cyberwar’ went on to shape aspects of international hacker relations and the development of hacktivism and the organisation of hacktivist groups both regionally and internationally, as well as their tactics, for years after.

an ethereal war zone where the battle for the hearts and minds is being waged through the use of electronic images, online discussion group postings, and hacking attacks

Ashley Dunn, writing in the Los Angeles Times, April 3rd 1999

Before I get into the history of this online conflict I want to make sure to clarify that the actual warfare, in particular the brutal war crimes committed by Serbian forces against the Kosovar people, is the most important part of the story of the Kosovo War. The online elements are what I am covering here specifically, because this is the history of hacking.

In researching for this blog I have drawn on contemporaneous newspaper reports from 1998 and 1999, archives of website defacements from that time, Internet Archive website archives of various news sites, government and government agency reports and finally academic papers that touch on cyber elements of the Balkan conflicts.

When I found articles in a newspaper archive about hackers and the Kosovo War I started trying to search for more information and came up with shockingly few detailed accounts of something that was front page news back in 1999. That’s why I decided to write this blog.

I have purposefully avoided discussing nation state actors (military or intel orgs) or NATO hackers in this blog, as I feel that would be an entirely separate topic deserving of it’s own blog. Rest assured though that there was coverage from the time of confirmed or suspected cyber-attacks carried out by US government agencies and the military as well as NATO itself.

US Naval Medical Information Management Center, defacement by CHC – 27th March, 1999

Let’s break down this history as a quick list of dates and notable events and then dig into the details.

28th February 1998Kosovo War begins24th March 1999NATO strikes against Serbian military28th March 1999Serbian hackers attack US military systems30th March 1999hydra defaces University of Belgrade1st April 1999Reports NATO servers are attacked29th April 1999Team Spl0it defaces US FAA website8th May 1999NATO bombs Chinese Embassy in Belgrade12th May 1999Chinese hacktivists take down White House site12th May 1999Chinese hacktivists deface US gov sites11th June 1999Kosovo War endsKosovo War & cyber elements timeline

That timeline is of course by no means exhaustive, we are going to dig into the various hacking groups involved, tactics used by those hacktivists and the hacking techniques used in the furtherance of the hacker’s goals.

Hacktivists Involved

Mirjana Drakulic and Ratimir Drakulic presented a paper entitled “Balkan Hackers War in Cyberspace” at the British and Irish Law Education Technology Association (BILETA) conference at the College of Ripon & York St. John, York, England, in March of 1999.

This paper discusses the history and nature of the primary Serbian and Kosovar hacking groups that were involved in the Kosovo War online.

WWW.HR – Croatian Homepage, defacement by Black Hand – June 20th, 1999

First we have the Black Hand, representing the Serbian nationalist side, working to advance Serbian interests in maintaining control of Kosovo. Academics Mirjana and Ratimar Drakulic describe the Black Hand as a “group of hackers [that] wanted to inherit such a reputation regarding themselves as patriots and liberators”. They clarify that the hackers who called themselves the Black Hand were “alluding to the namesake organization which overthrew the Dynasty in Serbia in the first years of the 20th century”, explicitly linking their struggle in the late 1990s to the secret military society that engaged in violent conspiracies to further the cause of a united Serbia in the early 1900s.

An illustration of the assassination of Archduke Ferdinand by the original Black Hand in June of 1914

“By the end of the October 1998 it raided the site of the Croatian news agency “Vjesnik” and left there a message: “The Black Hand wants to change the false image which orbits the planet that the Serbs are villains.” Further they stated that they do not mean war and that they mean no evil. “Vjesnik” immediately reported that the members of the “Black Hand” were discovered and where and how they approached the site.”

Mirjana Drakulic, Ph.D., Ratimir Drakulic, M.S., “Balkan Hackers War in Cyberspace“, March 30th, 1999

Mijana and Ratimar discuss various theories about the Black Hand in their paper “Balkan Hackers War in Cyberspace“, the suspected origin and makeup or the group and state that some people “are close to the view that this group exists but is followed by numerous satellites of less skilled imitators determined to get attention by the public or acquire the
“pass” to join the group”.

The Croatian news agency Vjesnik that was hacked by the Black Hand claimed, based on investigation by their journalists, that the hack and defacement of their site was done “from the computers of two faculties they pointed to Serbian academic network claiming that hackers still travel and act from within it”, although those computers themselves could have been simply a jump box used by the Black Hand.

As well as the Black Hand we also have other players on the Serbian side, the Beograd Hackers group that carried out some defacements and the Serbian Angels. Serbian Angels, based on what little I have managed to find out about them, functioned as an offensive hacking group but also maintained a website (long since lost) that carried news about events relating to the war in Serbia, maintained various news e-mail lists and created for distribution physical CD archives of news, photos and videos from the Serbian side of the conflict after the NATO campaign ended.

“Stop Nato2”, defacement by Kosova Hackers Group – August 4th, 1999

On the Kosovo side there was, as reported by Patrick Riley in his FOX article from April 15th 1999 “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight“, “a coalition of European and Albanian hackers calling themselves the Kosovo Hackers Group has replaced at least five sites with black and red “Free Kosovo” banners”.

As well as hackers that purported to be from the former Yugoslavia there were other groups involved in this “cyberwar” that were motivated by ideological or nationalist impulses to throw their lot in with either the Serbian or Kosovar people, or to push for peace treaties or oppose NATO actions generally. It is important to note that most, if not all, of these hacking groups from outside the former Yugoslavia became especially active in the online conflict after the start of the NATO military campaign in March of 1999.

US Federal Aviation Authority, defacement by Team Spl0it – April 29th, 1999

In the United States there was Team Spl0it (or Team Sploit) who opposed the bombing of Serbian infrastructure by NATO and expressed the opinion that “without the support of the people in Serbia NATO is not gonna get very far”. As CNN described it at the time, “American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti”.

Watching the news today, I found out that Serbia has been bombed for the 4th week in row. And I wondered what has been accomplished after these 4 weeks of air strikes. Who has gained from it, and who has lost ? Many targets inside Serbia have been hit, many civilians were killed. But Milosevich, the Serbian President doesn’t give a damn about his people. He couldn’t care less if they are dead or alive. What is the good of actions when the president doesn’t care about the targets that have been hit ?

f0bic, nostalgic, cellbl0ck, jay, text from defacement of US FAA website, April 29th, 1999

Also on the US side, although primarily memorialised only in throwaway comments in newspaper articles from the time, were “Hackers of the West Coast”. As described by Patti Hartigan, writing in the Boston Globe on April 4th, 1999, “Hackers on the West Coast are trying to crack the Serbian government site, although the server is said to be extremely secure and based in London”. I can find no evidence that Hackers on the West Coast succeeded in their goal. You can see the whole article below.

The pro-Serbia Russian Hackers Union was a loose affiliation of Russian hacking groups that, for the most part, already seem to have been present and active in the defacement scene before NATO started bombing Serbian infrastructure, prompting a change in the themes of website defacements carried out.

KpZ in particular wracked up some notable defacements but seemed to be very difficult to track down further information on until I dug into Russian hacker magazine XAKEP. Websites defaced by KpZ ran the gamut from a juicy .mil hosted U.S. Army Engineer Waterways Experiment Station all the way through to the somewhat more random, and rather lacklustre, “airbed.com”. A hacker known as Mishgan seems to be one of their primary defacers around this time, KpZ appears to have been made up of primarily Russian hackers but also at least one member who identifies themselves as Romanian.

Russian XAKEP (“Hacker”) magazine issue four had an article about KpZ that offers some insight into the group. I’ve written about XAKEP before, I covered issue one in some detail.

The group in question was formed at the end of August 1998. Just when thousands of teenagers, having watched the movie “Hackers” and read articles about hackers, rushed to the Internet, thinking they were professional hackers. And the initial idea of the group was to show children that they are wrong, and the World Wide Web is not a place for such entertainment and for people with delusions of grandeur.

XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999 (translation by DeepL)

XAKEP lists the members of KpZ as Tarantino, Delta, MAL, v00d00, 5pider and Mishgan. The hacker nick “v00d00” has been used by at least 3 different hackers over the years, sometimes very active at the same time, which can cause confusion.

“Emergency Issue” CD-ROM produced by KpZ, 1999

Above you can see a photo of a CD-ROM that KpZ provided to XAKEP that the XAKEP writers describe “when this CD was brought to our office today, we were shocked. What’s it like, huh?” They go on to give details of this CD entitled “Hackers are bombing NATO” and how it “has tons of information on what to do and how to do it, including explanations of security holes in security systems and a bunch of other documentation”. The CD-ROM essentially contained instructional content for budding Russian hacktivists, “a special training course for a separate unit of a special brigade for information provocation”.

XAKEP interview MAL and Mishgan as part of issue four, MAL describes the group as having started after he received an ICQ message that said that there was a desire to organize “a group to combat underdeveloped admins and shameful sites.” In the same interview Mishgan claims that he is 15 years old, this fits with interviews I have read with other Russian hacker groups from this time.

Illustration from XAKEP Issue 4, “KPZ hacker group – from the inside“, 1999

KpZ also seem to have forged some sort of alliance with Romanian hacking and defacement crew Pentaguard, although I can find no evidence of defacements by Pentaguard in opposition to NATO during the Kosovo War.

US Joint Tactical Unmanned Aerial Vehicle Project, defacement by Pentaguard – January 25th, 1999

Also tagged in some of the KpZ defacements are legion2000, a Russian group that seems to have been more concerned with security advisories, releasing code and working on projects than defacements in 1999, from what I can turn up. There is an interview with Webster, one of the legion2000 members, from 2001 over at xakep that seems to imply some falling out between legion2000 and KpZ.

http://www.legion2000.cc/ – via Internet Archive

The few defacements I can find by legion2000 occur in 1998 and are of Russian websites.

kopitan.ru, defacement by legion2000 – December 6th, 1998 pentagon.yu, defacement by xoloth1 of DutchThreat – May 2nd, 1999

DutchThreat, a Holland based hacker group, came in on the side of NATO and in support of the Kosovar people.

NATO does not prosecute innocent people

NATO does not raid

NATO does not create the mass-graves in your country

NATO is not out for blood, but out for peace

xoloth1, meestervervalser, defacement of pentagon.yu – May 2nd, 1999

CNN described how DutchThreat became involved in the hacker conflict that accompanied the Kosovo War, “Xoloth1 said he got mad when a “Serbian guy” in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis” He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu”. CNN’s Ellen Messmer went on to explain “Dutchthreat’s leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn’t care to hear NATO called fascist.”

I was able to find an old archive of the DutchThreat website, but there was very little about the Kosovo War mentioned on it, other than a reference to an article that included information about the group that they approvingly posted.

Newsmax.com, defaced by Chaos Hackers Crew (CHC) – 28th February, 1999

Russian hackers Chaos Hackers Crew were a fairly standard defacement for internet clout group prior to the start of the NATO bombings against the Serbian military, as seen above.

After the NATO military campaign began in March of 1999, CHC switched to strident anti-NATO messaging on compromised websites.

An example of a defacement post March is below.

USDA Natural Resources Conservation Service, defaced by Chaos Hackers Crew – 6th April, 1999

I have seen speculation online that CHC were a Kremlin backed group based in Moscow. I’m not sure I see any evidence of this direct government association though, their choices of targets before the Kosovo War and the profile that they seemed to want to maintain online doesn’t really fit in my opinion.

A group of teenage hackers called Chaos Hackers Crew (CHC) is active in anti-NATO attacks: an interview with a representative of this group has been published in an electronic paper Gazeta.ru (Leibov 1999). The young man turned out to have been apolitical before the crisis in Kosovo. He had very limited knowledge about the reasons NATO was bombing Yugoslavian targets, and the sites the CHC chose for its attacks had nothing to do with the military ones (for example, a Chinese site was mistakenly attacked).

Brian D. Loader, Douglas Thomas, “Cybercrime : law enforcement, security and surveillance in the information age“, 2000

After some search engine chicanery I managed to track down the Gazeta interview with the self-professed members of CHC, the reference to Kulibin below is to the “Russian Archimedes” Ivan Kulibin, a self-taught inventor who lived in Russia in the 1800s.

“Chaos Hackers Crew,” the hackers say, “there are four of us in total. And there are different ages. There’s a third year of university, too.” “The older one is kind of a guru? Did you even have a teacher in the networking life?” “Nope,” Yuri answers, “we’re kind of all equals. Only taught everything myself.” “Kulibin! – I admire, by manuals?” “What?” – The interlocutor is perplexed. “Kulibin,” I explain, “self-taught like that. “Yeah, like that.” “By the way, do you know any foreign hackers by correspondence?” – I change the subject again.

Indeed, hackers are like Freemasons or workers, they must have international solidarity.

“Nope,” they replied, “only from Romania. Well, Romania is also a foreign country. Though, of course, not very far.

Roman Leibov, “Our Hacker Brothers II. The beginning is here”, gazeta.ru, April 15th, 1999 (translated by DeepL)

I think it is safe to say we can put the Kremlin backed hackers theory to rest here, although if you google CHC you will see that it is an opinion that was widely held despite a lack of evidence.

US Department of the Interior, defaced by unknown Chinese hacktivists – 10th of May 1999

After the bombing of the Chinese Embassy in Belgrade on the 8th of May in 1999, China Redhack, Hong Kong Danger Duo, China Eagle, Chinese Emergency Hackers’ Group Center and other hacking groups representing Chinese nationalist interests took to the internet to protest what they saw as a deliberate act of violence against the Chinese state by NATO and in particular the US.

Combined News Services, “Hackers Hit U.S. Government Web Sites“, 12th May 1999

“We are Chinese hackers who take no care about politics,” said the message signed by “Rocky.” But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: “You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!”

Ellen Messner, “Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says“, CNN, May 12th, 1999

By this time US hacking group Legion of the Underground had already declared a brief “cyber war” on China and Iraq, calling for “the complete destruction of all computer systems” in both countries, so the genie was well out of the bottle to some extent in terms of hacker conflict between the US and China.

Solid Design Inc, defacement by RedHack – April 30th 2001

Two years after the Embassy bombing Chinese hackers were still defacing US websites in protest, as the BBC reported on the 5th of May 2001, “hackers promised a cyber-offensive against US sites in observance of Chinese of Labour Day on 1 May and Youth Day on 4 May, and also in remembrance of the US bombing of the Chinese embassy in Belgrade two years ago on 7 May”.

This round of attacks in 2001 resulted in the defacement of, according to the BBC at the time, “more than 660 sites” in the space of a week and the “White House confirmed that for two hours and 15 minutes their website was down”. It is important to note that this particular hacktivist action from Chinese hackers was also motivated by the US spy plane incident in April of 2001 and Bush administration arms sales to Taiwan.

Tactics & Techniques

“NATO spokesman Jamie Shea said hackers in the Yugoslavian capital, Belgrade, attacked the Web site by launching what is known as a “Ping bombardment strategy.” Ping, short for Packet Internet Groper, refers to the practice of sending out a packet of information to a server and waiting for a response, which is a way for users to determine whether a system is up and running on the Internet.”

Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999

After reading over all of the available documents and analysis of the Kosovo War’s online components I was able to find four primary techniques used by hackers involved.

The first is denial of service, or DoS, this seems to have been primarily used by Eastern European hackers opposed to NATO intervention in Serbia and hackers supportive of China after the Belgrade Embassy bombing.

The BBC explains denial of service (DoS) basics (described here as a “ping storm”) in an article entitled “Kosovo info warfare spreads“, by Chris Nuttall from April 1st 1999.

The article details DoS attacks against NATO that had been ongoing since the 28th of March and had slowed parts of their web infrastructure and caused “erratic service”.

CNN reported in April of 1999 that to counter incoming DoS attacks “the NATO network crew swapped out a Sun SPARC 20 for the more powerful UltraSPARC for faster processing of the Serbian pings.” And that “NATO switched from a 256K bit/sec access line to the European equivalent of a T-1 to keep the pings from eating up bandwidth”.

Next up we have website defacements, screenshots of defacements are peppered throughout this blog so I won’t dwell too long on this aspect beyond noting that it is interesting that these hacks were not accompanied by leaks of data from the servers involved.

Faculty of Physical Chemistry University of Belgrade, defacement by hydra – March 30th 1999

I can only ascribe this to either data exfiltration and leaking simply not being a common hacktivist activity at the time, the issue of slow internet connections for transferring data back in 1999 and a lack of file sharing servers to upload to or that the servers hacked did not include data that was worth leaking. I’m personally inclined towards the first and second explanations.

Richard Clark is not in the military, but when he heard news reports
earlier this month that NATO’s Web site had been attacked by Belgrade hackers, he wanted to do his part to help the allies. So he turned to his keyboard.

Using software available on the Internet, the California resident sent
an “e-mail bomb” to http://www.gov.yu, the Yugoslav government’s main Web
site. On April 3, a few days and 500,000 e-mails into the siege, the
site went down, Clark said.

Clark does not claim full responsibility for the cyber-sabotage; he
assumes others may have had similar ideas. But he is confident he
“played a part.”

He is just one of untold numbers of civilians on both sides of the
conflict who have gone to battle from their desktops, raising new
questions about the role of civilians during times of war.

Patrick Riley, “E-Strikes and Cyber-Sabotage: Civilian Hackers Go Online to Fight”, FOX News, April 15th, 1999

The third technique we can see in use is e-mail bombing or spamming, sending thousands upon thousands of emails which are intended to annoy or overwhelm recipients and, in 1999 at least, potentially prevent the mail server itself from functioning.

From the Washington Post on April 1st, 1999, article entitled “Hackers irritate NATO”. The article describes how e-mail bombing campaigns by Serbia aligned hackers have impacted NATO’s online infrastructure. One such attack “effectively blocked mail service in and out of the NATO computer system”.

“That means that rogue computer users are sending a lot of messages and computer commands into NATO’s computers, said Carlo Tomad, a NATO network specialist in Brussels. One computer, he said “has sent about 2,500 messages in one hour,” a method of harassment known as “spamming.” That attack effectively blocked mail service in and out of the NATO computer system, Tomad said.”

“It’s the infowar equivalent of ringing someone’s doorbell and running away, but many thousands of times”, concludes the article.

Happy99 Virus in action

Hackers enraged by the Chinese Embassy bombing latched on to this technique soon after online protests over the incident began. In May of 1999 CNN reported that “Sandy Spark, a manager at DOE’s Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them”. The solution pitched was the rather inelegant, and potentially useless, advice to “apply anti-spam measures to block all e-mail from China’s .cn domain if necessary”.

Ellen Messmer writes for CNN (Serb supporters sock it to NATO, U.S. Web sites) that “NATO’s mail servers are taking a beating, getting hit with more than 10,000 e-mails per day – many infected with dangerous computer viruses”. So lastly we have what the head of NATO’s Integrated Data Service Chris Scheurweghs described as “macro viruses”.

According to Scheurweghs, hackers also attacked NATO’s e-mail systems with the Happy 1999 macro virus, which he said was similar in function but far less devastating than the Melissa virus that wreaked havoc in the United States last week (see story).

Dan Verton, “Serbs launch cyberattack on NATO“, FCW, April 4th, 1999

Happy99 is a very odd choice for a virus to attach to an e-mail for malicious purposes as, according the the Virus Encyclopedia, “although Happy99 is wild, it has no destructive payload and is, as its author describes, a ”sympathetic hitchhiker who uses your internet connection to travel, and thank you for the trip with a small animation””.

Final thoughts

What is the take away from all of this, and was it really the first international hacktivist cyberwar?

The first question is easier to answer. Hacktivism has traditionally been reactive, you have a pool of active hackers organised into groups or loose affiliations who are ready to act on what they perceive to be provocations.

Most of the hacking groups or alliances involved in the Kosovo conflict were already active in the defacement scene or at the very least had infrastructure or output of some kind, they were already visibly doing things online. NATO’s bombing campaign against the Yugoslav government provided the catalyst for involvement, either for or against the intervention.

The interesting exception to this are the hackers aligned with China, I couldn’t find defacements archived from groups like ChinaEagle or RedHackers from before the Embassy incident, although I fully admit here that my knowledge of, and visibility into, the Chinese hacking scene of 1999 is a little dismal.

A previous Chinese hacking group, the Green Army, had been involved in a previous international hacktivist action though, attacks on Indonesian websites in 1998 after “reports of looting, violence and rape committed against ethnic Chinese during riots in May [of 1998]”, as detailed by the BBC at the time. Much of the analysis I have read has pointed to these riots in Indonesia as a galvanising event that helped unite the Chinese hacking community.

Indonesian websites have also come under attack from political hackers. The home page of a site at http://www.bkkbn.go.id has been replaced with a message saying “Warning from Chinese.”

“This page is hacked for your national day. Please keep this page for 48 hours and punish the murderers in May immediately,” says the hacker, including a list of links to sites about the violence.

Chris Nuttall, “Chinese protesters attack Indonesia through Net“, BBC News, August 19th, 1998

The groups representing China that became involved in the Kosovo War can be seen as offshoots of this original organized backlash against Indonesia.

The Indonesian riots also give birth to what would become the “Red Hacker Alliance”, one of the most significant cyber-groups in the internet’s short history. The political nature of this patriotic campaign led to the creation of something entirely new, and would be the first time the term “red hacker” (红客 hongke) would be used. The attacks in the country functioned as the facilitator that brought together individuals who normally operated independently under the guise of nationalism, establishing not only a group but also the notion of red
hackers which still exists today.

William Howlett IV, “The Rise of China’s Hacking Culture: Defining Chinese Hackers“, June 2016

When an American spy plane had a collision with a Chinese jet in April of 2001, killing a Chinese pilot, the online warfare between American and Chinese hackers reignited over this “Hainan Island incident” and the resulting website defacements showed that the Kosovo War was still very much on the mind of hackers in China.

“China is no longer a country like Yugoslavia, we have the best army”, defacement by DCBOY in 2001, from FBI FOIA documents relating to Honker Union

In looking through old gazeta.ru articles relating to hacking from around this time I found a link to an article that is preserved on the Wayback Machine entitled “Hackers of U.S. servers face criminal liability” (as translated by DeepL), the article is written by Dmitry Chepchugov, head of the Department for Combating Computer Crimes of the Russian Ministry of Internal Affairs. The article is essentially an exhortation to Russian hackers to not attack NATO or the U.S. accompanied by some strident threats of criminal liability.

To date, we have not received any statements from official U.S. bodies regarding “attacks” on servers from Russian territory or damage related to protests against NATO actions in Yugoslavia. If such information is received, it will undoubtedly be verified in full, with the perpetrators identified and brought to justice as prescribed by law.

I would like to take this opportunity to address the people who know the intricacies of network technology. No matter how much your civic consciousness is outraged by NATO’s actions in Yugoslavia, no matter how much you want to express your own feelings about these events – don’t go down this road, don’t become the aggressor yourself. You are breaking the law, you are making yourself the perpetrator of an arbitrary massacre. Is this not what your mind rebels against?

Dmitry Chepchugov, “Hackers of U.S. servers face criminal liability”, March 28th, 1999 (translated by DeepL)

I have been unable to work out how real these threats by the Russian authorities are and whether any Russian hackers were ever charged or convicted of hacking offences, but it certainly forms an interesting bookend for current attitudes within the country towards hackers who attack targets externally.

“Electronic infiltration is burgeoning war zone of hackers worldwide”, Patti Hartigan, April 1999

I see certain parallels between the hacker elements of the Kosovo War and armed conflicts that have taken place since that included a ‘cyberwar’ facet. The Syrian Electronic Army, KILLNet, the CyberBerkut, we can see echoes of the Black Hand here, hacktivists either fully backed by, or at the very least actively encouraged, by the authoritarian regimes that they support.

Was the Kosovo War the first international hacktivist cyberwar?

The New York Times claims it was the conflict inspired by the American spy-plane incident and China in 2001.

It was a Big Hack Attack, a harbinger of World Wide Web War I, with ”zombies” throwing ”worms,” Chinese patriots invoking the ultimate sacrifice and American teenagers giving electronic Bronx cheers.

After last month’s collision of an American spy plane and a Chinese jet, hackers in the United States and China began defacing Web sites on both sides of the Pacific. Then Chinese hackers, led by a group called the Honkers Union, declared war.

Criag S. Smith, “May 6-12; The First World Hacker War”, New York Times, May 13th, 2001

I for one am sceptical, I’m of the opinion that the Kosovo War is a better candidate for that title, but I’m also under no illusions that there aren’t preceding conflicts that are also potential contenders for this dubious award.

There were organised hacking attacks carried out by hackers from one country against online infrastructure from another country before the Kosovo War but in those earlier examples, Chinese hackers attacking Indonesian websites for instance, I couldn’t find any evidence of retaliation. The Kosovo War wound up involving a back and forth of hack attacks between hackers from different nations in a way that I don’t think the world had seen before.

If you enjoyed this blog consider subscribing or posting it on the social media of your choice, I do all of this simply to get the word out about a subject I love.

https://realhackhistory.org/2023/07/16/first-international-hacktivist-cyberwar-online-conflict-the-kosovo-war/