Handling Internet Activism During the Russian Invasion of Ukraine: A Campus Network Perspective

Abstract

The Russian invasion of Ukraine in 2022 raised an enormous wave of Internet activism and distributed denial-of-service (DDoS) attacks launched with the help of common users across the world. In this article, we describe the events of the first days after the invasion from the perspective of the cybersecurity incident response team of Masaryk University in the Czech Republic. We observed hundreds of users intentionally participating in DDoS attacks against Russia from the university's network. The campus network faced only minor issues in terms of service unavailability, but alerts flooded the cybersecurity team. Two dimensions of the events are highlighted. First, the large-scale attacks in an unexpected direction were highly unusual and brought technical challenges in network monitoring and intrusion detection. Second, hacktivism still violates the campus network's terms of use and requires the cybersecurity team to communicate the issues very carefully with the community.