A series of hacks on Belarus’s government by pro-democracy activists have uncovered details on apparent abuses by security forces, exposed police informants and collected personal data on top officials including the son of President Alexander Lukashenko.
The vast trove amassed by a group calling itself the “Cyber Partisans” appears to be part of one of the biggest and most organized hacks by opposition activists against a government, analysts say.
The records — ranging from tapped phone calls to internal documents — offer a sweeping look at Belarus’s efforts to crush political dissent and could be part of potential future judicial reckonings over jailings and other abuses that have been widely condemned by the West.
Belarus was plunged into crisis last year after the opposition rejected official results in an August 2020 presidential election that gave Lukashenko a landslide victory, triggering the biggest protests in the country’s history. Lukashenko, who has ruled since 1994, ordered a harsh crackdown on protesters and thousands were arrested. Opposition leaders and activists were jailed or fled the country.
The Cyber Partisans, a group of about 15 self-taught “hacktivists” who fled Belarus, said it had help from disaffected members of the Belarusian security forces. The hackers claim to have access to more than six terabytes of data, including the entire national passport database and a confidential database of security officials and others such as Lukashenko’s son, Viktor.
The hacks began when one Cyber Partisan member defaced a single government website last September, but they have snowballed in recent months, doxing regime insiders, security officials and others.
The group says it has access to 5.3 million recordings of wiretapped phone calls, including those of top police and security officials, on the servers of the Interior Ministry. The wire taps were made by a section of the Interior Ministry, known as DOORD, which deals with operational search activities, including the secret bugging of its own employees, the roup said.
The cyber-infiltration, dubbed “Operation Heat,” exposed what appear to be orders from security officials to subordinates to beat up and terrify peaceful protesters after last year’s presidential election, the results of which were rejected as fraudulent by the Belarusian opposition, the United States and the European Union.
The Cyber Partisans gave The Washington Post samples of the hacked wiretaps, including a list of about 10,000 recorded calls and accompanying metadata. The Post could not independently verify the identities of the people on the calls, but no Belarusian official has publicly challenged the authenticity of the Cyber Partisans’ posts. At least one top Belarusian security official has acknowledged that opposition groups have waged hacking efforts.
The Belarus Interior Ministry and the Minsk department of the Interior Ministry had no comment about the hacktivist attacks or the recordings published of specific calls. The Belarus Information Ministry did not respond to a query on whether it could confirm the extent of the hacks.
“I’ve never seen anything like it,” said Gabriella Coleman, an expert on hacking and activism at McGill University in Montreal. “What we’re seeing in Belarus is far more organized, better executed, has a lot more depth and breadth and impact. In that sense, it’s unique.”
Dmitri Alperovitch, chairman of the Silverado Policy Accelerator who previously co-founded cybersecurity company CrowdStrike and worked as its chief technology officer, tweeted: “This is as comprehensive of a hack of a state as one can imagine.”
“The regime listened in on its own people where they talked freely about illegal commands that were issued to beat down innocent people and torture them,” a representative of the Cyber Partisans said in messages to The Post.
“The regime doesn’t trust its own people,” the representative added, speaking on the condition of anonymity and using an encrypted messaging app to protect their personal security. “We want to deter security forces from participating in human right violations, repressions and harsh crackdowns on protests.”
Analysts say the hacks may bring some rifts within Lukashenko’s regime but are unlikely to unravel his security apparatus.
“I think this is very demoralizing for law enforcement agencies, especially the leaks of information of intelligence officers or state security,” said independent Belarus political analyst Dmitry Bolkunets, who has fled the country and runs a popular YouTube channel. “The fact this information was hacked and disclosed is a very serious blow to them. I think the political elite is scared.”
But he said Lukashenko was still determined to cling on to power and his remaining supporters would probably dismiss the hacks as fake.
One tapped phone recording on Aug. 11, 2020, two days after the presidential election, is purportedly from Col. Nikolai Maximovich, deputy head of the Interior Ministry’s Minsk department of the Public Security Police, to a regional subordinate. (The Cyber Partisans told The Post that there were three officers who appeared in the recordings of the Minsk department, and they identified Maximovich based on the first name and patronymic his colleagues used addressing him in calls.)
The subordinate requested clarification from Maximovich on what to do about a group of people peacefully milling around, not even wearing the white bracelets or red and white colors of the protest movement.
“They are just sitting on benches and walking around,” the subordinate said. “And only a few of them have white bracelets and so on. They are not violating anything.”
Maximovich allegedly retorted that the police should seize them, take them to the police station, throw them to the ground and beat them. He peppered his order with obscenities: “They should all [expletive] be on the ground with their faces against the asphalt and [expletive] beat them! That’s all you have to do.”
“But there are people in the park, like women,” the subordinate replied on the tape.
The reply from Maximovich is to unleash the security forces and “beat them all” to make them “scared of the police.”
A woman answered a phone number provided by the Cyber Partisans for Maximovich, saying she would pass a message to him that The Post was seeking comment. He did not call back.
The hackers also accessed police drone footage, the country’s motor vehicle database, complaints to the police and surveillance-camera video. The group shared details of cars registered to KGB officers on the messaging app Telegram and published names and addresses of people who called the police to denounce their neighbors for supporting or participating in protests.
The group also uncovered details of calls made to the authorities by voters in the 2020 elections reporting election fraud.
The chief of the Belarus KGB, Ivan Tertel, told Lukashenko and other government officials on July 3 that the country was fighting what he called foreign “hybrid attacks,” including cyberattacks against the government and security agencies.
On Aug. 17, Lukashenko ordered officials to revert to paper records if computer data could not be secured. The next day, a Belarusian court labeled the Cyber Partisans as extremists, effectively banning the group.
Bolkunets, the analyst, said employees at large state enterprises had been ordered to only use older cellphones without Internet links.
In another tapped call posted by the group, Alexander Kisel, deputy police chief of the Brest region, purportedly told a colleague in Minsk that at least 500 protesters were detained in a military gymnasium.
“We’ve had them all on their [expletive] knees or elbows with dogs around them the whole time since last night, ready to pummel them if they try to move,” says the alleged recording of Kisel on Aug. 11, 2020.
He goes on to say, “The more people we send to the hospital, the better … so we’ve been walloping them like [expletive] stray cats.”
The Cyber Partisans told The Post that it identified Kisel with the help of police and security officials who resigned because of the crackdowns.
Attempts to reach Kisel for comment were unsuccessful.
Some of the Cyber Partisans data is used by activist Yanina Sazanovich, chief editor of a popular Telegram channel, Black Book of Belarus, that identifies members of the security services involved in the crackdown. The data published by these groups has been turned into an interactive map, Blackmap.org.
“They tortured my country,” she told The Post.
“And in this war, we don’t have any weapons. We have truth and ‘de-anonymization’ and this is our power and we will use it,” she said.
In one recent message, the Cyber Partisans suggested it was playing the long game.
“When the regime collapses, you will have to try to run very fast,” the message said in a reference to Lukashenko’s key backers, “because it is very easy to figure you out, and no one will escape responsibility.”
Bennett reported from Washington and Dixon from Moscow. Natasha Abbakumova in Moscow contributed to this report.