March 30, 2022

If You Want Peace, Prepare For War: Protestware and Geo-Targeted Malware

Protestware and Geo-Targeted Malware

In my last blog update I’ve highlighted the topic of increased cyberattacks on Ukraine.

This is a very real problem that poses a threat not only to Ukranians who have stayed in their home country, but also for refugees who have chosen Poland as their new place of living. But how do you stop this? How do you deal with the aggressor who’s not sensible enough to stop?

You fight fire with fire. Just as the headline goes, if you want peace - prepare for war. In this blog post we will touch on some matters of digital combat that are used currently.

Messages In Support of Ukraine or Something More?

It seems like the whole world is on the side of Ukraine today.

Social media is using blue and yellow colors more prevalently, people share war footage that throws the russian narrative completely out of the window, different organizations offer humanitarian aid and put sanctions on the attacker… This is not a response many could have predicted. 

Furthermore, the hacktivists around the world have put their hands to work literally, fighting off malicious propaganda and even ‘poking the bear with a stick’, trying to see what he’s hiding. 

You have probably seen the reports of Anonymous leaking the Russian Central Bank, breaching the Russian Federal Agency, and even broadcasting footage of Putin’s invasion to Russian citizens. I am sure there are many more things to look forward to from them in the future, as hacktivists won’t stop just there, and will continue to probe.

And of course, not all hacktivists are equal, most prefer a more cautious approach. Quite a lot of developers alter their code to display supportive messages or clue their user base on basic facts about the happenings in Ukraine. Some people edit their software into legitimate ‘protestware’ - which modifies or erases files on computers with Russian or Belarusian Internet addresses. 

Popular ES5-ext library that wasn’t updated in nearly two years have added a “postinstall.js” component, which checks if the user’s computer is tied to a Russian Internet address. 

If it is, the code broadcasts a “Call for peace” message. Simple, yet effective.

Real War Starts Another ‘Holy War’ Online

Not everyone is fond of protestware, and we’re not even talking about russians here!

For one, people pointed out that dissemination of semi-malicious code will erode public trust in open-source software. The trust factor of open source is indeed under threat when someone decides to change the library or application to do things that feel right at the moment. The real trouble will start when protestware is included in code packages that get fetched automatically by third-party software products.

Some call for a new paradigm where developers who keep the code secure, clean and apoliocal are rewarded for their work and have actual obligations before projects and enterprises that depend on them. It is unlikely that we will see any major changes in the general approach, but maybe we’ll see a little caution from now on. After all, excessive trust in open source libraries and dependencies let all sorts of supply chain hacks happen.

For now some libraries are being blacklisted, but something tells me that developers will continue modifying their public software as they see fit. A few grumpy folks who stick their head in the sand will shake their stick at ‘politics in my API’, failing to understand that people are highlighting an important issue. 

What’s your take on this matter? Are you for or against the use of protestware when the situation calls for it?

My blog couldn't proceed your request right now.

Please try again a bit later.

Thank you for contacting me!

I will get back to you as soon as I can.

Contact me


My blog couldn't proceed your request right now.

Please try again a bit later.

Thank you for subscribing!

I added you to my emailing list. Will let you know as soon as I have something interesting.

Subscribe for email updates