GettyImages-1238891726-1200x800.jpg

War Advances Ukrainian EU Membership, Potentially Undermining EU on China

Commentary

As European countries rally to better support Ukraine in fighting off the invasion of its homeland—with admittedly mixed results—European Union candidacy for Ukraine has yet again become a topic of conversation.

Last month, the EU gave Ukraine official candidacy status, beginning formal talks about possible membership. Yet Ukraine’s membership in the EU could spell serious trouble for the organization in the future—if this process is not handled delicately.

A Ukraine fit to be in the EU would be ideal. European countries have largely failed, with some exceptions, to provide the military and financial aid Ukraine needs and deserves. The EU needs to do more—and do better. Western European powerhouses—such as France and, above all others, Germany—have been particularly weak.

A divide between western and eastern EU member states is appearing, with the latter having taken a more realistic view of Russia and its future behavior after the Ukraine war concludes. Germany and France, meanwhile, seem intent on trying to ignore the ever more clear warning signs.

However, Ukraine is not trouble-free.

Much has been said comparing Russian actions in Ukraine to possible Chinese actions (and invasion) of Taiwan. It is becoming clear that greater leverage on the Chinese regime is needed to discourage it from acting rashly and doing something shortsighted, like launching an invasion.

That means raising the potential cost of any such invasion—to the level where the damage would be so great as to overshadow any potential positives. To do so, EU member states need to be able to act together. The EU, the world’s largest trading power, has immense economic power and is China’s most important trading partner—but a lack of cohesion often undermines its strengths.

We have seen the same with the Russia-Ukraine situation, in which one country, Hungary, manages to slow down, reduce, and weaken EU responses. Hungary and countries like Greece have been used the same way by China to weaken EU responses to Chinese acts of aggression or violations of international law in the past.

The EU is structured so that unanimity is needed for major decisions. Dictatorships know this well. Both Russia and China have used it by targeting one or two—often smaller—countries, making them feel dependent on them, and then ensuring that those countries veto any real action against them.

French President Emmanuel Macron (R), Romanian President Klaus Iohannis (L), Prime Minister of Italy Mario Draghi (C), Ukraine President Volodymyr Zelenskyy (2nd L), and German Chancellor Olaf Scholz in Kyiv, Ukraine, on June 16, 2022. (Ludovic Marin, Pool via AP)

How will Ukrainian membership in the EU impact this situation?

It is true that Ukrainian President Volodymyr Zelenskyy, who has grown into arguably the greatest European statesman of our generation, has issued strong declarations of support for Taiwan. Likewise, even though language has been muted, Kyiv is certainly aware that Beijing is, to a large extent, funding Moscow’s invasion of Ukraine. Domestically, China shows clear support for Russia.

Upon conclusion of the war, with Ukraine hopefully returning to its 2014 borders and Russia defeated strongly enough to discourage further military adventures, it is unlikely that the current or future administration of Ukraine will forget the Chinese regime’s behavior. The Ukrainians are likely to adopt a more realist position on China, much like Eastern Europe did with Russia.

So what is the problem?

If the Chinese regime ever attempts an invasion of Taiwan, it will use an aircraft carrier sold to it by Ukraine—but the sale would have taken place long ago. However, until the COVID-19 pandemic, Ukraine was one of the world’s largest weapons exporters to China. It is not bound by the EU’s weapons embargo. In fact, almost 40 percent of its weapons exports go to China.

Dover Air Force Base, Delaware
Airmen and civilians from the 436th Aerial Port Squadron palletize ammunition, weapons, and other equipment bound for Ukraine during a foreign military sales mission at Dover Air Force Base in Delaware on Jan. 21, 2022. (U.S. Air Force/Mauricio Campino/Handout via Reuters)

Ukraine has also been considered very unsafe for Chinese asylum seekers. Many have faced almost farcical bad asylum or extradition hearings, during which their guaranteed rights under the European Convention on Human Rights (ECHR) were utterly ignored—showing a country keen on appeasing Beijing. In fact, in the late 1990s, Ukraine followed Belarus in signing an extradition treaty with China, helping China gain legitimacy for its long-arm policing in a greater swatch of Europe.

Ukraine is no angel, or at least it was not in the past. Therefore, for the EU, the question now is not only how the current administration acts or feels, but how will likely future administrations act on the issue of China. And what is the general position of the population that elects these administrations? Years after this war is concluded and Russia is neutralized, the EU will start to face the real main threat—communist China. Can we trust that Ukraine will not, like Hungary, become another Trojan horse, weakening the EU and its ability to defend itself?

I sincerely hope these fears are unfounded, but they must be considered. After all, the damage was done by Hungary, if not fatal, is so severe that a similar Trojan horse cannot be allowed, no matter what.

This time around, EU leaders need to think ahead and realize that the quality of its members is what matters, not the quantity. Bigger is not always better. Let’s pray these concerns are unfounded, and we can welcome Ukraine into the EU as soon as possible.

Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.

Peter Dahlin

Follow

Peter Dahlin is the founder of the NGO Safeguard Defenders and the co-founder of the Beijing-based Chinese NGO China Action (2007–2016). He is the author of “Trial By Media,” and contributor to “The People’s Republic of the Disappeared.” He lived in Beijing from 2007, until detained and placed in a secret jail in 2016, subsequently deported and banned. Prior to living in China, he worked for the Swedish government with gender equality issues, and now lives in Madrid, Spain.

1000x563_cmsv2_17442f57-b0f9-5594-b488-6c64013ba958-6704638.jpg

Eurovision 2022: Russian hackers targeted contest, say Italian police

Italian police have said that Russian hackers attempted to disrupt the 2022 Eurovision Song Contest with a series of cyberattacks. 

Both Saturday’s Eurovision grand final and two earlier semi-finals were targeted by the Pro-Russian Killnet hacker group in denial of service (DDoS) attacks, a police statement said. 

Italian police said these attempts were blocked.

The contest, which was held in Italy, was seen as a public show of solidarity with Ukraine and an outpouring of anti-war feeling across Europe, with Russia banned from Eurovision earlier in the year. 

In a Telegram post, Killnet hit back against the Italian authorities’ claims, saying it was not behind the attack.

“According to foreign media, Killnet attacked Eurovision and they were stopped by the Italian police, so Killnet did not attack Eurovision,” wrote the group.

The hacker group said it had now “declared war” on the Italian police, alongside ten unspecified countries, in response to the allegation.

They also implied they had taken down the website of the Polizia Postale (Postal Police) which combats cybercrime in Italy.  

As of Monday afternoon, the site was unavailable outside of the country, although Euronews cannot independently verify the reason for this.  

“In collaboration with ICT Rai and Eurovision TV, various computer attacks of a DDoS nature aimed at network infrastructures during voting operations and singing performances were mitigated,” the Italian authorities said. 

In the same statement, Italian police added that they had seen a discussion about the attacks on Killnet’s alleged Telegram account. No further details were offered by the police. 

DDoS attacks attempt to prevent websites from working properly by flooding them with traffic, much like how too many cars can clog up a normal road. If successful, DDoS attacks make websites inaccessible. 

Killnet made headlines earlier this year after claiming responsibility for an attack against international hacktivist movement Anonymous, which saw its servers temporarily taken down. 

This happened after Anonymous pledged to leak details of Russian troop movements and other military information following the country’s invasion of Ukraine in February.

Finland_flag_unsplash_crypto_large_1651152596905.jpg

Finland Plans to Donate Seized Bitcoin to Ukraine

Finland’s government will reportedly donate bitcoin (BTC) seized in criminal operations to Ukraine, to support the latter’s war efforts against the Russian invasion. As per a report from local media outlet, the Finnish government has amassed BTC 1,981 (roughly Rs. 600 crore). The coins have been seized by Finnish customs officials in “investigations related to” crimes such as “drugs and drug trafficking.” The country’s courts have since ordered the transfer of the Bitcoin in question to the state, which is now looking to trade the coins for cash.

As per Finnish media outlet Helsingin Sanomat, the sources did not rule out handing its stash of Bitcoin “directly to Ukraine.” The newspaper, one of Finland’s largest, claimed that its sources had stated that a decision on how much of the sale would be donated to Ukraine was yet to be made. However, according to the same undisclosed sources, the decision to actively use the Bitcoin holdings “to help Ukraine has already been taken.”

Meanwhile, Bloomberg reported that Finland has selected two brokers to sell BTC 1,890 during the spring and early summer. Helsingin Sanomat claims that the matter had been discussed “earlier in the spring within the government,” with “confirmation also been sought” from the nation’s President Sauli Niinistö.

The matter will be discussed in the cabinet with a final and binding decision to be taken in May, the report claimed.

A government source was quoted by the Finnish media outlet as saying that the state was concerned that by selling the Bitcoin for cash and then donating the fiat, the size of the proposed donation could end up shrinking – due to market price changes.

The Finnish government also has no legal mechanism that would allow it to make donations of this sort – a factor that would actually make a direct crypto donation simpler, the sources indicated. This is due to the fact that converting the tokens to cash and then donating this would involve additional bureaucratic and legal processes, the sources continued.


109079-tewpgntvwa-1545905300.jpg

Despite global drop in data breaches, India remains among the five worst-hit nations

Data breach remains a critical problem across the world, but one that may be slowly abating.

In the first quarter of 2022, accounts of over 1.8 crore users were breached worldwide, according to research by UK-based VPN company Surfshark. This was, however, 58% lower than the 4.3 crore between October 2021 and December 2021.

Russia had the most breaches in the first quarter which, according to Surfshark, was likely because internet activist group Anonymous declared a cyberwar on the country as a response to its invasion of Ukraine.

Russia, Poland, Hong Kong and Taiwan are the only regions where there was an uptick observed in security leaks. Other countries in Surfshark’s research showed a decline.

For India, too, the number was much lower, though it remained one of the worst-hit in terms of leaked user IDs, credit card information, telephone numbers, email addresses and passwords.

India has taken several measures to protect sensitive user data, especially in banking. For instance, the Reserve Bank of India now prohibits merchants from storing credit card data and mandates that they use card tokenisation. This allows user information to be replaced by an encrypted code on the server.

This article first appeared on Quartz.

1650422711_0x0.jpg

Cyberattacks On Russian Targets Jumped 5X After Invasion Of Ukraine

Russia is now the most-attacked country in the world and Russian citizens, who make up less than 2% of the global population, now constitute almost a fifth of all cyberattack victims. In fact, five times more Russian accounts were breached in March than in January as cyberattacks have ramped up significantly in 2022.

Why?

Anonymous declared “war” on Russia on February 24th, the same day Russia invaded Ukraine in a “special military operation.”

The data is from cybersecurity company SurfShark, which provides VPN (virtual private network) and antivirus solutions.

The increase in attacks on Russia in response to its invasion of neighboring Ukraine have caused a sharp disconnect in breach statistics. While the U.S., Canada, and many other countries showed fewer successful attacks and saw cybersecurity attacks dip 58% quarter over quarter, attacks on Russia are sharply up with 136% more email accounts breached.

Cyberattacks on Ukraine are also down, Surfshark says.

“Russians alone make up almost a fifth of all global victims, of which were 3.55 million,” the company said. “Ukraine’s invasion has likely influenced this situation as the hacker group Anonymous declared that it was targeting the country just days after the start of the war. Users in Ukraine appeared in 67% fewer breaches than in the quarter before the invasion. It’s now 15th in the world – previously, from October to December 2021, Ukraine was the most breached country in Eastern Europe.”

Surfshark is tracking breaches of email accounts; other types of cybersecurity issues may follow different trends and have different numbers.

“To put it in real numbers, 18,174,132 email accounts were breached in 2022 Q1,” Surfshark says. “Whereas, there were 43,169,912 breaches in the previous quarter, signaling a decline of 58% quarter-over-quarter.”

That translates to two internet users’ data being leaked every second so far in 2022.

One other country that’s up: Poland. Poland is significantly supporting Ukraine in its defense against Russia.

The U.S. decline in successful attacks was its second successive quarter of lessened vulnerability.

The data is from Surfshark Alert, a service that notifies email users when their accounts are breached. Email accounts are often a first target for hackers, since with access they can often change passwords and get into other, more sensitive systems.

106503037-1587660541145gettyimages-1078726270.jpeg

Conti ransomware leak shows group operates like a normal tech company

Conti — which uses malware to block access to computer data until a “ransom” is paid — operates much like a regular tech company, say cybersecurity specialists who analyzed the group’s leaked documents.

eclipse_images

A Russian group identified by the FBI as one of the most prolific ransomware groups of 2021 may now understand how it feels to be the victim of cyber espionage.

A series of document leaks reveal details about the size, leadership and business operations of the group known as Conti, as well as what’s perceived as its most prized possession of all: the source code of its ransomware.

Shmuel Gihon, a security researcher at the threat intelligence company Cyberint, said the group emerged in 2020 and grew into one of the biggest ransomware organizations in the world. He estimates the group has around 350 members who collectively have made some $2.7 billion in cryptocurrency in only two years.

In its “Internet Crime Report 2021,” the FBI warned that Conti’s ransomware was among “the three top variants” that targeted critical infrastructure in the United States last year. Conti “most frequently victimized the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors,” the bureau said.

“They were the most successful group up until this moment,” said Gihon.

Act of revenge?

In an online post analyzing the leaks, Cyberint said the leak appears to be an act of revenge, prompted by a since-amended post by Conti published in the wake of Russia’s invasion of Ukraine. The group could have remained silent, but “as we suspected, Conti chose to side with Russia, and this is where it all went south,” Cyberint said.

The leaks started on Feb. 28, four days after Russia’s invasion of Ukraine.

Soon after the post, someone opened a Twitter account named “ContiLeaks” and started leaking thousands of the group’s internal messages alongside pro-Ukrainian statements.

The Twitter account has disabled direct messages, so CNBC was unable to contact its owner.

The account’s owner claims to be a “security researcher,” said Lotem Finkelstein, the head of threat intelligence at Check Point Software Technologies.

The leaker appears to have stepped back from Twitter, writing on March 30: “My last words… See you all after our victory! Glory to Ukraine!”

The impact of the leak on the cybersecurity community was huge, said Gihon, who added that most of his global colleagues spent weeks poring through the documents.

The American cybersecurity company Trellix called the leak “the Panama Papers of Ransomware” and “one of the largest ‘crowd-sourced cyber investigations’ ever seen.”

Classic organizational hierarchy

Conti is completely underground and doesn’t comment to news media the way that, for instance, Anonymous sometimes will. But Cyberint, Check Point and other cyber specialists who analyzed the messages said they show Conti operates and is organized like a regular tech company.

After translating many of the messages, which were written in Russian, Finkelstein said his company’s intelligence arm, Check Point Research, determined Conti has clear management, finance and human resource functions, along with a classic organizational hierarchy with team leaders that report to upper management.

There’s also evidence of research and development (“RND” below) and business development units, according to Cyberint’s findings.

The messages showed Conti has physical offices in Russia, said Finkelstein, adding that the group may have ties to the Russian government.

“Our … assumption is that such a huge organization, with physical offices and enormous revenue would not be able to act in Russia without the full approval, or even some cooperation, with Russian intelligence services,” he said.

The Russian embassy in London did not respond to CNBC requests for comment. Moscow has previously denied that it takes part in cyberattacks.

‘Employees of the month’

Check Point Research also found Conti has:

  • Salaried workers — some of whom are paid in bitcoin — plus performance reviews and training opportunities
  • Negotiators who receive commissions ranging from 0.5% to 1% of paid ransoms
  • An employee referral program, with bonuses given to employees who’ve recruited others who worked for at least a month, and
  • An “employee of the month” who earns a bonus equal to half their salary

Unlike above-board companies, Conti fines its underperformers, according to Check Point Research.

Worker identities are also masked by handles, such as Stern (the “big boss”), Buza (the “technical manager”) and Target (“Stern’s partner and effective head of office operations”), Check Point Research said.

Translated messages showing finable offenses at Conti.

Source: Check Point Research

“When communicating with employees, higher management would often make the case that working for Conti was the deal of a lifetime — high salaries, interesting tasks, career growth(!),” according to Check Point Research.

However, some of the messages paint a different picture, with threats of termination for not responding to messages quickly enough — within three hours — and work hours during weekends and holidays, Check Point Research said.

The hiring process

Conti hires from both legitimate sources, such as Russian headhunting services, and the criminal underground, said Finkelstein.

Alarmingly, we have evidence that not all the employees are fully aware that they are part of a cybercrime group.

Lotem Finkelstein

Check Point Software Technologies

Hiring was important because “perhaps unsurprisingly, the turnover, attrition and burnout rate was quite high for low-level Conti employees,” wrote Brian Krebs, a former Washington Post reporter, on his cybersecurity website KrebsOnSecurity.

Some hires weren’t even computer specialists, according to Check Point Research. Conti hired people to work in call centers, it said. According to the FBI, “tech support fraud” is on the rise, where scammers impersonate well-known companies, offer to fix computer problems or cancel subscription charges.

Employees in the dark

“Alarmingly, we have evidence that not all the employees are fully aware that they are part of a cybercrime group,” said Finkelstein. “These employees think they are working for an ad company, when in fact they are working for a notorious ransomware group.”

The messages show managers lied to job candidates about the organization, with one telling a potential hire: “Everything is anonymous here, the main direction of the company is software for pentesters” — referring to penetration testers, who are legitimate cybersecurity specialists who simulate cyberattacks against their own companies’ computer networks.

In a series of messages, Stern explained that the group kept coders in the dark by having them work on one module, or part of the software, rather than the whole program, said Check Point Research.

If employees eventually figure things out, Stern said, they’re offered a pay raise to stay, according to the translated messages.

Down but not out?

Even before the leak, Conti was showing signs of distress, according to Check Point Research.  

Stern went silent around mid-January, and salary payments stopped, according to the messages.  

Days before the leak, an internal message stated: “There have been many leaks, there have been … arrests … there is no boss, there is no clarity … there is no money either … I have to ask all of you to take a 2-3 month vacation.”

Though the group has been hobbled, it will likely rise again, according to Check Point Research. Unlike its former rival REvil — whose members Russia said it arrested in January — Conti is still “partially” operating, the company said.

The group has survived other setbacks, including the temporary disabling of Trickbot — a malware program used by Conti — and the arrests of several suspected Trickbot associates in 2021.

Despite ongoing efforts to combat ransomware groups, the FBI expects attacks on critical infrastructure to increase in 2022.

AP22091746058078.jpg

Why we need to challenge Russia’s human shields narrative | Russia-Ukraine war

Since Russia’s invasion began in late February 2022, universities, schools, theatres, hospitals, and many other civilian sites in Ukraine have been destroyed by Russian shelling and more than four million people have so far fled the country. Faced with the devastating consequences of its actions, Russia has increasingly fallen back on a single legal justification: human shields. Indeed, Moscow repeatedly suggested that Ukraine’s military is deliberately using civilians as a screen to defend legitimate military targets.

On February 25, just hours after the invasion began, Russian President Vladimir Putin appealed directly to the personnel of the armed forces of Ukraine: “Do not allow neo-Nazis and [Ukrainian right-wing radical nationalists] to use your children, wives and elders as human shields.”

Echoing his leader, Major General Igor Konashenkov, chief spokesman for the Russian Ministry of Defence, stated in a news conference on February 28 that “the armed forces of the Russian Federation strike only at military targets”. Discussing the capital, Kyiv, he added that “the leadership of Ukraine and the authorities of the city, having announced a curfew, are persuading the residents of the capital to stay in their homes”. This, he concluded, “once again proves that the Kyiv regime uses the residents of the city as a ‘human shield’ for the nationalists who have deployed artillery units and military equipment in residential areas of the capital”.

Then on March 3, Moscow accused Ukrainian authorities of holding a group of 6,000 Indian students and other foreign nationals as “human shields”. Indian authorities themselves denied the claim. A couple of days later, Putin declared that “the neo-Nazis” were obstructing the creation of humanitarian corridors requested by the Ukrainian government to evacuate civilians trapped in the line of fire, claiming “the militants” were keeping the potential evacuees as human shields.

The shielding accusation

Russia has repeated similar claims in diplomatic arenas such as the United Nations Security Council. On social media too, Russian diplomats have attempted to shape perceptions of the battlefield, portraying the Ukrainian resistance as guilty of war crimes by insisting that they have used “human shields”.

Thus, alongside the war on the ground, we have been witnessing an intense information war, which, as the Russian ambassador at the UN exclaimed, appears to be a vital element of Russia’s so-called “special operation”.

The human shield accusation has actually become an increasingly common defence when states act immorally. As we show in our recent book on human shields, Saudi Arabia, Syria, Israel, Sri Lanka, and India are just some of the states that have deployed the argument to justify high civilian casualties in recent years.

This is partly because legally it appears to be such a useful get-out clause. The legal provision within international law pertaining to human shields states that “the presence or movements of the civilian population or individual civilians shall not be used to render certain points or areas immune from military operations, in particular in attempts to shield military objectives from attacks or to shield, favour or impede military operations”.

According to international law, using human shields constitutes a war crime, while the party responsible for the death of human shields is not the one killing them – if the attack is proportionate – but instead, the one deploying them. Indeed, the very day Russia invaded Ukraine, Human Rights Watch published a Q&A – On Occupation, Armed Conflict and Human Rights – stating that if an attack is proportionate, armed forces can legitimately strike “a military target that is making use of human shields” – though HRW also notes that “it is shielding only when there is a specific intent to use the civilians to deter an attack”.

Hence, by accusing Ukraine of using human shields Russia is in effect claiming that it is not legally responsible for the civilians it kills. And while Russia might be losing the info-war, the legal Trojan Horse of its aggression – the human shielding accusation – is not yet receiving significant opposition. Not merely states, but also human rights organisations have largely failed to voice a consistent critique of the allegations. When the United States and Sri Lankan governments accused ISIL (ISIS) in Mosul or the Tamil Tigers in the safe zones of using hundreds of thousands of people as human shields, for example, Amnesty International and Human Rights Watch did not dismiss or raise any significant doubts against such narratives.

4.5 million civilians

Once the Russians saw that Western states and human rights organisations were not challenging their allegation that Ukrainians are using human shields, they seem to have decided to up the ante. On March 8, the Russian Defence Ministry accused the Ukrainian “militants” of holding “more than 4.5 million civilians hostage as a human shield”. Basically, Moscow applied its legal argument to 10 percent of the Ukrainian population, transforming millions of civilians into a potentially legitimate target.

This has dramatic consequences. As we have shown in a recent article in the context of the Sri Lankan civil war, prominent legal scholars and investigators have helped rationalise the killing of thousands of innocent people after they had been framed as human shields simply because they were located in proximity to the fighting. The former chief prosecutors in international war crime tribunals, David Crane and Desmond de Silva – who provided their legal opinion to the Sri Lankan government’s commission of investigation on the civil war – argued that killing 12 percent of a group being used as human shields constitutes proportionate killing. If one adopted the same calculations while accepting uncritically the Russian human shielding accusations, then half a million Ukrainian civilians could be killed without violating the law.

There has unfortunately been no real discussion of how, over the past decade, the human shield charge has been routinely used by Israel, Sri Lanka, Russia and other warring parties in numerous theatres of violence as a preemptive legal defence to justify the killing of civilians. In a similar vein, governments have not said anything about this form of legal manipulation.

Decades of repetition, without any significant state or non-state challenge, nor any significant legal scholarship problematising the use of the human shielding accusation, have created a customary legal consensus whereby the human shields provisions can be used to justify the killing of civilians.

In order to contest the legal arguments that Russia invokes to justify the slaying of innocents, investigative agencies, humanitarian organisations, and human rights groups first need to confront the ease with which warring parties cast hundreds of thousands and at times even millions of civilians as human shields. They failed to do so in Mosul, Gaza, Aleppo, and Sanaa – perhaps in Kyiv, they will finally debunk human shield accusations.

The views expressed in this article are the authors’ own and do not necessarily reflect Al Jazeera’s editorial stance.

107039462-1648704363320-gettyimages-1238849539-porzycki-anonymou220301_npOnF.jpeg

Which companies are being targeted by Anonymous? See their responses

In addition to Russian entities, Anonymous says it’s now targeting some Western companies.

Jakub Porzycki | Nurphoto | Nurphoto | Getty Images

The “hacktivist” collective known as Anonymous said it has a new target in its “cyber war” against Russia — Western businesses that are still doing business there.

A post on March 21 from a Twitter account named @YourAnonTV stated: “We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia!”

The tweet, which has been liked more than 23,000 times, gave companies 48 hours to comply.

The threat, which was later echoed on other Anonymous-affiliated Twitter accounts, included a photo with the logos of some 40 companies, including household names such as Burger King, Subway and General Mills.

The account later tagged more companies to the post, ostensibly putting them on notice that they, too, could soon be targeted. 

Incorrectly targeted?

Three targeted oil field service companies — Halliburton, Baker Hughes and Schlumberger — had also already issued announcements about their Russian business operations. The statements followed a Washington Post article that implored readers to stop investing in companies deemed to be “funding Putin’s war.”

Intentional or ‘fog of war?’

A second batch of targeted companies

Many companies that received “Fs” on Yale’s list appeared on a second Anonymous Twitter post published March 24. This post targeted a new — and seemingly updated — list of companies, which included Emirates airline, the French gardening retailer Leroy Merlin and the essential oil company Young Living.

Several companies caught in Anonymous’ crosshairs soon announced they were cutting ties with Russia, including the Canadian oilfield service company Calfrac Well Services and the sanitary product maker Geberit Group — the latter including hashtags for Anonymous and Yale in its Twitter announcement.  

The French sporting goods company Decathlon this week announced it too was shutting stores in Russia. But Anonymous had already claimed credit for shuttering its Russian website, along with sites for Leroy Merlin and the French supermarket company Auchan.

Jeremiah Fowler, co-founder of the cybersecurity company Security Discovery, said his research determined that Anonymous also successfully hacked a database belonging to Leroy Merlin.

“I’m absolutely sure [Anonymous] found it,” he said, saying that the collective left messages and references inside the data.

Anonymous also claimed last week that it hacked a database of another targeted company, the Swiss food and beverage corporation Nestle. However, Nestle told CNBC that these claims had “no foundation.” The design and tech website Gizmodo reported that Nestle said it accidentally leaked its own information in February.

Nestle has since announced it is reducing its operations in Russia, but the measures were rejected as insufficient by at least one online Anonymous account.

Other forces at play

Whether threats by Anonymous influenced any corporate decisions to cease operations in Russia is unclear.

Indeed, other forces were also at play, including online calls to boycott some of the targeted corporations in recent weeks.

Activists hold a protest against Koch Industries on June 5, 2014, in New York City. The American conglomerate was one of few companies targeted by both posts by the Twitter account @YourAnonTV. The company also received an “F” on Yale’s list for failing to withdraw its business operations from Russia.

Spencer Platt | Getty Images News | Getty Images

After being targeted by Anonymous, the French car manufacturer Renault announced it was suspending activities in a Moscow manufacturing plant. However, Ukrainian President Volodymyr Zelenskyy publicly singled out Renault, as well as Nestle, during televised addresses to European governments and citizens.

A company spokesperson for Renault told CNBC its decision had nothing to do with Anonymous.

Other companies have made moral cases for continuing to operate in Russia. Auchan, in a press release issued this week, said Russians have “no personal responsibility in the outbreak of this war. Abandoning our employees, their families and our customers is not the choice we have made.”

Another complication: Franchises

Unlike McDonalds — which owns some 84% of its outlets in Russia — companies such as Burger King, Subway and Papa John’s often operate via franchise agreements there. Burger King said it demanded the main operator of its franchises suspend restaurant operations in Russia, but that “they have refused.”

Alexander Sayganov | SOPA | Lightrocket | Getty Images

Force majeure clauses — which allow parties to terminate a contract for circumstances such as natural disasters or acts of terrorism — don’t apply here, said Antel. Neither do clauses covering sanctions, which when present, typically apply only if parties to the contract are sanctioned, not the country where they are located, he said.  

Antel said franchisors likely have no legal right to shut down franchises in Russia. But he said he expects franchisors will do so anyway for a variety of reasons: moral decisions, to mitigate reputational damage and to avoid the cost of complying with sanctions, especially since Russia “is not a big percentage of sales” for most of these companies.

“Concerns over hackers and data protection … could be a good reason” too, he said.

He suspects franchisors will negotiate agreements to “share the pain,” either by agreeing to temporarily stop operations, or through settlement fees to terminate the relationship, he said.

He said he’s negotiated one contract — out of hundreds — where a hotel owner in Russia wanted the contractual right to walk away if an international incident made it detrimental to his broader business interests.

“God, we had to fight for it,” said Antel.  

However, he said he now expects contractual exit options to be much more common in the future.

107039462-1648704363320-gettyimages-1238849539-porzycki-anonymou220301_npOnF.jpeg

Which companies are being targeted by Anonymous? See their responses

In addition to Russian entities, Anonymous says it’s now targeting some Western companies.

Jakub Porzycki | Nurphoto | Nurphoto | Getty Images

The “hacktivist” collective known as Anonymous said it has a new target in its “cyber war” against Russia — Western businesses that are still doing business there.

A post on March 21 from a Twitter account named @YourAnonTV stated: “We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia!”

The tweet, which has been liked more than 23,000 times, gave companies 48 hours to comply.

The threat, which was later echoed on other Anonymous-affiliated Twitter accounts, included a photo with the logos of some 40 companies, including household names such as Burger King, Subway and General Mills.

The account later tagged more companies to the post, ostensibly putting them on notice that they, too, could soon be targeted. 

Incorrectly targeted?

Three targeted oil field service companies — Halliburton, Baker Hughes and Schlumberger — had also already issued announcements about their Russian business operations. The statements followed a Washington Post article that implored readers to stop investing in companies deemed to be “funding Putin’s war.”

Intentional or ‘fog of war?’

A second batch of targeted companies

Many companies that received “Fs” on Yale’s list appeared on a second Anonymous Twitter post published March 24. This post targeted a new — and seemingly updated — list of companies, which included Emirates airline, the French gardening retailer Leroy Merlin and the essential oil company Young Living.

Several companies caught in Anonymous’ crosshairs soon announced they were cutting ties with Russia, including the Canadian oilfield service company Calfrac Well Services and the sanitary product maker Geberit Group — the latter including hashtags for Anonymous and Yale in its Twitter announcement.  

The French sporting goods company Decathlon this week announced it too was shutting stores in Russia. But Anonymous had already claimed credit for shuttering its Russian website, along with sites for Leroy Merlin and the French supermarket company Auchan.

Jeremiah Fowler, co-founder of the cybersecurity company Security Discovery, said his research determined that Anonymous also successfully hacked a database belonging to Leroy Merlin.

“I’m absolutely sure [Anonymous] found it,” he said, saying that the collective left messages and references inside the data.

Anonymous also claimed last week that it hacked a database of another targeted company, the Swiss food and beverage corporation Nestle. However, Nestle told CNBC that these claims had “no foundation.” The design and tech website Gizmodo reported that Nestle said it accidentally leaked its own information in February.

Nestle has since announced it is reducing its operations in Russia, but the measures were rejected as insufficient by at least one online Anonymous account.

Other forces at play

Whether threats by Anonymous influenced any corporate decisions to cease operations in Russia is unclear.

Indeed, other forces were also at play, including online calls to boycott some of the targeted corporations in recent weeks.

Activists hold a protest against Koch Industries on June 5, 2014, in New York City. The American conglomerate was one of few companies targeted by both posts by the Twitter account @YourAnonTV. The company also received an “F” on Yale’s list for failing to withdraw its business operations from Russia.

Spencer Platt | Getty Images News | Getty Images

After being targeted by Anonymous, the French car manufacturer Renault announced it was suspending activities in a Moscow manufacturing plant. However, Ukrainian President Volodymyr Zelenskyy publicly singled out Renault, as well as Nestle, during televised addresses to European governments and citizens.

A company spokesperson for Renault told CNBC its decision had nothing to do with Anonymous.

Other companies have made moral cases for continuing to operate in Russia. Auchan, in a press release issued this week, said Russians have “no personal responsibility in the outbreak of this war. Abandoning our employees, their families and our customers is not the choice we have made.”

Another complication: Franchises

Unlike McDonalds — which owns some 84% of its outlets in Russia — companies such as Burger King, Subway and Papa John’s often operate via franchise agreements there. Burger King said it demanded the main operator of its franchises suspend restaurant operations in Russia, but that “they have refused.”

Alexander Sayganov | SOPA | Lightrocket | Getty Images

Force majeure clauses — which allow parties to terminate a contract for circumstances such as natural disasters or acts of terrorism — don’t apply here, said Antel. Neither do clauses covering sanctions, which when present, typically apply only if parties to the contract are sanctioned, not the country where they are located, he said.  

Antel said franchisors likely have no legal right to shut down franchises in Russia. But he said he expects franchisors will do so anyway for a variety of reasons: moral decisions, to mitigate reputational damage and to avoid the cost of complying with sanctions, especially since Russia “is not a big percentage of sales” for most of these companies.

“Concerns over hackers and data protection … could be a good reason” too, he said.

He suspects franchisors will negotiate agreements to “share the pain,” either by agreeing to temporarily stop operations, or through settlement fees to terminate the relationship, he said.

He said he’s negotiated one contract — out of hundreds — where a hotel owner in Russia wanted the contractual right to walk away if an international incident made it detrimental to his broader business interests.

“God, we had to fight for it,” said Antel.  

However, he said he now expects contractual exit options to be much more common in the future.