Anti-War Hacktivism Fuels Digital Xenophobia and a More Hostile Internet

Russia’s actions in Ukraine have understandably sparked a global backlash and a temptation to ostracize everything Russian—from state media to cats—as a signal of outrage. This idea, with potentially dangerous consequences, has also spread to open-source and cybersecurity communities.

Recently, the maintainer of the popular open-source Node JS package node-ipc released a new plugin called “peacenotwar.” Node JS packages are open-source JavaScript code used by developers to add functionality to applications. According to the maintainer, this plugin would display an anti-war message to users as a “non-violent protest against Russian aggression.” Some versions of the node-ipc package, a network tool downloaded millions of times, automatically launched this “protest software.” Reports on Github stated that certain versions of node-ipc would delete the contents of all files and replace them with a heart emoji if the software was installed on computers with Russian or Belarusian IP addresses.

If this really happened, it’s a terrible idea with unpredictable consequences. What if a Russian human rights or anti-war organization, or a Russian hospital, was using this software package? An action intended by the developer as a simple, non-violent protest could result in the loss of important photos and videos of protests and the “special operation,” medical records, or even the deaths of innocent people.

The trend of superficial hacktivism is now encouraging ordinary users to participate in DDoS attacks against certain Russian digital resources. For the reasons illustrated above, random attacks without considering the consequences and potential collateral damage may make people feel better, but are essentially shooting in the dark. This is incredibly irresponsible behavior that recklessly arms ordinary users and puts innocent lives at risk on all sides.

Targeting random computers with Russian or Belarusian IP addresses as a protest against government actions is blatantly absurd and harmful. Developers from aggressive countries—including the U.S.—should consider how they would feel if the situation were reversed.

Digital Xenophobia Didn’t Start on February 24

This kind of digital xenophobia didn’t begin on February 24. Blocking certain notorious countries by blacklisting their IP addresses has long been used as a defense against cyberattacks: much of the traffic from Russia or China is malicious, so let’s block all traffic from Russian or Chinese IP addresses!

There are now calls to disconnect Russia from the internet. This is a terrible idea that treats the country as a monolith and punishes the Russian people for the actions of their authoritarian government. Russians seeking information about protests or news about casualties are being blocked. IP addresses of those living in Ukraine near the Russian or Belarusian border may be misidentified, leaving people without access to aid or evacuation websites.

We have already warned that changing the fundamental protocols of internet infrastructure—such as disconnecting Russia from the network by revoking its top-level domain names or IP addresses as a form of protest—will likely lead to many dangerous and long-term consequences. It would deprive people of a powerful tool for sharing information when they need it most, threaten security and privacy, and undermine trust in the global communication infrastructure we all rely on.

Treating a country’s population as a monolith risks alienating (and denying services to) people who agree with you, are your allies, and may desperately need sources of information and help. This makes the internet less open and more hostile for all users. Equating people with their authoritarian governments has never been a good idea.