What's going on in Ukraine is nothing new to our readers. Seeing what's happening in Ukraine also should be of great interest to everyone in the infosec community. With that said, I have recognized some "real" weaknesses (give or take) in the way the Ukrainian population is utilizing their choices of communication with messenger apps and email due to a lack of knowledge or misinformation. Here is my advice to the Ukranian people to stay safe on the internet while cyber warfare is happening in realtime, so please take it seriously.

Disclaimer

This article is meant to be practical, and it doesn't dive deep into each topic. My recommendation for you is to search for answers to the questions you may have on the internet. Or you can simply read more about the topics and services I'm going to be talking about to have a better grasp about them or learn more.

Telegram is not a smart choice

If you've ever taken just a little closer look at Telegram, it's really not that great for many reasons. I want to focus on solutions instead of complaining, so I'm just going to leave these two Twitter threads for you to read. This is for informational purposes in case you want to know why Telegram is so bad or also if you may not trust me, which in this particular situation is fair enough.

Way better alternatives

Just to name a few, your best options probably are the following.

Matrix.org
Matrix is an open standard for interoperable, decentralised, real-time communication
Session | Send Messages, Not Metadata. | Private Messenger
Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.
Signal Messenger: Speak Freely
Say “hello” to a different messaging experience. An unexpected focus on privacy, combined with all of the features you expect.

All of them have their right to exist, and all of them have their individual strengths and weaknesses. Signal for example requires a phone number. Although this makes communication with people whose number you already have way easier, it is just something to consider.

It's always important to consider who is a threat to you, or what is a deal breaker feature for you concerning these messenger apps and in a variety of software too.

E-Mail, but better

Many people in Ukraine use common E-Mail providers, which is really not that different from what you've used in your country. I'm not going to list examples since I personally don't want to be sued by any of these E-Mail providers. Therefore, I'm just going to say what doesn't apply to most "common" E-Mail providers. Namely, that feature would be E2EE or good security and privacy in general.

In this regard, I'd like to recommend the following E-Mail providers.

Secure email: Tutanota free encrypted email.
Tutanota is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.
Sichere E-Mail für Privat- und Geschäftskunden | mailbox.org
mailbox.org ► sicheres und werbefreies E-Mail-Postfach ✓ Online Office & Cloud-Speicher ✓ 100% Ökostrom ✓ Serverstandort in Deutschland ✓ ab 1,- Euro im Monat ✓ Jetzt kostenlos testen!
Secure and private email | Mailfence encrypted email service
Mailfence is the only secure and private email service that gives you control. A free, interoperable encrypted email service protected by Belgian privacy law.

As with the previous recommendations, they all do something better than the others, but they are probably better in every regard in terms of security and privacy than your current E-Mail provider.

A robust social network

Everyone has their own favourite social network, and nothing is shocking about that statement. Unfortunately, as the war on Ukraine and Ukrainian citizens continues, it's probably a good idea to look for a social network as an alternative to centralized services. In this particular case, I'm not even really up against the social networks themselves, but rather the way they're structured and how they could be taken down. The Russian government is not a beginner in hybrid warfare and while (strong emphasis on the following) I'm not a military strategist, I wouldn't be surprised if Russia were to block access to common social media sites in Ukraine. As far as my knowledge goes, I only see Mastodon as an actual resistant social media network. This is due to its decentralized nature and everything around it. I'm not saying, that you should stop using the social media networks, you're using now, but you shouldn't be surprised if they eventually won't work.

A link to Mastodon is here:

Mastodon
Mastodon is an open source decentralized social network - by the people for the people. Join the federation and take back control of your social media!

Isolate yourself from Pro-Russian government idiots

Finally, I'd like you to take preventive measures against Pro-Russian government supporters, specifically the more technically skilled adversaries.

To achieve this, you need to follow my instructions, and most importantly always think twice and be very cautious. This sentence in itself might be a paradox, but you get it.

The best isolation from technical threats is simply speaking virtualization, as in using a virtual machine or virtualizing an application.

Since there are too many options to list and too many platforms to cover, I can't really make a direct suggestion of what you should use for every platform.

Since the most vulnerable and critical information is stored on laptops and desktops though, I'm going to give you some advice.

You should create a virtual machine for everything that connects to the internet since the internet is obviously the main source for almost every digital evil. What you should especially separate is your browser, e-mail program, password manager, document reader and messenger services. You can also try remote browser isolation for this.

Also here are some practical resources about virtualization:

Virtual Machines - Microsoft Edge Developer
Download free virtual machines to test Microsoft Edge and IE8 to IE11
Download a Windows virtual machine - Windows app development
Create a Virtual Machine with Hyper-V
Create a new virtual machine with Hyper-V on Windows 10 Creators Update
What is a Virtual Machine And How to Setup a VM on Windows, Linux, and Mac
A virtual machine is a program you run on a computer that acts like it is a separate computer. It is basically a way to create a computer within a computer. A virtual machine runs in a window on the host computer and gives a user the same experience

If creating a virtual machine may be too complex, try remote browser isolation (RBI) like WEBGAP. It isolates your local machine or computer from the external internet, and it lets you safely use a remote browser to surf the web, check email, and other activities you normally do on the web without exposing your computer. Use coupon code HACKERSAGAINSTPUTIN to get it for free.

Lastly, I would like to emphasize (again) that you should never click on any link without verifying it is safe, and be extra cautious about strange or odd events on your digital devices that seem suspicious. If you have any technical questions, your best bet is to ask them on an open forum about the issues you're encountering.

Stay safe and alert

Remember to be very cautious and aware of strange activity on your devices, and do not click on strange links or give your information to anyone on the internet. Always verify that the person you're communicating with is truly them. Be very mindful that the messenger apps and E-mail providers you are using may also be doing more harm than good for you.

Recap
Virtualization:
Using a virtual machine (VM) is very important and helpful because you can use it like a normal computer on the internet without exposing your local computer and its contents. For beginners who are very new to virtualization, this link explains what is a VM and how to install it on Windows, Linux, or Mac.

You can choose any of these links to download your Windows VM of choice: Windows 7, 8.1, or 10 VM
Windows 10 vm with Hyper-V
Windows 11 Enterprise VM

Remote browser isolation:
RBI such as WEBGAP is also another alternative to use which may be less complicated to set up, which separates your local machine from the internet, and it's free when you apply the coupon code HACKERSAGAINSTPUTIN.

Messenger apps:
Take a look at Matrix, Session, and Signal as safer alternatives to Telegram.

E-mail providers:
Take a look at Tutanota, Mailbox.org, and Mailfence.


Stay safe Ukrainians!

This amazing image was created by the Ukrainian artist Anastasiia Hryvtsova. Secjuice is #ITarmy strong and we support Ukraine 🇺🇦