The events in Ukraine show that today’s wars are fought using more than just tanks and bombs. It is also a fight on the Internet, led with the use of lies, fake accounts and disinformation. The questions of how important it is to take care of cybersecurity both at the state and private level and why knowledge of new technologies should be the responsibility of each of us will be answered by Dariusz Szostek, PhD, DSc, Associate Professor of Faculty of Law and Administration of University of Silesia and Silesian Centre for Legal Engineering, Technology, and Digital Competence CYBER SCIENCE.
Weronika Cygan: Since the beginning of the war in Ukraine, the number of fake news and false information has only increased, and the so-called armies of trolls are spreading lies and disinformation on numerous sites and portals. How can we defend ourselves against it?
Prof. Dariusz Szostek: Think first of all. It’s not only the troll farms where fake news is created. There are also various algorithms that profile users and prepare appropriate content – this is an entire industry focused on manipulating people. The most important thing is not to blindly believe what you are reading. You never should pass on information unless you verified the source of it first. If I were to receive fake news right now that, for example, the European Union is preparing rules according to which all young people are to be trained cybernetically to attack the Russians, it would sound quite likely, correct? If you read it on Facebook, you would not fully believe it, but if you found such content on my profile – a person who has the authority of an expert in the field of new technologies – you would take it for granted. That is why it is so important to verify the information shared by others, and when we pass it on, feel responsible for it. Today it is very easy to impersonate someone, which may additionally undermine the credibility of some messages.
In the case of dealing with deliberately shared fake news, the matter is more difficult, because in place of one troll farm, another is created. Various fake profiles are of course removed, be it by Facebook or other social media platforms, but the next account always appears in their place. In particular, many of those Facebook profiles that previously spread anti-vaccine content have now been transformed into overtly pro-Russian. You should also pay attention to these kinds of facts. I believe the war has exposed a few things. For years we have lived without realising how big a threat lurks there.
Weronika Cygan: So where is the source of the problem and the reasons for such effectiveness of online disinformation, in the lack of knowledge (often fundamental) about the world around us or in the lack of knowledge about the new technologies?
Prof. Dariusz Szostek: Both of those things are deciding factors. Many people are uneducated and do not diversify their sources of information, and thus are easier to manipulate. At the moment, in Russia, a large part of the public does not really have the faintest idea of what is happening in Ukraine, blindly believing the propaganda and Russian television that says Russia is helping. In Poland, in turn, we have a lot of people who watch only Polish Public Television and they also know the world only from one side. Lack of education and obtaining information from a single source are important reasons why some people succumb to manipulation. And even highly educated people can be fooled by some fake news – everyone should be careful. Every lie, every stupidity repeated many times makes a person wonder: “Or maybe I am the one who is wrong after all?” and then he or she begins to believe in them. In Poland, additionally, there is the issue of many people not having any knowledge about new technologies and cybersecurity, because we do not teach it at school or at universities. Such people often do not know how to defend themselves against online threats, and therefore are more likely to be manipulated.
Weronika Cygan: The activity of Russian accounts and sites that spread lies are clearly visible on Polish and foreign websites. But what does the Internet look like in Russia itself?
Prof. Dariusz Szostek: The Internet in Russia has been subject to censorship for years. When I talk to my fellow scientists at conferences or other meetings, they tell me straightforwardly that the content they have access to is visibly different to what we can see, and some content is inaccessible altogether. Now, since the war started, even more censorship has been introduced and the citizens are not able to view much of the Facebook content there. Some sites have been disabled completely, not by Facebook, but by the Russian authorities. Local users cannot visit some portals or websites – they are also filtered by their government. It is nothing new. In fact, exactly the same thing is happening in China. Chinese people do not have access to many of our websites.
Weronika Cygan: Can such disinformation efforts be directly related to the activities of a given state? We know, for example, that the Confucius Institute, which has branches all around the world, and comes under the Chinese Ministry of Foreign Affairs, in addition to popularising Chinese culture and language, often puts pressure on various institutions of other countries to replicate the narrative approved by the Middle Kingdom. These efforts often produce the intended results. Are we able to identify such links with specific hubs in Russia or other countries?
Prof. Dariusz Szostek: Such links can be identified everywhere. Of course, I do not know all of them, because I am not a specialist on Russia, but there are many institutions of this type. There are various hubs in Poland, such as the Adam Mickiewicz Institutes popularising Polish culture in the world, but we also have the Ordo Iuris Institutes… These links exist and need to be pointed out. Before, we didn’t pay attention to some things, but eventually, we start to look at them and reveal some actions. Besides, it is not only about institutions and entities with powerful influence but also about the politicians themselves. It is not only Marine Le Pen and Matteo Salvini who officially call themselves friends of Vladimir Putin. I believe that we also have many politicians who cooperate with Russia. It is natural and the same is done by the Americans in other countries, the Germans, the French and others. We also undertook many activities in Lithuania, Belarus and Ukraine. It just happens, and it also includes Internet activity.
Weronika Cygan: Attacks by Russian hackers on Estonia in 2007 when many servers and websites of national institutions were blocked is known as the first cyber war in history. However, for most people war is still associated with tanks and rockets rather than cyber attacks. Are we prepared for actions of a similar scale in Poland?
Prof. Dariusz Szostek: Indeed, such a cyber war happened for the first time in Estonia. At that time NATO’s military forces launched a counter-attack. Next was Ukraine. A couple of years ago, in 2017, the WannaCry ransomware attack took place. Ukrainian internal systems were badly affected as the result. At the turn of February and March of this year, the government and banking systems of Ukraine were attacked by wiper1, and currently, they are under DDoS attack2. It is rebounding on us daily, however, we don’t notice it. It is worth noting that for the first time in the history of Poland cyber attack alert level was raised to the third level CHARLIE. It means that there is a justified threat of some systems’ outage and it is ordered that all main and strategic resources should be downloaded from the cloud to local hard drives. We have to assume that temporary problems with access to the internet may arise or it may slow down. Moreover, possessing a small amount of cash, such that it could be useful in case of bank attacks, is advised. Usually, they do not last for a long period of time but rather are pushed back after half an hour, however, they can cause problems with payments. The last, fourth alert level DELTA is announced just after the attack. So right now, we have the highest cyber alert level.
Weronika Cygan: So, what the ordinary people should do in order to shield themselves from disinformation and cyber attacks?
Prof. Dariusz Szostek: Hygiene is the most important. It isn’t even the fact that it does not work properly in our country, but rather it completely does not exist. I think that not only the regular internet users but also many research facilities don’t know the basic cybersecurity rules. We change our e-mail passwords every few years, if at all, or we click on links sent to us in e-mails. We don’t have elementary knowledge of how to act in such situations. We teach children many useless things, whereas we fail to teach them about the basics of cybersecurity. Upon entering university, students should have classes about cybersecurity, but instead, they have library training.
Weronika Cygan: Which country could serve as an example of proper digitalisation and digital security?
Prof. Dariusz Szostek: Estonia. Even though Estonia has less financial potential, significantly smaller academic staff, fewer professors and professionals, as well as fewer universities than we do, it is the most digitalised country in Europe. They are leaders in the use of blockchain technology, which does not function in our administration. Similarly with electronic identification technology, while in Poland the Trusted Profile is rather not the best tool. Estonians are also leaders in introducing artificial intelligence into administration or judiciary. It is not a coincidence that Eurostat in 2021 put Poland at one of the last places in the whole European Union in terms of digital competencies. Poland spent a lot of money on informatisation, but not on digitalisation, take notice that those are two separate terms. Informatisation consists of buying hardware – and in this regard, our situation is actually not that bad. Digitalisation, on the other hand, is the digitalisation of content, its interoperability, and data sharing – that does not exist in our country. Please notice that digitalisation is something more than just administration. Three years ago I was in Berlin on a conference ‘Digitalizung und Bäume’ (Digitalisation and trees) about watering trees and water accumulation. Every action was based on appropriate detectors – the plants were watered when they actually needed to be watered. In Spain when they started the so-called Internet of Things (IoT) by installing detectors in trash cans in cities, the garbage trucks began to drive only to the ones that were full. It caused around 1.5 million euros of savings on fuel within a year, since the vehicles did not go to empty cans. Digitalisation is also about such ordinary things. Let’s take a look at it from an ecological perspective. We have to transport paper documents as well. A very interesting analysis was conducted in the United Arab Emirates (UAE), where the Emirates Blockchain Strategy 2021 project was introduced, on the basis of which all documents were digitalised last year and now their workflow is completely electronic. It was calculated that thanks to that cars will not have to drive 2 billion kilometres carrying letters. The ecological reality is achievable only through technology and in many of its manifestations – starting with smart cities, through public transport management (including emission-free vehicles and logistics) and ending with electronically managed renewable energy sources.
Weronika Cygan: In the face of the war in Ukraine, the slogan of the 16th UN Internet Governance Forum that took place in December 2021 in Katowice, seems especially relevant. The slogan was: Internet United, free and open internet. Is there actually a chance for us to create such an internet?
Prof. Dariusz Szostek: Let’s start with the fact that we do not have uniform internet all around the world. Around 40% of the global population does not have access to the internet. We think that the internet is everywhere because we can use it on our phones and at any moment, we can contact anyone we want. In developing countries there is no internet access, therefore people living there have limited possibilities of acquiring basic knowledge. What is the most crucial for social development? Access to reliable information and knowledge. If we deprive someone of education, then that person will have a smaller chance of development and a decent life. We have a big disproportion here, that is why the UN is trying to provide such people with these possibilities. The second problem is that there is no unified internet. In China, the internet is filled with lots of propaganda and is completely supervised by the party. There is also a system that evaluates people by giving them points based on their actions and behaviour. Permanent surveillance is not conducted by microchips but rather by cameras with the ability to identify faces. It cannot be the case that someone goes on a manifestation and everyone knows about it. Those are significant issues that we should raise.
Weronika Cygan: Thank you very much for the conversation.
1 Wiper – oprogramowanie symulujące atak ransomware, które faktycznie zamiast wyłudzać okup od ofiary, niszczy zainfekowane dane.
2DDoS (Distributed Denial of Service) polega na prowadzonych z wielu komputerów jednocześnie atakach obciążających działanie wybranej strony internetowej. Efektem jest jej zawieszenie się.
Dariusz Szostek, PhD, DLitt, Associate Professor | photo by Agnieszka Sikora