Conventional versus Non-Conventional Cyber Threats

Štítky:

With the spread of modern technologies into everyday life as well as security, cyber security increases in relevance. However, preoccupied with hackers’ wars, we tend to miss the fact that our minds are constantly under attack in the cyber environment as well. While our minds might be under greater threats online than our material property, we seem to do much less to protect them.

The conventional concept of cyber security

In their 2015 book Cyber War versus Cyber Realities, Brandon Valeriano and Ryan C. Maness doubt the concept of cyber warfare as something, well, virtual. If we understand war as “armed fighting between two or more countries or groups”[2], then we have to admit that nothing such as cyber war has ever occurred. There were certainly cyber attacks, we might even say that there were cyber clashes, and cyber-attacks quite often accompany conventional wars – such as now in the case of the Russian invasion of Ukraine. Since this concept is rather new, it has attracted a lot of attention that exaggerates its possible impacts and capabilities. Today it seems more and more obvious that the term “cyber war” makes about the same sense as “air war”, “land war” or “rocket war” – those are not wars on their own. It is difficult to imagine that two or more countries will fight only by using the air force for example. Cyber capabilities are becoming part of the conventional force used during wars, as another option for hitting an enemy. And like all other methods, it has a lot of advantages as well as disadvantages.

The concept of futuristic cyber warfare, hackers stealing information and disabling whole systems – as we can see in Live Free or Die Hard or in Mr Robot series. Ideas of hacking, taking control of others’ futuristic weapons, disabling electricity grids and so forth, are in fact so exciting for the public audience that they have found their way even into conventional franchises such as James Bond or Star Wars. These popular imaginations have often very little to do with reality. Even though the popular and seemingly all-powerful Anonymous hacking group, in fact loosely organized brand, has declared cyber war on Russian President Vladimir Putin, we have not seen much more than several DDoS attacks and defacements against Russian and Belorussian official websites and media [3] – hardly enough to tip the scales of the war in Ukraine.

Illustrative picture. Source: Wikipedia

Since we rely more and more on computers and networks for our work, cyber security is becoming a huge business globally. Only in North America, the cyber security market was worth over 62 billion USD in 2020 [4] and the cyber security business globally is expected to grow to over 500 billion USD globally by 2030 [5] – just for comparison, the global automotive industry was worth 2,8 trillion USD in 2021 [6]. The importance of cybersecurity is then reinforced by the popular imagination of dangerous hackers mentioned above. This is not to say that cyber crimes and attacks are not a real threat: in 2021, cyber crime caused damages of 6 trillion USD globally and this number is growing [7] – in this perspective the money paid for cyber security globally seems to be underwhelming. Similarly, the Russian cyber offensive, which accompanies its invasion of Ukraine [8], justifies the growing military and other government investments in cyber security. Yet despite the popular imagination of a black hooded hacker sitting in a shadowy room by the laptop doing his coding magic, the majority of attacks use different forms of phishing and exploiting vulnerabilities such as using basic passwords for accounts and network protection and therefore could be prevented relatively easily.

What is described above may be called a conventional concept of cyber security: someone tries to steal information or money, or disable some systems using a variation of tools such as coding and social engineering. These attacks can be orchestrated by both state and non-state actors, and they usually cause material damage – at least in one case cyber attack caused even a death of a person in 2020 [9]. However, I claim that cyberspace offers much more dangerous ways of attacking a person and even whole societies.

Homo Internetus

As the internet spreads, it is no longer a tool – the internet became an environment. According to the Digital 2022: Global Overview Report [10], the number of internet users reached more than 5 billion, or 63 % of the world population in 2022. 94 % of internet users use social media every month and 6 in 10 internet users buy something online every week. An average internet user spends nearly 7 hours a day on the internet across various platforms. If we assume that a regular person sleeps 7-8 hours a day, this is almost the same time. Out of this, the average time spent on social media is 2,5 hours daily (unsurprisingly, Facebook is the most favourite platform followed by YouTube, WhatsApp and Instagram). There are also 5,3 billion unique mobile phone users globally. Naturally, all these numbers are steadily growing. It seems like the internet is slowly becoming our second habitat – habitat for the new kind of human, homo internetus?

Since humans learn and build perceptions about the world based on their everyday experiences, the fact that some 40 % of our experience making is migrating online should be worrying. There is no precedent for such a massive migration of human minds and what it might do to them. Since these worries greatly exceed the expertise and ambitions of the author, the article will try to look specifically at the security dimensions of this online migration.

Illustrative picture. Source: Google

Fiction of safety

One of the issues with the online environment is that it seems to be safe. While we browse the internet, and social media, and watch videos and movies, oftentimes from the comfort of our own living rooms or bedrooms, we do not realize that we are often exposed to the outside world much more than we think. For instance, we automatically share plenty of personal information about ourselves online. Be it our email address, our phone number, our personal photos, our location… Every “cool” website, such as Instagram, Facebook, YouTube etc. forces you to personalize your profile and to share as much of your personal information with other users. We comply and share all the information without thinking about possible repercussions. The information can be then easily used for stalking, bullying, sexual harassment, but also phishing, or spear phishing. The information we put online about ourselves, once there, can be very difficult, if not impossible, to remove.

The phenomena like FOMO (fear of missing out) or feelings of depression and loneliness are well-proven results of the usage of social media. However, a series of articles by Jeff Horowitz published in the Wall Street Journal in 2021 based on the Facebook leaker France Haugen shows that not only Facebook directors knew about these negative phenomena because their teams have studied them thoroughly, but that they were avoiding options that would help solve these issues because they would also decrease the platform’s revenues [11]. Moreover, to maximize the profits, they were often using methods to do exactly the opposite: for example, if you searched for content such as healthy food, the algorithm started to offer you more radical seemingly related topics that eventually led you to pages propagating anorexia and other self-harming practices. While the illegal hackers provably killed one person, how many people were led to anorexia by the legal algorithms of Facebook, especially young adults for whom it is important how they look? And Facebook, or Meta now, is certainly not the only social media to blame.

Into the Rabbit Hole

Social media offer many rabbit holes. If the algorithm thinks you are into conservative parties and politics, or patriotic topics, it can slowly start to drag you into more and more extreme right-wing political topics. If you click on something dubious or questionable that catches your interest – because as humans, we are curious – you might easily end up feeding yourself more and more insane conspiracy theories. This is how you can easily become radicalized before you know it. Some extremist groups even use the algorithms to their advantage. The far-right and white nationalists managed to work very well with hashtags, luring new audiences and eventually new people into their ranks. This well-organized strategy, where you combine trending hashtags with those of your groups‘ is called hijacking and was widely used during the COVID-19 pandemic [12]. Isla Vista massacre (2014) killer was part of the loose far-right connected movement of incels [13], Christchurch mass shooting (2019) perpetrator was openly racist and far-right in his views [14]. Both of those killers got radicalized online, being caught in rabbit holes – and became symbols for their movements, attracting more followers.

Illustrative picture. Source: Wikipedia

As the abovementioned series of articles about Facebook’s leaked flaws shows, Meta’s (since 2021 the new name of the parent company of Facebook, Instagram, WhatsApp etc.) algorithms are designed to keep users active on its platforms as long as possible – to maximize profits from both the advertisements and the user data collection. Therefore, the algorithms amplify hate speech. In the case of the Rohingya genocide in Myanmar in 2017, it has been claimed these and other careless actions helped to fuel the massacre that left an estimated 10 000 people dead. Rohingya people sue Meta for these actions today [15].

Outside threats

Thus far, the text was about something we might call grassroots threats that organically emerge in the online environment. These grow and expand thanks to the particular way platforms such as Meta’s Facebook and Instagram work. However, some groups and states use the online environment to threaten our societies from the inside. The far-right attempt to the takeover of the online narratives is one obvious example. In addition, ISIS also used social media to find new sympathizers and recruits [16]. Countries like Russia have well-documented troll farms [17], which use social media to alter narratives and public opinions to the advantage of Russia. A number of other governments hire similar troll farms – among others Turkey, the Philippines, China, and India. Sometimes they are used to alter domestic opinions in favour of certain politicians or political groups – which is mainly the case in Turkey or the Philippines.

As an example par excellence serve Russian troll farms in their effort to undermine the unity of the West. They repeatedly interfere in Western elections – the 2016 US presidential elections are the greatest example of this [18] – and try to alter moods in Western societies, since the beginning of Russia’s full-fledged invasion of Ukraine at the beginning of this year, the troll farms try to undermine West’s support for Ukraine [17]. Since the beginning of the Russian invasion, Russian state-sponsored media, most prominently Russia Today and Sputnik News, were blocked in the EU [19]. In spite of this, Russian trolls are still able to operate and poison public opinion.

Rethinking cyber security?

The aim of this article is not to say that conventional cyber threats such as various attacks by hackers are nonexistent or overstated. Instead, the aim is to explain that there are many unconventional threats in cyberspace with which we interact daily, which might be even more dangerous than those posed by hackers. While hackers threaten material goods, troll farms threaten our minds. While there have been only individual cases of people killed by hackers – and always unintentionally – there have been thousands, if not tens of thousands killed by people manipulated and influenced by sharing fake news and hatred online. If we spend millions of dollars yearly on antivirus software and other cyber security tools, we need to similarly find a way how to protect our minds from the manipulations they face in cyberspace.


The article was reviewed by: Martin Blecha and Tomáš Zwiefelhofer .

Sources:

[1] Valeriano, Brandon and Maness, Ryan C. 2015. Cyber War versus Cyber Realities: Cyber Conflict in the International System. Oxford University Press. 1st edition.

[2] Cambridge Dictionary. “war.” Cambridge University Press 2022. Accessed August 25, 2022. https://dictionary.cambridge.org/dictionary/english/war.

[3] Tidy, Joe. “Anonymous: How hackers are trying to undermine Putin.” BBC. Accessed August 25, 2022. https://www.bbc.com/news/technology-60784526.

[4] Globe Newswire. “With 13.4% CAGR, Global Cyber Security Market Size to Surpass USD 376.32 Billion in 2029.” Accessed August 25, 2022.  https://www.globenewswire.com/news-release/2022/06/14/2461786/0/en/With-13-4-CAGR-Global-Cyber-Security-Market-Size-to-Surpass-USD-376-32-Billion-in-2029.html#:~:text=North%20America%20Cyber%20Security%20Market,2020%20(USD%2062.41%20Billion).

[5] Grand View Research, Inc. “Cyber Security Market to be Worth $500.70 Billion by 2030: Grand View Research, Inc.” Ciscion PR Newswire. Accessed August 25, 2022.  https://www.prnewswire.com/news-releases/cyber-security-market-to-be-worth-500-70-billion-by-2030-grand-view-research-inc-301529880.html.

[6] Statista. “Global automotive manufacturing industry revenue between 2019 and 2022.” Accessed August 25, 2022.  https://www.statista.com/statistics/574151/global-automotive-industry-revenue/#:~:text=Revenue%20%2D%20automotive%20manufacturing%20industry%20worldwide%202019%2D2022&text=The%20global%20automotive%20manufacturing%20market,trillion%20U.S.%20dollars%20in%202021.

[7] Morgan, Setve. “Cybercrime To Cost The World $10.5 Trillion Annually By 2025” Cybercrime Magazine. Accessed August 25, 2022. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/.

[8] RFE/RL. “Microsoft Report Details Relentless Russian Cyberattacks On Ukraine.” Accessed August 25, 2022. https://www.rferl.org/a/microsoft-russia-hacking-ukraine/31824105.html.

[9] Eddy, Melissa and Perlroth, Nicole. “Cyber Attack Suspected in German Woman’s Death.” The New York Times. Accessed August 25, 2022. https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html.

[10] Data Reportal. “Global Digital Overview.” Accessed August 25, 2022. https://datareportal.com/global-digital-overview#:~:text=A%20total%20of%205.03%20billion,12%20months%20to%20July%202022.

[11] Horwitz, Jeff. “the facebook files.” The Wall Street Journal. Accessed August 25, 2022. https://www.wsj.com/articles/the-facebook-files-11631713039.

[12] Stephany, Fabian and Darius, Philipp. “Hijacking Hashtags in Times of COVID-19: How the Far-Right Polarises Twitter.” The Humboldt Institute for Internet and Digitalisation. Accessed August 25, 2022. https://www.hiig.de/en/hijacking-hashtags-in-times-of-covid-19-how-the-far-right-polarises-twitter/.

[13] BBC. “Elliot Rodger: How misogynist killer became ‚incel hero‘.” Accessed August 25, 2022. https://www.bbc.com/news/world-us-canada-43892189.

[14] BBC. “Christchurch massacre: Inquiry finds failures ahead of attack.” Accessed August 25, 2022. https://www.bbc.com/news/world-asia-55211468.

[15] BBC. “Rohingya sue Facebook for $150bn over Myanmar hate speech.” Accessed August 25, 2022. https://www.bbc.com/news/world-asia-59558090.

[16] Ward, Antonia. “ISIS’s Use of Social Media Still Poses a Threat to Stability in the Middle East and Africa.” RAND Corporation. Accessed August 25, 2022. https://www.rand.org/blog/2018/12/isiss-use-of-social-media-still-poses-a-threat-to-stability.html.

[17] The Guardian. “‘Troll factory’ spreading Russian pro-war lies online, says UK.” Accessed August 25, 2022. https://www.theguardian.com/world/2022/may/01/troll-factory-spreading-russian-pro-war-lies-online-says-uk.

[18] Abrams, Abigail. “Here’s What We Know So Far About Russia’s 2016 Meddling.” Time. Accessed August 25, 2022. https://time.com/5565991/russia-influence-2016-election/.

[19] Schechner, Sam. “EU Orders Removal of Russian State-Owned Media From Search Results, Social-Media Reshares.” The Wall Street Journal. Accessed August 25, 2022. https://www.wsj.com/livecoverage/russia-ukraine-latest-news-2022-03-09/card/eu-orders-removal-of-russian-state-owned-media-from-search-results-social-media-reshares-Nxb4WXbCaQnCUMmL9Mvk.

Napsat komentář

Vaše e-mailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *