Interview for Ukrinform

Russia is the most active country that conducts such a first-ever organized information warfare in cyberspace, mainly, in Ukraine. Among other things, Russians also physically and in cyberspace influence the Polish-Ukrainian relations. Member of the European Parliament, Vice-Chair of European Parliament’s Delegation to the EU-Ukraine Parliamentary Association Committee, ex-Minister of Administration and Digitization of Poland, Michal Boni, shared his views on this in an interview with Ukrinform.

– The last year was quite significant in the context of using cyberspace for all kinds of illegal activities, particularly information wars. What common challenges are now being observed in cybersecurity?

– The first thing we need to pay attention to is usual cybercrime against a certain person. The more digital tools we use, the more threats we face. They concern the security of our data, our money. Illegal trade, sale of drugs, theft of money from bank accounts – it’s about 400-450 billion euros annually. And this is a huge amount. Because of the large scale of calls, it is necessary to introduce various security systems. The European Union is now developing a new strategy for cybersecurity, and since digital calls have no borders, interstate cooperation is necessary.

Secondly, it is necessary to pay attention to large-scale threats, for example, the use of malicious software like Ransomware or WannaCry, when cybercriminals forced users to pay for unlocking electronic devices infected with viruses. The more bitcoin (e-currency) is on the market, the easier it is to conduct such type of operations. We dealt with this case around the world a few weeks ago, when it suddenly turned out that more than 200,000 computers in 150 countries became objects of cybercrime, particularly a part of Britain’s healthcare system. In cybersecurity, much depends on the analysis of various kinds of risks relating to large and small companies, and individual users.

– What should we know?

– We should understand that [in case of a cyberattack] logins and passwords should be changed, electronic means should be completely disconnected, there should be no respond to various kinds of provocation. For example, I’ve recently received a letter from the European Commission with a request, and no specific name or surname of an official was written there. I immediately threw this letter in the wastepaper basket.

But also, a third element exists. We live in a period of cyberwarfare. Apart from stealing data from computers and security, there is still an organized information war that uses digital tools. I mean the attempts to paralyze some control systems, for example, energy systems and the like.

= As it was in Ukraine…

– Yes, as it was in Ukraine two years ago [a cyber attack in December 2015 on computer control systems in the control room of Prykarpattia Oblenergo with the help of the BlackEnergy trojan], as it earlier was with the Estonian banking system and so on.

Today we are dealing with an information warfare, which is quite different than it was several decades ago. When flyers were thrown from the planes …

– And now “flyers” on the Internet affect the elections in the US, France …

– Yes. As it was in the case of electronic correspondence hacking during the presidential election campaign in France, where a part of the material was fake. Among real letters, fake ones were thrown in, which read that allegedly Emmanuel Macron orders drugs and asks them to be delivered to the parliament building. At present, technically it’s possible to make a false letter and put it in the correspondence package of another person, and then organize a leak on the Internet and state that person isn’t honest. And it was skillfully played during the election campaigns in France and the United States and all the time played out in Ukraine.

– And it’s all done by the same country…

– Russia continuously wages cyberwarfare against Ukraine, and we should speak openly about this. It has very developed tools for this. Moscow was one among the first countries that created a factory of trolls that devise various events, and then comment on them. Once one fact was established: a fake, which is created by a troll and which is actively distributed on the Internet, becomes as public as possible within 48 hours, and the president of a country comments on it. So, the governing of politics takes place, which is very dangerous. Trolls are well paid; they have a lot of guises. I can see it well by “hate comments” (hate speech) in my social networks. For example, in my Twitter, I observe that someone is writing something about me, and this person has only four people who are following him on Twitter. And yesterday or the day before yesterday they were actively writing on Twitter to someone else.

Fake news stories are now functioning as a profitable business model as well.

Of course, now everyone is becoming more cautious and with the help of fact-checking the authenticity of information on the Internet can be checked.

– But the Russians are unsurpassed in the issues of spreading disinformation.

– In my opinion, Russia is the most active country that conducts the first ever organized information warfare in cyberspace.

But Chinese are also trying to act in this direction. When they didn’t want to let Facebook in the country’s information space, an alternative social network, Weibo, was created, which has more than 400 million users. National funds were used to pay some of these users and their activity on the Internet. If it was necessary to activate some anti-Japanese sentiments, they were instructed that information of certain content had to be released on a particular day. And later it was stressed that the society was actively responding to some events. This is also an example of paid manipulation.

But, as to Russia – it is an attempt to influence the views of people. In Britain – before the referendum on the withdrawal from the EU, in France – during the elections, in the Netherlands – on the eve of the referendum on the Agreement on the EU-Ukraine Association. Unlike other channels of communication, a message on the Internet within the first 10 minutes can have thousands of information consumers, and in a few hours – millions. Therefore, the volumes of the influence, the creation of emotional tension on the Internet are much greater than in the print media, on television, on the radio. In the media, there are publishers, editors, who determine the reliability of specific information. But on the Internet, it is difficult to control the reliability of information, while fact-checking has appeared not so long ago. It’s not about introducing any form of censorship, as the speed of spreading information and its impact is enormous, and we should pay attention to this.

– Do you mean, for example, a shot from a grenade launcher at the Consulate General of Poland in Lutsk, an arson attempt at a Polish school in Mostyska?

– Exactly. It seems to me that we should be aware of this. It’s not even about an arson attempt at the school, but about the fact that tweets or posts on Facebook are then created around this event, how they are interpreted. If this kind of event happened 20-30 years ago, it would have been mentioned briefly on the tenth page of a newspaper, and there would have been no extraordinary publicity about it. But now the Internet is a tool that raises insignificant events to the rank of super-important to inflate various emotions in the society. And that’s why I openly say that Russians are behind this because they want the Ukrainian-Polish relations to be bad so that Ukraine cannot transform.

– Now we are in a state of information warfare. What should we know about it and what should we do?

-As to the functioning of critical infrastructure, it’s necessary to have a good cyber defense with the ability to quickly restore the system if various problems occur. Society must constantly be aware of the presence of threats in cyberspace and form a sense of responsibility among ordinary users, in companies, in public institutions. It’s also necessary to implement various technical solutions, for example, the technology “security by design” – introducing various security elements in a device from the very beginning – coding, encryption so that no one can get into the device. These and other solutions give us a greater sense of security.

In the field of information warfare, we must take care of the reliability of information sources available to citizens

– At what level?

– At any level. Media owners must control whether the information they spread is reliable or not. The national media should take care of this, social media should also think about this. But not in such a way, as the German government does today. In Berlin, they want a quick response to false information on Facebook – removing of information. Otherwise, a significant fine will be imposed on a distributor of information. The respond to unchecked and false information should be as quick as possible. We must also strengthen the influence of reliable sources of information. This “information garbage” will continue functioning for some time, but eventually people will learn to counteract it, because they will no longer trust doubtful sources. And in order they stop to trust them, we should show that this or that is untrue, this means that the response must be immediate and decisive

EU should be more active in the fight against cyber threats from Russia. These actions should be more coordinated, since Russia is one of the most aggressive countries in the information warfare.

– Special units were created in the EU countries to monitor the appearance of misinformation…

– In the European Commission there is a department for monitoring information space. In the EU, there is a dispute. As far as I know, Vice-President of the European Commission Federica Mogherini wants to reduce the funding of this unit, saying that money is needed for something else. I consider this to be a mistake, and we will fight for the funds, allocated for activities on unveiling misinformation, not to be decreased.

In Brussels, there was an agreement that the EU countries should actively join in this. But apart from Germany, other countries haven’t yet shown significant activity. This issue is very important, as the governments of many countries do not fully understand the threat. Only last year showed a significant scale. Brexit, elections in the US and France. Therefore, Germans are so afraid that something similar can happen before their autumn elections.

– Should the EU punish Russia for aggressive misinformation and cyberwar against certain countries? Once there was a concept of disconnecting Russia from the payment system SWIFT. Is it worth returning to this issue?

– Sanctions against Russia are in force. The EU is now fighting against their abolition, while the US’s position has somewhat changed. Officially, President Trump says that sanctions will be extended, but in fact it is not known what he will do. Therefore, now it is important to keep sanctions, and constantly check how they operate. Disconnecting from SWIFT is quite a significant lever, as it blocks all bank transactions. The question is whether this disconnection should concern everyone in Russia, or only certain individuals. The EU does not want to impose sanctions that will affect ordinary Russians, who are not responsible for the aggression against Ukraine. Putin will not react to sanctions when ordinary Russians live worse, he isn’t interested in ordinary people. Therefore, you need to think about how this should work.

But no doubt, the EU should be more active in the issue of information warfare. These actions should be more coordinated, since Russia is one of the most aggressive countries in the information warfare.

Yuriy Banakhevych, Warsaw