Published: April 28, 2015
Cyberattacks on Polish institutions in 2014 were at all-time high according to the Polish Computer Emergency Response Group (CERT.GOV.PL). Attacks were detected on the stock market, the National Election Bureau, the websites of the president and government administration. More recently, the phenomenon of internet trolling and the so-called deployment of “useful idiots” by Russia have been noted by CERT. These latest activities represents elements of a hybrid warfare.
The report on the state of cyber security in Poland for the year 2014, published by CERT, an organ of the Internal Security Agency, can be found here: http://bit.ly/1DxIrHz.
Last year, the record number of 12,017 reports was made by individuals, 7,498 of which were considered as legitimate incidents. As in previous years, botnets made up the majority of reported incidents with 4,270 in 2013 and up to 4,681 in 2014. When compared with the ARAKIS.GOV statistics from 2013, there was a surge in alerts: 2013 – 18,317 while in 2014 – 28,322, with the highest increase in high and medium priority alerts.
A major rise in dynamic and long-term relentless attacks utilizing state of the art tools and methods was observed by CERT Poland. This means that although the increase in cyberattacks year after year in our globalized and digital world comes as no surprise, the level of intensity and sophistication of the attacks become a cause for alarm as this leads to the conclusion that only well organized groups with large financial resources could be capable of such attacks. One important component is the involvement of groups and resources backed by foreign states.
CERT also reveals that by mid-August 2014, DDoS attacks were carried out on sites such as prezydent.pl, gov.pl, and some administration sites belonging to the Polish government. A group calling themselves “Cyber Berkut” has taken credit for such attacks. According to their website they cite Poland’s engagement tied to the armed conflict in Ukraine as motivation.
CERT.GOV.PL investigated incidents in connection with Polish regional elections of 2014. The National Election Bureau was informed that their test server was completely exposed. The team also had to follow up on reports on information leaks from the National Election Bureaus, telecommunications system that exposed not only e-mail addresses and logins, but encryption keys and passwords along with names of individuals. The cyberattack was revealed to be an SQL injection type attack. Such attack focuses on directing a special request to the server in order for it to execute an unauthorized fragment of SQL code leading to a potential leak from a sensitive database.
Aside from the DDoS attacks, the Warsaw Stock Exchange had its gpwcatalyst.pl and newconnect.pl website hijacked on October 23rd 2014. The gpwcatalyst.pl website had its content replaced with a jihadi image and the words “To be continued…” written in English on the main page, and its archival data stolen during the attack published on the hijacked website.
CERT stresses that the internet and social media due to its easy accessibility and navigability have become a key tool in bolstering military and intelligence activity of foreign countries by engaging in steadily more effective disinformation, web propaganda, and information warfare. Individuals engaged in such activity can be divided into the following categories:
- hired individuals whose work is comprised of posting in the comment sections of particular online articles so as to purposefully counter general public opinion by presenting in positive light certain key events or improving the image of certain public figures citing for that purpose certain selected and manipulated facts.
- “useful idiots” or individuals equipped with social media profiles or blogs that are able to publish desired posts and opinion pieces and disseminate fabricated stories and misleading information thereby engaging in disinformation.
“Desired” comments and posts are written based on a similar and straightforward pattern. They tend to be quite long, almost exhaustive, and are highly rated by other “users” in order to move up to the top of the comment sections while conflicting texts are rated poorly or thumbed down by other engaged and concerned “users.” Other posts or comments of similar form and content are found on separate websites only several seconds apart. The grammar, spelling, and proper written Polish form of these publications seem to improve over time.
The analysis of the online discussions, predominantly on social media sites, throughout 2014 indicates tremendous spikes in online activity, the so-called “trolling” on the Russian actions over the annexation of Crimea and the conflict in Ukraine. The unnatural spike in comparison to other news stories a year ago was observed. Polish news sites were uncontrollably “flooded” in the first few weeks of the conflict, CERT reports.
Translation : Daniel Lanzarjewicz