Passwords stolen, email accounts hacked, customer data leaked, computer networks infected: Almost every day brings news that affects our lives in the world of cyber space. Yet, many people still don’t care about secure passwords, safe browsing or how much of their data is floating around in the web. Renowned warfare expert and author Peter W. Singer digged into the topic and wrote the book “Cybersecurity and Cyberwar. What Everyone Needs to Know”. Peter spoke with netwars / out of CTRL about what he thinks is the reason for this ignorance about cyber security, how the fear of a cyber strike feeds a whole industry and what would be a good way to deal with cyber threats.

Your previous books “Wired for War” and “Corporate Warriors” focused on automated warfare and mercenaries. How did you get into the cyber topic and what drove you into writing “Cybersecurity and Cyberwar. What Everyone Needs to Know”?

My work focuses on how war is changing. That is why I wrote the book about private militaries, then on child soldiers and warlords, and later focused on robotics and drones. Working on that last topic led to me to wonder about a new question of not only what is new in where we are fighting but also ‘What happens when people get the wrong kind of access?’. This question sort of links my previous books to my recent book “Cybersecurity and Cyberwar”.

Peter W. Singer: Cybersecurity and Cyberwar
http://www.cybersecurityandwar.com/

What is different, however, is that in my past books, I was trying to get people to pay attention to things they didn’t know was becoming important. Cyber is the exact opposite: We all know it is important and all of us are making decisions on cyber security. But we’re doing it without effective knowledge.

In my book I’m trying to give the reader very simple tools to understand what’s happening in the space of cybersecurity: how the Internet actually works, what cyber crime and cyber terrorism is, and what we can do about it as individuals, companies, governments and military. My sense was that there was a kind of gap: books on that topic were either highly technical only for specialists or books that mostly wanted to make people scared.

Why do you think that is?

The cyber topic needs to come out of only being seen as for the so-called “IT crowd.” For too long, cyber security was viewed as a domain “only for the nerds,” as one White House official put it. Yet, that is how the Internet itself was looked at in the 1990s. But nowadays we all use it in so many different ways: communication, commerce, and in critical infrastructure. 30 trillion emails are being sent every year. You cannot find an industry that does not use the Internet.

The threats we face range from the security of your bank account, your social network or email account, to the security of the business you work at. Not to mention that cyber has become a matter of geopolitics, of conflicts on war and terrorism. We cannot treat cyber security as if it were just something “for the nerds.” At the same time, we should not treat it like something we should get overly scared about.

Nevertheless a lot of people do get scared about it. Cyber security and cyber war seem to be on everyone’s lips right now.

There are real threats and real dangers in this space. The problem with cyber security is that a lot of people lump very different things together just because they are using the same technology: The former NSA director, General Keith Alexander, testified to Congress that America’s military faces “millions of cyber attacks every day.”  He was actually talking about  very different things to get that enormous claimed number, everything from automated prosed and address scans to attempts to get inside the network for a variety of reasons hacktivism, theft, economic espionage, military espionage and so on. Yet, none of these “millions of attacks” was the so-called “cyber Pearl harbor” that people think is the risk. Talking about millions of attacks is like talking about the millions of bacteria attacking your finger right now; its true, but also useless as your only way of understanding a threat.

Do these threats feed a new market, a cyber security market?

When there are real threats, there is always a market where people seek to respond to it and profit from it. In 2012, the US Pentagon’s budget mentioned the word “cyber” 12 times. This year’s budget mentions it 147 times. The cyber security business will take off within the next years, not just within business, but also at every level of government: the city level, the state or province level and the national level. And it’s not just the US. Italy just launched a 30 million dollar cyber security center. It is a globally growing business.

We have seen and will continue to see cyber incidents. As much as a hacker is taking advantage of your vulnerabilities, flimflam people might be taking advantage of your ignorance and fear. Businesses claiming to offer 100 percent cyber security when you buy their products. There is no such thing as 100 percent security – if there isn’t in real life, why should it be in cyber?

infographic: How the cyber market develops

How likely is it that one day we will face an attack on our financial system or power grid?

There is a real danger that someone will try and carry out a cyber attack and cause physical damage. In fact there has been and there still are attempts to attack the power grid system. Such an attack could include knocking down the system and messing with the machines’ operations, just like Stuxnet did in the Iranian uranium enrichment facility in Natanz. There is a possibility that attackers could use something similar to mess with the infrastructure.

Yet, we also have to understand such systems have long been under physical threat too, from everything from criminals to squirrels. We can either just get more scared or manage our risks and fears.

What would be a good way to take precautions?

The key is to shift from only the mentality of a catastrophic and fearful ‘cyber 9/11’ vision to a mentality of resilience. We should expect that there will be bad things that will happen. That is a reality of life, as well as cyberlife. The key is to not just try to prevent them, but also to think about how to get back up again. It’s about not just preventing it but powering through.

All the nations that have benefited a lot from the Internet in an economic, social and political way must now realize that this connectivity also creates some vulnerabilities. Yet, the dependence that nations like the U.S. and Germany and others have on the Internet should not lead us back into a Cold War mentality of think the only safety lies in building the offense up to scare the other guys into not attacking. It is more about being able to power through the risks and threats, how to get back on track, how to control the damage and bring the status back in case something happens. ‘Keep calm and carry on’ is the best response.

What can be done on a personal level to think and live cyber security in a new way?

There is a need for what I call “cyber hygiene.” The best thing to be safe is to think twice about what you’re actually doing there. Its not as highly technical as too many fear. For example, it is always a good start to secure your passwords, having complex passwords and to change them frequently. And like in real life, don’t take candy from strangers – so don’t take any hardware you don’t know and don’t click on any links that you don’t know.

Even the U.S. military walked into that trap: the most successful foreign government attack on US military networks happened quite simply. A soldier picked up a shiny object in a parking lot that turned out to be a flash drive. Since he was curious what might be on it, he plugged it into a computer on the base that was linked to a classifed network.

Hygiene is not just about the simple measures of protecting yourself, but also a broader ethic. We teach our kids to cover their mouths when they cough. Why do we do that? It doesn’t protect them directly, instead it protects others from getting infected. We should think the same thing in cyber space. We have a responsibility not only for our own safety but for the safety of everyone else we connect with.

About Peter W. Singer:

Peter Warren Singer is the founder of technology advisory firm NeoLuddite. Dr. Singer is considered a leading expert on changes in 21st centruy warfare and has authored a number of award winning books. He has consulted for the US Military, Defence Intelligence Agency, FBI and a wide-range of entertainment programs. Prior to his current position, Dr. Singer was the founding Director of the Center for 21st Century Security and Intelligence at the Brookings Institution. In September he will join the New America Foundation as strategist. Visit his website: www.pwsinger.com  To learn more about his book, visit www.cybersecurityandwar.com

The netwars Graphic Novel App “The Butterfly Attack” premiered some weeks ago in mid May. The story: An elite hacker group is asked by the Norwegian government to hack the power supply system. What is supposed to be a war game becomes reality. The team has to win a race against time. The story was written by British author M. Sean Coleman. Sean not only wrote the script for the Graphic Novel App, he also wrote the ebook “The Code”, where he takes the reader on a trip through the darker side of the Internet, the Deep Web. netwars / out of CTRL spoke to Sean about his work on the book and the Graphic Novel App.

Please tell our readers a little bit about yourself and how you came across netwars.

I was born in the UK and brought up in South Africa. I enjoyed writing stories from a young age and, thanks to some excellent English teachers at school, I was able to explore that passion. I studied a BA in Scriptwriting for Film and Television at Bournemouth University, and an MA in Screenwriting at the London College of Printing.

My first proper, paid writing job was for Douglas Adams, helping to create the online version of Hitchhikers Guide to the Galaxy. It was a great job, and introduced me (way back in the mid-90s) to the idea of entertainment broadcasting over the internet.

The Internet has changed a lot since then, and the way we receive our entertainment has changed too. Netwars is a great example of that change. I was first asked to write the story and scripts for the Graphic Novel series – you will have to ask the producers why they chose me – but I’m very glad they did. The challenge of writing for a Graphic Novel format, combined with the subject matter of cyberwar, cyberterrorism and cybercrime was too exciting to pass up.

How did you come up with the story? What inspired you?

We had a big brainstorming meeting with a whole lot of people who would be involved in the project. The idea was to make sure that we all had the same concept about what the project as a whole was trying to say to the audience. One of the biggest challenges for me in writing a fictional version of accounts, was that nothing I came up with could be out of the bounds of reality. If the documentary parts of the project clearly stated that Cyber War would not happen, then the Graphic Novel story couldn’t say that it had!

Check out the trailer for the Graphic Novel App:

At first I had all sorts of wild ideas about what I would like to happen, which were more in the realms of science fiction if I’m honest. Over the course of a lot of research and a number of conversations with the experts who were consulting on the project, I slowly came up with a story that I was happy with and the team at Filmtank liked too. There were not as many stories in the news back then, as there are these days, but there was information online if you knew where to dig. I found old presentations and briefing documents for war games and cyber war games and the story developed from there.

Were you familiar with the cyber topic when you started working for netwars?

I wasn’t unfamiliar with it. I read a lot of technical and science journals anyway, and I know a lot of people who work in the IT industry. I had heard of the Deep Web, I had heard of Tor, and Silk Road and all of that. But I hadn’t really thought of it in terms of the threat it posed both to us as individuals and to our nation states. I have always been something of a geek, so researching the technology side was not difficult.

As I said before, the bigger problem was drawing the line between reality and fiction. I was aware that the audience for this project would not really appreciate me just making up facts, so I spent a long time researching what was and wasn’t possible. Of course, it’s fiction, so you have to be able to stretch the truth to the edge of plausibility, but I hope I managed it.

You did some research on the deep web for “The Code”. What did you find there and how did you feel about it? Were you scared or did you feel threatened at any point?

I did do a lot of research. In fact, probably more than I needed to considering how much it is used in the story. It wasn’t so much the research into the deep web that made me feel uneasy, it was my research into how to hack cars, planes, elevators, government computers, all of that kind of thing, that made me think I may be being watched. It did strike me that if any major cyber-linked terrorist attack happened, I would probably be on the list to visit. At least I would be able to show the authorities the novel, which I’m guessing most terrorists don’t have as an excuse.

While I was writing the book, our neighbours sold their house, and I was convinced that they had sold it to the National Crime Agency here – maybe they did, but they make very good neighbours! I also kept noticing unmarked vans parked in the street outside for hours on end. I kept feeling a lag in our internet connection, or strange connections on my phone. The thing is, when you’re locked in your room writing as hard as I was writing every day, you get paranoid anyway. When you’re writing about a cyber assassin, you have no chance!

What I tried to get across in the book is that the Deep Web is a place where anything, legal or illegal, can be bought or sold, pretty much anonymously. Life, death, right, wrong – it’s all different down there. When I tell people some of the stuff I came across, they ask why nobody is doing anything about it. I tell them that they are, they just can’t keep up. It scares people. We like to think that we are protected and safe, and that this kind of thing can’t happen to us. For the most part, we are safe from those threats, but then, we also hope that about serial killers and axe-murdering hitchhikers, and somehow we take them more seriously than any cyber threat.

Did working for netwars change your view on the topic? Are you worried about safe cyber security or surveillance these days?

It certainly made me more aware of things I could do to protect myself. It also made me more nervous of going in elevators, cars that can park themselves, or small planes… I’m something of a fatalist, in terms of the bigger picture. If it’s going to happen, then we’re all buggered anyway. But on the personal side, I think we all need to make it a little harder for people to know everything about us. Whether that is governments or malicious actors, our private data should remain private.

It makes me smile now that, here in the UK, people used to go on protests about the proposed identity card scheme, claiming that it was giving the government too much information about our personal lives. Those same people never thought twice about jumping on Facebook and sharing everything they like, think and do with the whole world. People just don’t seem to notice how much they give away. I am certainly more aware of that now.

Of course I have a series of very complex passwords, but as I know from my research, they aren’t really going to help that much if someone is able to put a keylogger on your machine, which is a pretty simple thing to do. I work on the basis that I am too boring to follow for long, too poor to rob, and too sensible to be radicalised. I also still believe that if someone really has it in for me, there are plenty of ways to get rid of me that are both cheaper and easier than turning my tech against me. They just may not be as superbly anonymous.

What are your next projects?

I have an interactive storybook for pre-school children, called Milli’s Adventures on Apple-Tree Hill, coming out in the summer on iPads and Android tablets. It’s about a little snail called Milli who doesn’t know how to be a snail and has wonderful adventures trying to find out. It was created and illustrated by the wonderful Jana Schell and I am honoured to have been able to write the stories for it. I love it. Meanwhile, I have just begun writing the sequel to The Code, so keep your eyes open at the end of the year for the second book.

About M. Sean Coleman:

Born in the UK and raised in South Africa, Sean is a writer of film and television drama, a novelist, and an award-winning writer and producer of cross-platform drama and reality series. He holds a BA in Scriptwriting from Bournemouth, and MA in Screenwriting from LCP. His novel “The Code” is available in English, German and Chinese on Amazon, on the iTunes store and on Google Books. For more info, visit his website: http://www.mseancoleman.co.uk/

Almost one year has passed since the Snowden revelations. Since then, data collection and surveillance have been the subject of an ongoing discussion. In his documentary “Reality Check”, director Niels Bolbrinker tries to find out if Big Brother has already become reality. “Reality check” is out in German cinemas Thursday, May 15th. Check out the trailer:

Trailer DIE WIRKLICHKEIT KOMMT from filmtank on Vimeo.

The Federal Financial Institutions Examination Council (FFIEC) announced last week that it wants to work on identifying vulnerabilities in the U.S. banking system, especially when it comes to smaller community banks. FFIEC is an agency in charge of developing standards and principles for the U.S. banks. In the statement, the agency also said it plans to raise awareness for cyber threats.

The statement was part of the talk “Executive Leadership of Cybersecurity. What Today’s CEO Needs to Know About The Threats They Don’t See”. In the talk, CEOs are advised to think about “How is the staff at my institution providing me with accurate and timely information about our risks and our ability to mitigate them, so that I can prioritize our resource allocations and inform the board of directors?”

The agency points wants to build a “security culture” to make sure it can identify, measure, mitigate and monitor risks in the financial industry. Therefore, the FFIEC announced to implement a new vulnerability and risk-mitigation assessment. The agency also plans on implementing a regulatory self-assessment of supervisory policies and processes. FFIEC wants to give both tests a short pilot phase and then set them in place later this year.

netwars / out of CTRL spoke to award winning journalist and author Julia Angwin, who wrote a book about privacy and data collection in times of the Internet. With netwars, Julia spoke about her book “Dragnet Nation” in which she describes how she tried to erase her digital footprints.

1. When did you decide to write “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance”? What drove you into your experiment?

For three years, I led a team of investigative reporters who researched privacy issues. During that time, I started to feel that the continuing revelations about how much personal data was being tracked was making people feel hopeless about privacy. So I decided investigate whether I could control my personal data: I sometimes call it an investigation into whether there is any hope for privacy.

2. During your research, did you find any evidence that not only companies track us but cyber criminals do so as well? If so, what scares you the most – being targeted by companies and the government or by cyber criminals? Did you feel threatened at any point?

Criminals definitely track our personal data. The most sophisticated criminal hackers today often use personal data – from people’s LinkedIn or Facebook accounts – to target them with e-mails that appear to be legitimate. Those e-mails contain malware that allows the hacker to penetrate that individuals computer, and often they can use that machine to gain control of other computers within a company.  In short, hackers now target people rather than institutions.

3. The line between surveillance and repression is thin and can be blurred easily – you know that since you had the chance to take a look at Stasi files in Berlin. How can the US make sure it’s surveillance programs won’t cross the line?

I went to visit the Stasi archive in Berlin, where I obtained and translated several surveillance files. Two things struck me about the Stasi surveilleance. 1) It was technologically rudimentary – the Stasi had to steam open letters, listen to phone calls and follow people with teams of agents. Today’s spy agencies have much more powerful tools. And 2) The Stasi surveillance was very effective. Although they had files on only one-quarter of the population, they managed to make everyone feel scared.

The question that we confront is: how do we ensure our spy agency, which has data on everyone, does not enable the type of repression that the Stasi enabled in Communist East Germany. In my mind, the only answer is oversight and accountability. We need legal and technical mechanisms that allow us to watch the watchers.

Watch Julia Angwin talk about her book ‘Dragnet Nation’ and how she tried to erase her digital footprint

4. Do you think that Obama’s proposal to end the NSA bulk metadata collection is enough to protect the privacy of individuals?

Ending the bulk phone dragnet and ensuring that the spy agency must obtain court orders to search phone records would be a good start toward protecting privacy.

5. Pretty soon we will be facing the Internet of things. We will be surrounded by things connected to the internet, monitoring our daily routines and collecting data about us. Supposing you’re not a big fan of this vision, what will be your next moves to keep your data safe? Will you stay as analogue as possible?

I am not against the Internet of things. My husband has installed sensors in the walls of our home to monitor our electricity and water usage, and I have found the data to be helpful. What I am against is not having any legal limits on the data that things around me might be collecting.  Right now, anyone who sets up a sensor can most likely collect data and do whatever they want with it.

I want to make sure that data about me is not abused. I compare it to driving a car. We know that cars are dangerous but we drive regularly. Why? Because we know that cars have met certain safety standards, and that the car manufacturers are accountable for safety errors. I want the same standard for my data – I want to enjoy the benefits of my data, but I want to ensure that it is not used against me.

6. We’d like to ask you for advice: Let’s say I don’t want to wrap my cellphone in soil paper to protect me from being traceable but I do want to take some easy steps to protect my privacy. What is the easiest way to gain back control over of my data?

The easiest things I did to protect my privacy were using safe browsing techniques, bulding better passwords and quitting Google’s search engine. The hardest things to protect were my cellphone and the data that data brokers collect and sell about me. You can see all my privacy tips at my website.

About Julia Angwin

Julia Angwin is an award-winning investigative journalist currently working at the independent news organization ProPublica. From 2000 to 2013, Angwin was a reporter at The Wall Street Journal, where she led a privacy investigative team that was a Finalist for a Pulitzer Prize in Explanatory Reporting in 2011 and won a Gerald Loeb Award in 2010. Her book, Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance, will be published by Times Books in 2014. In 2003, she was on a team of reporters at The Wall Street Journal that was awarded the Pulitzer Prize in Explanatory Reporting for coverage of corporate corruption. She is also the author of “Stealing MySpace: The Battle to Control the Most Popular Website in America”. She earned a B.A. in mathematics from the University of Chicago, and an MBA from the Graduate School of Business at Columbia University.

netwars / out of CTRL spoke with Director Tonje Hessen Schei about her latest documentary DRONE, the downsides of the drone war and the impact this kind of warfare has on the human mind.

DRONE is a documentary about the covert CIA drone war. The documentary is part of Arte’s theme special about war in the fifth dimension and will air right after netwars / out of CTRL on April 15th, 9.10pm. Tune in!

1. What drove you into making the movie and what is the idea behind “Drone”?

I got the idea for DRONE when I came across a story of a gamer who dropped out of high school and joined the Army. Because of his gaming skills he was quickly recruited as a drone pilot, and at the age of 19 he was an instructor for other drone pilots. I’m very interested and fascinated by the blurred line between the virtual and real world. When Obama promised to close Guantanamo and instead ramped up the drone war, the largest targeted killings program in history, I decided to make this film.

DRONE TRAILER TV-Version from FlimmerFilm on Vimeo.

DRONE TRAILER TV-Version from FlimmerFilm on Vimeo.

2. What do you want to teach your audience?

Drones have changed war and possibly our future. Yet so many people here in the West don’t know what a drone is. We are increasingly distant to the wars we fight, and I do believe that the consequences of drone warfare must to be discussed and debated. People need to know what is going on. The US is setting a very dangerous precedent with their use of drones, and right now Europe is moving forward acquiring armed drones – so we are at an important turning point and I believe it is crucial that we establish strong international rules for the use of drones. I also believe that there needs to be full disclosure and an investigation on who has been killed by the US drones in Pakistan, Yemen and Somalia. A decade into the drone war with no transparency or accountability and this is not acceptable. So to me it is extremely urgent that we get drone warfare on the agenda!

Recruiter with kid; copryright: Lucian Muntean

3. You approached the drone topic by taking a closer look into the gaming community and how the US military recruits young gamers for their programs. After all the research you’ve done, what do you know about the training of the drone pilots? Do you think they realize the consequences of their actions? How does the military make sure they are aware of the thin line between war games and actual war?

Gamers have very important skills that are much needed in modern warfare, and militaries across the world are now targeting gamers in their recruiting strategies. The ties between the military industry and the entertainment industry are very strong – militaries are using tools and advice from the world of entertainment to make their operations more efficient, and weapon companies also own intellectual property rights in games that are produced. I’m intrigued by the new warriors that are killing people on the other side of the world through joysticks. This does not mean that drone pilots believe they are participating in a video game, and it’s been profound to see what impact this new way of killing really has. The intimacy of observing people for long periods of time before killing them w a push of a button, then witnessing the horror and death you have caused on the ground, then often to kill people who come to rescue the wounded has serious implications for the drone pilots. So we are looking at a new and different sacrifice and post traumatic stress. To me drone pilots are part of a grand experiment and we really don’t know the consequences of this warfare on the human mind.

4. Does anyone wonder about the security of these systems? Are they aware of the fact that the system could easily fail – or even worse, that someone might get into the system, take over control and use their weapons against themselves?

The threat of hacking has always been an issue with drones. Iran claims it landed a US drone and  we have yet to see the consequences of this! Hacking a drone can be done fairly easy. Through the production of DRONE we met a US professor who hacked a drone with his students in a few hours as an experiment for the US Department of Homeland Security. So I don’t feel this threat has been properly addressed with drone technology – but this is also one of the main selling points for autonomous systems – hacking is less likely when the drone is self contained. But that raises a whole spectrum of other threats and ethical problems.

Kids with missile pieces, copyright: Noor Behram

5. US President Barack Obama carried out a surprising change of American Power. He made drone strikes and cyber attacks a top priority when it comes to war (think about Stuxnet). What are your feelings on waging war on a cyber level?

The wars of the future will for sure be waged on the cyber level, and my biggest fears are that we are facing devastating wars waged by invisible enemies, outside of declared battlefields, with no laws, no human rights, no transparency or accountability. In some ways I don’t think it’s hard to imagine that we are heading towards massive cyber attacks combined with a Robot Ragnarokk. Hopefully by then we have managed to take control of the new weapons of war and have a system of strong international laws in place.

6. We learn from your movie that drone pilots often monitor their targets for weeks or even months. This is a very frightening form of voyeurism and brings us back to surveillance and privacy. How did the revelations of Chelsea Manning and Edward Snowden affect you and your work on the movie?

Manning and Snowden have changed so much, and to me their revelations show the importance of transparency. I do believe we do have the right to know what is being done in our name, and it’s crucial to have information to understand the world around us. We live in age of surveillance and the manhunt on whistleblowers has exploded under Obama. For us this has effected how we have worked with our sources and at the same time as our investigations aim to achieve more transparency in the covert CIA drone war.

7. Meanwhile companies like Amazon think about using drones to deliver packages. How did making the movie change your views on these developments?

The civilian drone market is a whole new and different area, with DRONE we focus on the useof drones in war. But personally I don’t like the idea of anybody hovering anything over me to observe me for any length of time. So I’m really concerned about the possibilities drones open up in terms of surveillance, and the development of smaller drones that often replicated birds, bees and insects to better blend into the natural world. I am however not anti-drone technology – and believe there are many great uses to be explored, but first we need to make solid regulations to protect our rights and understand fully where we are headed. I often dream of ordering wine or food that could be delivered with a drone to the peninsula I live on. I also personally do own a drone that I intend to learn how to fly over various places here in Norway as soon as I have some time.

About Tonje Hessen Schei

Tonje is a Norwegian filmmaker who has been working with independent documentary film since 1996. She is the director and producer of the award-winning documentary Independent Intervention (2006). Other productions include Texas and the Death Penalty (1997). Tonje has a masters in film from the University of Trondheim in Norway and a BA in film production from the University of Texas in Austin. Tonje is the co-founder of Ground Productions, an independent international documentary production company based in Portland and Norway.

The Creators Project, a partnership blog between Intel and Vice, conducted an interview with netwars/out of CTRL executive producer Saskia Kress. In the interview, Kress introduced the various platforms the netwars/out of CTRL project will consist of – a TV documentary, interactive web doc, interactive graphic novel app, e- and audio book series.

“We wanted to prove with real hackers how easy it is to hack into a control system of a very critical infrastructure. And it worked!”, Kress told The Creators Project. While the TV documentary will show the status quo, the interactive web doc will take the topic one step further. Users meet a salesman who will show them how they are personally affected by cyber warfare every day. “We just show you how vulnerable you are. That´s the intention of the project – to prove that everyone is affected, and…the whole idea of personalization and emotionalizing it”, Kress says. The graphic novel app takes things to another level – where users take part in a fictional story showing them a potential cyber warfare worst case scenario.

For more information about all our platforms, check out the netwars / out of CTRL project site.

It’s no secret that Facebook collects an enormous amount of your data and allows companies to use it for advertising. Business Insider uncovered just how much personal information companies actually collect when you download or sign up for an app using your Facebook login. You give them direct access to your very private information “That can often include your email address and phone number, but frequently also includes your current location.” But there’s more: Some apps also use your birthday, your profile picture and your contacts.

If this bit of insight worries you, the Business Insider article recommends you do the following three things:

1: Stop connecting to apps and websites via your facebook account

2: Take a look at who is using your facebook data

3: Edit what they are allowed to use or kick them out

Energy specialists worry about IT security in the German energy market. “About 75 percent of energy experts see the potential of a hacker attack, software failure or computer viruses” it states in a report by the Centre for European Economic Research. Read the report here, available in German only. The individuals questioned shared their views on how the national and international energy market will develop within the next months to years.

While only 20 percent of the interviewees saw a high risk of a software failure, the majority fear a potential cyber attack. Almost half of the interviewees (47 percent) think that there’s a great risk of being targeted by hackers, while 24 percent see only a small risk of getting hacked.

The interviewees were cautious in their comments about how resistent the controlling systems of German energy suppliers are. More than half of them rated the security as sufficient. Round about 40 percent assessed the resistance of the system as good or very good. They all believe the government should do more about IT security within the energy sector: 70 percent of the experts want the government to invest more money into IT security.

The director of our netwars documentary visited Las Vegas to gather some material. Marcel Kolvenbach attended two hacker conferences, Black Hat USA and Defcon. We spoke with him about his impressions:

How does it feel to be among these dangerous guys? Actually – are there only guys? 

Yes, unfortunately there are almost no girls. I love dangerous girls! The guys – to me – didn’t look dangerous at all. I had the feeling that the place had been hijacked by government officials and company representatives to find new talent. It has been hard to spot the few hardcore hackers among the audience. I guess the reaction to the speech of the NSA boss was symptomatic: there was only one outspoken voice of protest. 99% of the audience would just applaud.

Did you take any personal precautions to prevent being hacked?

I don’t use smartphones, even in normal life. There were a number of presentations proving smart phones to be a very vulnerable target. I didn’t have any important personal data on my travel laptop. I tried to run the laptop only with a Ubuntu system, loaded from an USB stick. After the visit I will format all my media that have been exposed to online use. I didn’t use the WLAN, just the cables at the press center – as recommended. I still feel I might have been hacked, some time ago, during a Skype conference with one of the most famous US hackers. He sent me a PDF file and – I clicked on it before thinking about it. Stupid.

Did you feel personally threatened at any point?

No, not really. I feel threatened by the fact that press freedom doesn’t seem to apply any more, if you consider the things that happened in London [when the "Guardian" had to destroy material provided by NSA leaker Edward Snowden]. Feels like my work as a journalist is not protected anymore. That’s much more threatening than hackers or even cybercriminals.

Why do you think do these hackers even talk to journalists about their trade?

Journalists are important amplifiers for their message. Most hackers I met believe in an open and free society, they believe in public domain, they share what they know, to educate and inspire others, to take that knowledge and go ahead, to the next step. It is the opposite attitude to secrecy and protecting your work or your code with force, guns and courts. Really, Journalists and these Hackers are rather similar in one sense: I strongly believe in press freedom, and that journalists have to be protected against interference by the state or other powerful interests. And these guys strongly believe that the net should not be controlled by corporate or national interest, but rather by a free spirit of creativity.

What was the scariest demo hack you saw?

I would not call it “scary”, rather eye-opening or revealing. There has been a number of presentations, demonstrating that everything we use in IT can be manipulated and most likely is – including a piece of hardware. A fake charger can be used to take control of your smart phone and spy on everything you do, from online banking to all your contacts. This is done in seconds. The most impressive demo was the presentation “Out of Control” by Brian Meixell and Eric Former. They demonstrated how a SCADA device on an oil-platform or any other industrial can be exploited, creating serious damage with huge environmental effects. According to their demonstration, it is pretty easy to enter to control of these installations and blow up pipelines and other vulnerable parts. Since their daily work is to install these systems in the field, they really know, what they are talking about.

If you want to analyze the risks, you could say: it’s a combination of old technology still in use for profit reasons combined with today’s connectivity. If you have a local device with a very old protocol, that is easy to read and to change without much IT knowledge and connect this device to a public IP address, that anybody can access via internet, you’re installation is pretty much out of control. This is what has happened in the industrial world. Pumps, vaults, motors, engines, all are run by these SCADA devices, but to save costs, to avoid people having to go out in the field – sometimes in difficult to reach locations or hazardous environments – the companies decide to access these primitive controllers via Internet. It saves huge amounts of money, but comes with a very, very high risk.

Is there a way to translate these potential threats and vulnerabilities into film?

Of course, such a story has potential to great drama. Like on of these 70′s disaster movies from Hollywood. An airplane out of control or an nuclear plant, the gas and water pipes in a town. These are all potential targets. What we are trying to do in the netwars / out of CTRL documentary is to simulate, to tell the story of such a drama, what could happen if a person with malicious intent gets control? How easy is it to actually access these devices and what would be the “worst case scenario” if you combine these efforts of hacking with the effort of protecting the systems on the other side. You get a race, a race between good and evil, between white and black hat, between an aggressor and a defender. This is great stuff for any film – fiction or factual.

Do you trust the hackers you met to do the right thing and not harm anybody?

I feel people like Brian Meixell and Eric Former who work for the industry would never reveal their findings if they would suspect any harm. This would be their last day in the job. The risks are there and the people with criminal intent know it already. Now it is time to mobilize big and small corporations to take these threats seriously, to wake up stakeholders so they demand security measures, and make any employee or citizen aware of the fact that – as much all the apps and gadgets make our world more entertaining – the web and all these mobile online applications come with a very high risk.

You can compare the situation to let’s say the invention of the automobile: When there were only few around, you could do what you want, you could build your own vehicle the way you liked. Later came more and more safety regulations from the seat belt to shock-absorbing crumple zones. There are tough rules and regulations of automobile traffic today, people have to pass tests and vehicles are tested to be allowed on the road, you’ll see similar certificates, laws and restrictions for devices being connected to the Internet traffic in the future. I feel we need these traffic rules for the net to protect the freedom of movement and information. Otherwise, you’ll have too many accidents.

Would these people blow up a factory in a conflict, say, for the US Army?

Jason Healy, the director of the Cyber Statecraft Initiative of the Atlantic Council has made a clear point: cyber warfare is and will be part of any future conflict. But it will just be one tool, one type of weapon. The answer is “Yes” – any side might blow up any facility at any point, if this is part of a war strategy, if it makes sense. But any serious party in a war will not just blow up stuff because it is technically possibly. I feel, this is the big mistake when we talk about “cyber war”. People like Jason Healy are very careful, talking about “cyber war”. I had similar talks and comments when I interviewed people for the film in Israel. Many strategical analysts doubt that there is such a thing as “cyber war”. There is cyber weapons and possibly cyber warfare. Cyber is an aspect of war, like radio communications, satellite images and so on It will be used, no question. But there has to be a war first and a reason for that war before people are engaging in cyber attacks. And they will never come alone, if it is to be a “real” war. You will have troops on the ground, even if only a bunch of special forces. You’ll have air and sea based and then – in addition – cyber based weapons.

What’s your next shot for the film after Las Vegas?

A group of hackers and a utility in Germany. We’re going to film a simulated attack while the security guys at the utility try to defend themselves.

About Marcel Kolvenbach

Marcel Kolvenbach is a documentary film maker who won several international awards and has currently been nominated for the German Grimme Prize. For 20 years he has been filming documentaries for German TV stations like WDR, ZDF and arte. Kolvenbach lived in New York, Brussels and Kampala where he experienced blackouts lasting for days or weeks. The work for “netwars” challenged the author and director to portray an invisible war in pictures and sounds. For that, Kolvenbach, who studied design, used his camera to document empty rooms and how human beings and humanity disappear in them. In his eyes the real threat is the dissolution of the analogue world into the binary system. For him, “cyberwar” is the logical consequence of our world’s virtualisation.