Professional Documents
Culture Documents
C4DT_Focus
C4DT_Focus
T
he digital world is evolving Lausanne (EPFL, www.epfl.ch), the Center for Digital Trust
(C4DT, c4dt.epfl.ch) brings together academy, industry,
not-for profit organizations, civil society, and policy actors
at high speed and not a day to collaborate, share insight, and to gain early access
to trust-building technologies, relying on state-of-the-
goes by without the subject making art research at EPFL. C4DT is supporting the public
sector by acting as an expert and facilitating technology
headlines. With targeted interviews transfer, in domains such as privacy protection and
security, democracy and humanitarian assistance and
of international experts critical infrastructures.
2 3
INTRODUCTION FOCUS N°3
Cyberwar hits
Leaks have been exposing controversial activities
by the most powerful and wealthy people. But a recent
humanitarian
cyberattack on the International Committee of the Red
Cross (ICRC) has shaken the world of humanitarian aid
organisations
when it exposed the data of 500 000 vulnerable persons
who were looking for family members in crisis and conflict
regions. A “shattering event”, says Philippe Stoll from ICRC,
The data security who explains how the organisation is responding to the new
threat landscape. Such hacks – and those seen in the war
4 5
INTRODUCTION FOCUS N°3
PRESS
Leak exposes Xinjiang detention camps photographs taken by army personnel. They used a U.S. face
A consortium of fourteen media outlets published reports recognition software maintaining a database of 20 billion
based on the Xinjiang Police Files in May 2022. The leak images obtained on social media and other website, including
REVIEW
exposes the internment campaign currently on-going in around 2 billion from VKontakte, Russia’s largest social
China, where an estimated 100 000 to 1 000 000 Uyghurs networking service.
and other ethnic citizen are detained in re-education camps
in the Xinjiang region. The files contain details on 23 000 Hackers Without Borders launched to protect NGOs
detainees, 2 800 mugshots and lists of police staff and camp Founded in Geneva in the aftermath of the 2022 ICRC data
guards. They were provided by a hacker who gained access to leak, the collective Hackers Without Borders provides pro bono
computer systems operated by the public security bureaus of advice and services to NGOs, especially those active in regions
two counties. of armed conflicts. They cover prevention – such as auditing,
vulnerabilities detection, training or sharing knowledge of
Chinese cyberespionage group suspected of hitting Russia hacker’s methods – and neutralization of the attackers, such as
and NGOs in South-East Asia forensic analysis and referring to law enforcement.
Bronze President, a cyberespionage group based in China, is
suspected of trying to infect computer systems of Russian Four cyberattacks per week against the health sector
officials with a malicious file. The group had been targeting More than 400 incidents in 38 countries related to healthcare
NGOs and governmental organisations in Asia. It is likely to be have been recorded in the last two years by the CyberPeace
sponsored by the Chinese government, or at least tolerated by it. Institute, a Geneva-based NGO assisting humanitarian
organisations on cybersecurity issues. The impacted
Aid organisation in Ukraine targeted by cyberattacks organisations are active in medical manufacturing and
Charities and aid organisations bringing relief in Ukraine development, patient care, and pharmaceuticals. Each incident
are being targeted by malware, according to Amazon Web had an average of 160 000 records and a 19-day impact on
Services. Their teams “have seen new malware signatures and operations. Close to three quarters of them resulted in exposure
activity from a number of state actors” which they monitor. or leak of the data.
Massive leaks of Russian soldiers’ identities Canada confirms barring Chelsea Manning from entry
The Ukrainian government published several datasets with the The Canadian Immigration and Refugee Board confirmed
details of Russian military personal, possibly leaked by hacker decisions taken since 2017 forbidding former whistle-blower
collective Anonymous. One contained the name, army unit and Chelsea Manning [see our interview p. xx] to enter the country.
registration number of some 120 000 soldiers of the Russian The decision is based on her conviction in the U.S. related to
army – although it was not clear how relevant the list is for her providing Wikileaks in 2010 with material documenting
the current war. A second listed some 1600 soldiers of a rifle military and diplomatic action by the U.S. government.
brigade stationed in Bucha and suspected of war crimes, and a
third one exposed details of 600 officers of the FSB, the main
successor of former KGB.
6 7
INTERVIEW FOCUS N°3
a pioneer role
growing cyber-risks affecting NGOs and humanitarian Do you have ideas about the motives and the perpetrators?
organisations in conflict zones. I do not wish to speculate here nor point fingers. It is crucial
for the ICRC to stay neutral, to be able to talk to all actors –
The ICRC announced in January 2022 that the details including those who might have harmed us – in both the real
in humanitarian
of more than 500 000 persons it had been helping had and the digital worlds. This is not at all about legitimising such
been compromised. What did the event mean for the actions, but about keeping open channels. We must be able to
organisation? discuss security issues for our staff and to preserve our access
This has been an immense shock, but it was not entirely to vulnerable persons. So we need to keep the possibility of
data protection”
unexpected. We have been very much involved with maximising talking to the hackers to explain clearly the nature of the data,
the security of the people we help, including the digital and to plead directly to them not to publish, share or sell them.
environment. We are very much aware that actors in conflict I emphasise that an assault against the ICRC, be it physical
zones are interested by this kind of information – for instance, violence against our staff or a cyberattack, makes our work
8 9
INTERVIEW FOCUS N°3
It struck me that the ICRC has communicated quite Respecting cyber hygiene is often cumbersome and not
transparently, including some preliminary analysis of always appreciated by staff.
the exploit. We have a very long experience and culture of protecting
We have a strong culture of transparency and accountability. both our personnel and the aid recipients, so there is
This is linked to the responsibility we have towards the generally a good acceptance of rules designed to minimise
people we protect. We have worked hard to inform the cyber-risks. My colleagues understand why we do it, and
impacted persons about the leak via public campaigns, or accept the procedures pretty well, even when they are
individually, depending on the legislations. The national Red not ergonomic or fast. None of us wants to be possibly
Cross and Red Crescent Societies play an important role, as responsible for endangering the life of the people we are
they know well the population they have been helping. helping.
How does the ICRC manage the new risks created by What is the ICRC’s vision to protect humanitarian data?
digitisation? First, we want to exercise full control over the data we collect
We have been taking this topic very seriously. First, we and shield them from both unlawful and lawful access. For
have seen a growing demand in the field. People in crisis instance, no State can request access to data stored on
situations have digital needs: how to get internet access, our servers on premises in Switzerland, as they benefit from
save official documents, find lost email addresses, etc. immunities. This means also using technologies that do
These activities can be risky – merely using the internet not give access to third parties, but it is increasingly difficult
leaves traces – so we assist them in doing it safely. Second, not to use external software and cloud solutions. This is
the ICT tools used by our staff raise safety and privacy particularly tricky as they have been designed for countries
issues. at peace, not at war. We are working with universities
The cyber-risks might be similar to those in other industries, to develop solutions beyond off-the-shelf products.
but the consequences are very different. If you live in a Another goal is to use an independent cloud, to avoid the
peaceful a lawful country, you might be angered when dependency on providers and their own legal obligations, for
You often compared the real and digital worlds. But
finding out you have been geolocalized by a company or by example in case of international economic sanctions or legal
hackers can come from anywhere and might not even be
the government, but in practice nobody will threaten you. It actions.
involved in the conflict, contrary to a belligerent on the
is very different in a conflict zone, where a government or Second, all the signatories of the Geneva Convention (all
ground.
a rebel group learning details about your whereabouts can States, Ed.) have adopted our 2019 resolution to contribute
Indeed, this is a challenge. The main difficulty is to link online
become a matter of life and death for you. to the protection of humanitarian data used for restoring
attacks with offline impact. This is abstract and most people do
One paramount rule for the ICRC is to do everything we can family links. Our objective is to extend it in 2023 to all data
not understand the consequences of a cyberattack. It is not like
to minimise the risk to the persons we help, so we must collected for humanitarian purposes, such as those on food
the bombing of a hospital, where the way it affects people is
take cybersecurity extremely seriously. We also aim at distribution or health provision.
immediately visible.
being a role model, or at least taking a pioneer role, as most
humanitarian organisations lack the resources to explore You are working on a digital emblem for humanitarian
solutions to cyber-risks. We have many people working data. What is it?
on these issues, defining strategies, writing guidelines or The goal of the emblem is to identify and protect
working with IT specialists, governments and lawyers to humanitarian data and servers, in the same way our
ensure the data we collect is protected. official emblems – the Red Cross and the Red Crescent
We published for instance a detailed handbook about data – identify and protect our staff and infrastructure on the
protection in a humanitarian context, including new trends ground. We are collaborating with universities on the
such as the blockchain. We also propose an immersive, technical aspects. The second dimension is legal, namely
interactive online training to help staff grasp concretely developing a framework that recognises the unique nature
the possible consequences of mundane actions such as of humanitarian data and ensures their protection via a
sending documents via unencrypted email or sharing them digital emblem. The third is operational and concerns
online, using a cybercafé, or keeping confidential information its deployment. That said, we are aware that identifying
on a USB stick. humanitarian data could increase their visibility and thereby
the risks of cyberattacks, so the pros and cons must be
carefully weighed.
10 11
INTERVIEW FOCUS N°3
Hacking personal details of humanitarian organisations or in Europe. In the case of the ICRC hack, the goal could be to
military personnel has often little direct use, says Chelsea weaken the organisation in regions where it is not welcome, or
Manning. It rather aims at disrupting operations and disrupt the Western nations, which are the organisation’s main
creating controversies, explains the former whistle-blower supporters.
and U.S. Army intelligence analyst.
Many data leaks have been about wealthy persons
According to the ICRC, the hack of their data on 500 offshoring their finances or normal citizen using internet
000 vulnerable persons was compatible with an attack services. Here it concerns the most vulnerable of us, such
launched by a country or a state-like actor. Do you concur? as war prisoners or civilians suffering from armed conflicts.
It had all the hallmarks of a state, or at least of a state- This hack seems especially amoral.
sponsored actor working on behalf of a government. Its It is terrible, this is clear. Now, if you allow me to talk from an
complexity reminds of the 2015 hack the U.S. Office of analytical perspective: it is not so clear that the persons whose
Personnel Management with the stealing of the records of 20 data have been leaked will be directly suffering from it. In
million federal employees and contractors. These differ from such hacks, the information is very often not published, or not
usual hacks, which are more dependent on bad luck or the really used. Also, such leaks can get quickly drowned by new
exploit of a big loophole. information. And the longer time elapses after the leak, the more
buried it becomes. Like sediments at the bottom of the ocean,
What can be the goal of getting such data? information gets fossilised over time.
I view it as fifth-generation warfare, namely non-lethal actions
such as misinformation or propaganda. A hack, even if complex, Ukrainian media have leaked several datasets of Russian
is relatively cheap when compared to an operation with secret soldiers, including one of a unit allegedly in Bucha during
services personnel. You can understand it as a disruption the suspected war crimes. What role can such leaks play in
operation made far from the actual battlefield. The goal of warfare?
such hacks is usually to muddy the water, create a negative It is hard to assess. It is similar in nature to what I was describing
impact, sow confusion and generate controversies so that above as fifth-generation warfare: creating instability amongst
the authorities must invest energy and time in reacting to the the other belligerent. In the case of Bucha, of course, it could
aftermath of the hack. One can see it also in the meddling of have relevance should an international court charge army
Russia in Brexit, the U.S. presidential elections or far-right parties personnel for war crimes.
INTERVIEW FOCUS N°3
14 15
INTERVIEW FOCUS N°3
What solution are you developing with the ICRC? What other insights did you get?
We are designing systems for aid distributions that provide That the time needed for an ID check matters on the ground. A
accountability while protecting privacy. One avenue we are simple printed list with recipients can be a safe method from a
pursuing is based on a smart card that stores biometrics privacy perspective, but it can take a few minutes to use. This
information. The latter can then be verified in a decentralised can create a line of a hundred persons, which might attract the
manner at the distribution point, without the need of a central attention of authorities or rebel groups who do not welcome the
database storing sensitive data. This removes the risk of a work of the ICRC in their region. Speed is therefore important for
hack that would compromise the biometrics of thousands of safety reasons.
aid recipients. Physical smart cards can be stolen, true, but
obviously not on the same scale. How far are you in the process?
A second proposal is to work with smartphones. This could work We have the cryptographic design and mathematical proofs.
in a region like Ukraine, but certainly not in many places where The next step is to circle back to the ICRC and validate it. When
electronic devices are not widespread. designing a system, you always make choices. They might
challenge us to make different choices.
How does the accountability part work?
We found out that detailed transaction records are not Many other industries would have use for systems allowing
necessary to prevent fraud. For instance, the number of aid to audit transactions without compromising privacy.
packages correctly distributed in one region within a given Yes, but I am not sure that our system could be readily adapted
period can be recorded without names or specific times. to another environment. Because the specifics and the context
Auditing aid distribution is about balancing the books: checking of an application really do matter, especially regarding privacy.
if the amount of aid delivered corresponds to the amount of aid This is why so many designs allowing for easy generalisation in
requested by the population. other contexts are often not really privacy-preserving. We want
In our system, the smart card signs anonymised transactions. to do better.
These provide an unfakeable record of the goods that were
distributed, allowing audits without leaking personal data.
18 19