Cyberspace. Cyberwarfare. Cyberterrorism. These terms evoke powerful responses, which rightly cause a subconscious worry among those who read them. Therefore, there is nothing odd about Polish politicians eagerly using such terms, especially in context of the threat from Russian intelligence services.
Yet when push comes to shove and when a mediocre hacker decides to “call” — it suddenly turns out that Polish politicians are like children when it comes to the fundamental issue of online security.
They’re powerless, inept and unprepared.
All of the warnings directed towards them by qualified institutions and security services dealing with combating online threats have been disregarded by these MPs.
The result? The scandal from Monday, for one. Unknown culprits took over the Twitter account of prominent Law and Justice (PiS) politician Marek Suski, the former head of the prime minister’s political cabinet (2017-2019). The hackers, under Suski’s name, posted entries on social media which accused Ewa Z., a local United Right activist, of sexual harassment.
The hacker’s entries were illustrated with nude photos of the not-so-young woman. It seems that the criminal gained access to the woman’s nude photos by breaking into her social media and email accounts. MP Suski also lost access to his email account.
The whole affair caused a bit of a scandal and much laughter, but there is not much to be laughing at here. It looks like one of the more important politicians of the ruling coalition is unable to adhere to the basic security measures which are meant to protect his privacy online, such as two-step verification. In the case of a person fulfilling a public role, this is not just a mere mistake but a humiliating irresponsibility, especially given that Suski is also a member of the parliament’s commission for special services, and therefore, oversees the actions of institutions responsible for the state’s security.
The issue is, that Suski’s “cyber-gaffe” and that of the lesser known activist, are not isolated cases. In recent weeks and months, several United Right politicians have been losing access to their social media and email accounts.
In summer 2020, after in-depth research, the Cybersecurity Foundation informed that potential hackers will have no problems with taking over the websites and accounts of several Polish MPs and posting disinformation on them. The websites’ poor security also does not protect them from the possibility of intruders adding malware to them.
The report made waves across media (for a day), and politicians wisely nodded their heads and that was it. The hacking of politicians’ accounts and attempts to spread disinformation to the public using the stolen identities of politicians will not end. They will not end until politicians finally realize that the consequences of such account takeovers can be much more dire for themselves and the state’s security than simply a bit of shame due to humiliating photos being exposed.
Incidentally, the politicians of the United Right, the same coalition whose representatives cannot ensure their own cyber-security, are preparing legislation meant to hinder big tech corporations operating social media and the censorship they are conducting.
This concerns the “protection of freedom of speech on the internet” bill. The project has a few interesting solutions, as well as a few worrying ones. The most worrisome is, however, the fact that people who have declared readiness to defend freedom of speech on social media are unable to ensure the security of their own social media accounts.