Before the start of a full-scale war, the Canadian non-profit organization eQualitie deployed a network of dComms servers in Ukraine to help people stay connected during a city blackout. eQualitie also developed the CENO web browser, which bypasses modern censorship methods. It can work under strict censorship.
We asked the company's founder, Dmytro Vitaliev, about the communication tools that can be used even if access to other networks is unavailable and the new service that should help Ukrainians become more aware of digital security.
— Dmytro, share your opinion about the stability of the Ukrainian Internet. Despite the occupiers' expectations and attempts, the all-Ukrainian blackout didn't occur. Why?
— I see several reasons.
First, a lot of effort was directed at strengthening the Ukrainian Internet after the 2014 russian annexation of Crimea and the consequences of the 2016 US elections. Because the events weakened Ukraine, the world gave our country international support in strengthening its governmental and industrial capabilities. The question is whether this support has reached the public. But should society be considered a critical infrastructure? In my opinion, yes, it should!
Second, it is actually complicated to cause an all-Ukrainian internet blackout. Although, in small areas, the russians managed to cut off some villages and towns from the Ukrainian Internet: military operations banally destroyed the possibility of connection. Or, for example, the situation in the Kherson region, where the occupiers redirected the network to russian providers. But such a result is difficult to achieve in the whole country.
Third, the russians couldn't carry out many cyberattacks to the full extent because they had trouble from Ukrainian hackers. It is digital warfare. Ukraine has IT specialists who have joined the work and global support. Therefore, it was difficult for the russians to direct all their forces to cyberattacks because of problems with resources.
In my opinion, the last reason that destroyed the occupiers' plans is the complexity of how the Internet works. They needed to destroy the connection between Ukraine, Romania, and Poland to disconnect it throughout the country. Such an operation is difficult to coordinate. In addition, there is Starlink. If the network stops functioning at the national level, it will join the local network, which works via satellite.
— In your opinion, what risks are Ukrainians currently facing in cyber security?
— The most significant risks befall Ukrainians in the occupied territories where the Internet network already works through russia. It's not only an online danger; the occupying army and police can stop people on the street and check their smartphones and computers. Such raids have dire consequences, especially if people view "forbidden" information. I think the risk also increases for citizens who come into contact with the occupied territories.
Cyber warfare has increased the number of attacks on websites, the presence of malicious software, and phishing attacks.
Users face the same risks as before the war, only now the consequences are much more severe.
— What are the main mistakes Ukrainians make when communicating online, searching for and consuming news, and protecting their data?
— To begin with, I think we don't need to separate Ukrainians from other nations.
The actions are the same. The difference is in the consequences of such mistakes. People don't know or still don't think it's essential to pay attention to the differences between private and encrypted messenger. What is an "encrypted" messenger anyway? Which developers can share information about user correspondence? Which companies can't afford this because of dialog encryption?
Or let's talk about news search. Do people know the actual source that sponsors the media? Or do they understand the source's possible involvement if they read the news on Facebook?
The Internet is full of fakes and misinformation. The most common mistakes of users are disregarding the protection of personal data, simple passwords, and using the same passwords on different services and VPNs.
VPN is everywhere in use, but it's not a cure-all. It is an intermediary through which you redirect traffic. Here the question arises: can it be trusted? What companies does it work with, and how much does it care about protecting your content? People should ask themselves similar questions because VPN will provide access to many networks. The question is, who owns these networks?
— What should be the steps of our users in protecting their data?
— It is precisely one of the directions our organization eQualitie is engaged in. We are trying to raise the awareness of Ukrainians about digital technologies. In 2015, together with the Internews–Ukraine public organization, we opened the Digital Security School DSS 380. Its experts have been conducting seminars, training, and developing information campaigns for seven years.
The next step of cooperation is creating a massive digital security platform—a national online line where every Ukrainian can ask any question and get an answer. It is a kind of "first aid" in cyber security because we understand that now is not the time to train people. People have questions, and we will respond quickly.
The war reminded us that everyone should be helpful today.
— What was the basis of the idea for a "first aid" cyber security project?
— My organization has been teaching people about cyber security for 20 years. Our goal is to increase users' awareness, show them their opportunities and risks, and give them enough tools to build their behavior strategy in the digital world.
We have published books, instructions, training with experts, and guides. All the same, the level of information perception by society is shallow. It is challenging to change behavioral habits, and it is difficult to convince users that neglecting the cyber security rules endangers real life. Because people still think that the worst thing that can happen is losing money from the bank account.
So now we are trying a new strategy. We will become less independent learning, less demanding of the user, and more client-oriented. We will be a kind of "fast food" in the digital world.
— What are the advantages of the hotline? Why should you choose it and not, for example, Google Ukrainians are used to?
— It is a good question! Google is an invaluable service, but the problem is that the user receives different answers from all sources. It isn't clear who can be trusted and who cannot. The hotline will become a kind of link filter. These are answers to direct questions, and there is a lot of related content that you can read.
It is often difficult to even form a question. In such a case, we will have instructions for employees to help determine the problem's core.
People will repeat questions. But I'm sure that it is how we will increase the literacy of Ukrainians in the digital realm.
— Will the hotline help residents of the occupied territories?
— Yes, it is one of our main focuses.
— As a rule, digital security is complex and inconvenient for ordinary users. What do you say about this? Should we simplify digital security and services for it or accustom people to complexities?
— You know, during the information security training, I can confidently say: yes, digital security is tricky. And yes, it should be like that. We must come to terms with the fact that the Internet is an unfree, non-private and dangerous place. You may lose access to your data, work, or finances.
Many believe that digital security is some kind of fundamental change in your everyday actions, so complicated that it is not even worth starting. There are so many people on the Internet; who needs me with my correspondence?
But digital security is simply a set of skills that must be practiced and used every time you go online. These are things like a reliable password, two-factor authentication, and the right choice of services you will use—a kind of digital hygiene.
Little depends on your willingness to change or not.
If not, you become an easy target for scammers and have to rely on your luck.
But if you do change your digital habits and once you figure out what's the point, it turns out that it's not so difficult. That is, you take 5% of all your time and dedicate it to digital hygiene. The other 95% is left to your productivity.
Therefore, the idea that digital security is not easy is very close to me. But you don't need to be a hacker; practical knowledge will make you a responsible Internet citizen.
— Will Ukraine win the information and technology war?
— I think Ukraine has already won.
Before the start of a full-scale war, russia had enormous military potential and digital warfare capabilities. Before the war, it showed grand ambitions, such as infecting operating systems with malware; we have seen these attacks worldwide.
Therefore, the fact that most cyberattacks against Ukraine have failed and critical and military infrastructures continue to function shows that Ukraine skillfully protects its cyberspace.
The websites of critical infrastructures and financial organizations have been down several times due to successful hacker attacks. Moreover, russia's leading TV channels are occasionally hacked and broadcast anti-war messages. All this demonstrates the digital potential of Ukraine and its international supporters and once again proves that russia will not be able to become a leader in this area.
All this will only continue.
So yes, my distant Canadian opinion is that Ukraine has already won a large part of this cyber war, which is being waged with the real war on the front.
This material was created as part of the project "Digital Emergency Support of Civil Society in Ukraine", implemented by the NGO Internews Ukraine, funded by the Global Affairs Canada (GAC), via eQualitie Inc. The content of this publication is the full responsibility of Internews Ukraine and does not necessarily reflect the official position of eQualitie or GAC.
Digest of the most interesting news: just about the main thing