AUFBRUCH - Issue 29 (English)

Two perspectives on cybersecurity: Dr. Alexander Schellong from the Schwarz Group (left) and Sabine Borsay from Google

Safer online Google experts in Munich develop solutions for a safer internet for all

Several thousand attacks a day How the Schwarz Group keeps hackers at bay

“I want to change the world” From security expert to hacktivist.

Safe and the City

Strong defenses against hacking –a must for cities and municipalities

The goal: unparalleled security Federal IT Commissioner Dr. Markus Richter on enhancing security for citizen-related data Hacked!

What you need to know about cybersecurity.

Operation Aurora

In 2009, hackers managed to break their way into Google’s network. Since then, the company has completely changed the way it approaches security.

“We have to talk to each other”

How can companies protect themselves from hacking attempts? An interview with Mandiant’s Sandra Joyce.

Resources for building better security

How Google protects those at particular risk from online attacks

“Two sides of the same coin”

How the cloud helps companies defend themselves against cyberattacks..

Can technology protect democracy? A collaborative, transparent approach to preventing cyberattacks..

Quantum optics, AI software, and more How startups are working on ways to improve internet security.

Hacking pioneer

The first computer worm in internet history.

“We have to talk to each other:” This issue’s cover image features Sandra Joyce from cybersecurity firm Mandiant. Find an interview with Joyce beginning on p.12.

Dear readers,

Cybersecurity has never been as important as it is today.

Against the backdrop of heightened geopolitical tensions, attacks on information systems have become an integral part of attempts to destabilize the world’s economies and democracies.

In recent years, digitalization has gained enormous momentum across both the public and private sectors. If we as a society are to continue to advance digitalization, it is our shared responsibility to protect each and every individual online.

Google has a long history of driving innovation in the area of cybersecurity. Our systems prevent cyberattacks every day. And we maintain the security of the billions of people worldwide who use our products. We do this with products that are secure by default, private by design and put users in control. We work with key partners around the world, relying heavily on secure, open-source software and interoperability. Across the globe, my colleagues – including those headquartered here at the Google Safety Engineering Center in Munich, Germany – are developing products that provide even better protection for people, companies, and organizations on the internet.

Cybersecurity is a team effort. It requires close cooperation among policymakers, researchers, and businesses across national borders. In this issue of Aufbruch magazine, we share some real-life examples and best practices that spur innovation and benefit us all.

Hacked!

Cybersecurity

Today, individuals, companies, and government administrations are exposed to more online attacks and data theft than ever before. That’s why cybersecurity plays such an important role in all areas of society – and each and every one of us can improve the overall safety of the internet by making smart, secure choices online.

Cybersecurity or IT security refers to all measures intended to ward off attacks by malicious actors on computers, mobile devices, servers, electronic devices, networks, and data.

Social engineering

Ransomware attack

50,000,000

US dollars: That’s how much hackers demanded from Acer in 2021 following a ransomware attack

A data leak or data breach occurs when unauthorized persons gain access to a company network or a collection of data.

Privacy incident

According to a Bitkom study, around 48 percent of German companies have experienced social engineering attempts in the past two years. This is when, over email or the phone, hackers attempt to trick company employees into disclosing sensitive data or bypassing internal security measures, thus granting attackers access to the company network.

Malware

According to a study by IT service provider SOTI, 91 percent of healthcare facilities in Germany have been affected by a privacy incident since 2020.

Malware is short for “malicious software” and describes any software used by hackers to circumvent the security measures of computers, mobile devices, and network systems. Malware can delete, encrypt, manipulate, or collect data, and assume control of system functions. The hacked computer can attack other computers as part of a group of infected devices known as a “botnet.”

Cybercrime

146,363

cases of cybercrime were reported by Germany’s Federal Criminal Police Office in 2021 – and the trend is on the rise.

Ransomware

Passwords

“123456” is one of the most popular passwords – but also one of the least secure. Weak passwords are the main entry point for hackers looking to commit cybercrime. A password manager helps users create more secure passwords.

Phishing

A special type of malware, ransomware poses the greatest threat to companies and individuals on the internet. It can encrypt a computer’s data and make it defunct, potentially bringing entire production lines to a standstill. Hackers then usually demand a ransom to decrypt the data and get systems running again.

Doxing

Doxing refers to the gathering and publication of personal data like addresses, phone numbers, or bank details, with the aim of intimidating the victims. Perpetrators now face up to three years in prison due to a German law that went into effect in 2021.

According to a report by the World Economic Forum, 95 percent of cybersecurity incidents are caused by human error. Carelessly opening phishing links, for example, allows malware to spread quickly. Hackers can also obtain access data by posing as company employees and asking for login credentials.

or: How safe is the internet?

Operation

Operation

The attackers may be invisible, but the damage they cause is immense. Cybercriminals are developing increasingly sophisticated ways of obtaining sensitive data, often with the backing of state actors. An attack on Google in 2009 exposed just how vulnerable networks are – and led to changes that have made internet users safer than ever before.

Heather Adkins remembers Monday, December 14, 2009 all too well. At around 4 p.m., the security expert returned to her desk from a meeting at Google’s headquarters in Mountain View, California. She found a group of employees gathered around a computer. They told her they had discovered some “very interesting” activity: a euphemism for what was, in fact, a serious breach. Hackers had gained access to a server in a Google data center – one of thousands of devices in the company network.

Adkins suspected that this was not the full extent of the problem. “This was not a normal event,” said the Vice President of Security Engineering, who is now Google’s Global Director of Information Security and Privacy. By the following day, several more machines had been compromised. “The speed and ability of the attackers to learn on the fly and change their tactics was extraordinary,” Adkins recalls.

This attack would go down in cybersecurity history as “Operation Aurora” – and prompted Google to carry out an extensive overhaul and expansion of its own approach to cybersecurity. Ultimately, the most important thing that the team learned was: If you want to fight online threats effectively, you have to see the internet through the eyes of a hacker.

A seemingly harmless link

1.5

million cyberattacks occurred in Germany in 2021 – an estimate that includes unreported cases. This amounts to approximately 4,000 attacks per day.

In this particular attack, the hackers’ approach was both simple and effective: They’d sent a harmless-looking email to a Google employee containing an equally harmless-looking link. The employee clicked on the link – as people do around five billion times a day worldwide. But this time, it didn’t open a file with financial data, test results, or a cat video – instead, malicious software was downloaded onto the Google employee’s computer, which could then be used as single entry point to establish a foothold in Google’s network.

“We didn’t have playbooks for how to deal with all this,” recalls Eric Grosse, who was the head of Google’s Privacy and Security Team at the time. “We dropped everything and focused on the situation at hand.” Initially, the team tasked with investigating the attack occupied just one conference room. This quickly expanded to three, then four conference rooms – and suddenly a whole building. Specialized engineers from all over the world dialed into conference calls, while others flew out to Mountain View.

Heather Adkins handed them lists of compromised machines and said: “Go get them!” And so, in the middle of the night, the team set off across campus to collect the hard drives of affected computers for analysis. However, they soon decided that removing every hard drive would take too long, and began to simply grab entire computers, leaving notes on the employees’ desks.

Meanwhile, Adkins got on the phone to consult with other industry professionals. One of them was Dmitri Alperovitch, who at the time worked for security software manufacturer McAfee. What began as a professional courtesy turned into a partnership, as Alperovitch and his team were willing to roll up their sleeves to help the Google team with their investigation. It was Alperovitch who discovered a word in the malware’s code that gave the operation its name: Aurora. This was the name of the Russian battleship that fired the first shot in Saint Petersburg in 1917, thus setting the October Revolution into motion.

Always one step ahead

Operation Aurora was a foundational moment with far-reaching consequences for Google and the internet as a whole. “We had to change everything about the industry’s approach to cybersecurity to deal with this new threat,” Alperovitch recalls.

First, however, they had to isolate the attackers and cut them off from the network. This happened almost ten days after the attack, shortly before Christmas, and culminated in removing access for every Google employee from the company network in less than an hour – the biggest intervention into Google’s IT infrastructure since the company’s founding. This radical approach was necessary to make absolutely sure that any hooks the attacker had at Google were completely eradicated. Soon after, it was clear that the operation had been a success, and the attackers had

been removed from the network. Now, work could begin on restoring systems and employee access.

But the most important question remained unanswered: Who was behind the attack?

Just a few weeks later, on January 12, 2010, Google announced publicly that it had been hacked – and discovered that at least 20 other companies had been compromised as well. All of the evidence pointed to China. In Google’s case, the hackers wanted to gain access to the Gmail accounts of activists around the world who were advocating for human rights in China.

An internal review determined that they had been unsuccessful.

Following Operation Aurora, seismic shifts occurred in how Google handled security: Technologies, network architectures, industry standards –everything was called into question. But the most important change was the establishment of specialty teams who, from then on, were tasked with addressing the threats posed by hackers. One of the new units founded at the time was the Threat Analysis Group, or TAG for short. “The primary job of threat analysis is to understand the attackers, so we can counter them and protect our users,” explains Shane Huntley, who leads the expert group.

Today, TAG tracks over 270 different threat actors around the globe involved in government-backed threats, financially motivated attacks, or the spreading of disinformation on the internet. They’re able to hunt down threats and track malicious actors and their techniques back to their source based on the malware used.

To do this, experts leverage similar technology to that which is used by Google Search. They enter snippets of the malicious code, and the software then identifies its source. This is how they discovered, for example, that the North Korean government was behind the WannaCry ransomware attack in 2017, which paralyzed more than 200,000 computers in companies, universities, and even Britain’s National Health Service in a single day. Once a computer became infected, the malware encrypted certain user files, and the hackers demanded a ransom in Bitcoin from the owners – otherwise the data would be deleted. The damage is estimated to have cost several hundred million to several billion US dollars. At the time, Europol described the attack as “unprecedented” in scale.

The lessons learned from cyberattacks like these help Google make its products even more secure –which in turn benefits, for example, the more than one billion Gmail users worldwide. Thanks to the work of teams like TAG, Google now blocks 99.9 percent of all phishing attempts sent by malicious actors to trick users into downloading malware or revealing sensitive information.

A digital fire brigade

But attackers are becoming increasingly clever –and their methods increasingly bold. In 2021, hackers tried to gain direct access to Google’s security experts by disguising themselves as colleagues. They created fake social media profiles, websites, blogs – everything they could think of to create trust. “That’s how they wanted to get access to our system,” explains Heather Adkins.

As it turned out, one of the fake profiles had even successfully established contact with a Google employee. Experts conducted an immediate and thorough examination of the employee’s computer, in an attempt to find out who the malicious code was communicating with, which domain names and IP addresses it was using, and how the malware was spreading once it was on the computer. Once again, the attack was traced back to North Korea.

But was this the only computer affected? To find out, Google’s detection and response team – think of them as digital firefighters – stepped in. With the help of specialized software, these experts are able to quickly analyze enormous amounts of data and determine whether certain patterns on a compromised computer or server are present in other devices. If so, they’ll take a closer look at the devices in question. In this attack, as with Operation Aurora, the hackers were successfully isolated and cut off from the system. Only two computers were compromised, and no damage was caused. Mission accomplished!

In-house hackers

Google doesn’t just respond to external attacks; the company also employs its own hackers – the Offensive Security Team, or Red Team – who spend their days trying to break into Google’s own

Hacking Google

A six-part YouTube series telling the story of Operation Aurora –one of the largest ever cyberattacks on Google to date.

g.co/safety/ HACKINGGOOGLE

systems.. “The Red Team are my favorite enemies,” says Heather Adkins. “They bring a completely new way of looking at the system.” When Google Glass was being developed about ten years ago, the in-house hackers tried to gain access to our design documents and other confidential information. Their trick was to send employees who had just celebrated a work anniversary at Google a supposed company gift – a small plasma globe powered by USB. As soon as the globe was connected to the computer, software was automatically installed – almost imperceptibly – that allowed the Red Team to send emails on behalf of the employee. Armed with their new identities, the hackers inched their way closer and closer to the target – until finally they gained access to the documents they were looking for. The breach was only discovered when a member of the Red Team tried to pick up a pair of glasses on behalf of an authorized person.

This exercise taught Google’s security experts that, even in a tech company with above-average security, it’s possible to penetrate systems and gain access to confidential information. Following the event, the USB interface – which is built into hundreds of thousands of employee devices – was secured against the intrusion of malware. A program now exists, for example, that automatically aborts suspicious data transfers, and the ability to save data on USB sticks is switched off by default.

Rewards for finding bugs

Prevention is key. That’s why Google’s experts also enlist the services of Google’s own users. “We have a team of people who look for bugs – but inevitably, there’s going to be something that we didn’t know about,” says Eduardo Vela Nava, Security Engineering Lead for Google’s Bug Hunters program. The program rewards those who report bugs, thereby drawing attention to potential vulnerabilities in Google products. The number of reports increases every year –especially because the company is awarding ever higher payouts for “bug reports.” It’s an incentive for amateur hackers to research, report, and help eliminate vulnerabilities – ultimately making the internet safer for people all around the world.

Still, Google does more than just keep a close eye on its own systems and products; it also focuses on the internet as a whole.

Google specialists are particularly interested in hunting down zero-day vulnerabilities – weak spots that are unknown to companies, thus giving them zero

days to secure a vulnerability in the event of an attack. “The weakest point for Google might be a non-Google product,” explains Tim Willis of Google’s Project Zero team. In Operation Aurora, for example, the exploited vulnerability was a bug in Microsoft’s Internet Explorer browser. The attackers used this as their entry point to place the malware that granted them access to the system.

To date, the Project Zero team, which was founded in 2014, has uncovered more than 1,800 such vulnerabilities. The security engineers check operating systems, browsers, open source software, and more for possible points of attack – with the goal of eliminating them and making the network safer for all users.

The faster the better

Internet users employ a variety of different interconnected devices and programs, which means that a weakness in one part of the system threatens all parts of the system.

As such, the team puts devices and programs from manufacturers across the board to the test. In one such example, Google hackers were able to successfully trick five different video call programs into transmitting video and sound without users’ knowledge. Google informed the manufacturers – and the security gaps were quickly closed.

The unfortunate reality is that this specialized security team is finding similar vulnerabilities to those identified by criminal and state-sponsored attackers. That’s why it is critical to fix these issues quickly once they are discovered. Yet not all companies do so. Initially, Willis says, it was fairly common for some companies to take more than six months to fix a reported bug – while others never fixed them at all. Today, Google gives affected companies 90 days to correct the issue, otherwise it makes the vulnerabilities public – a strong motivator for companies to fix the related security bugs in a timely manner.

Ensuring that customer data is secure, services are constantly available, and users are protected from attacks is vital for a company’s survival. Intensive training, constant questioning, and fast action are making it increasingly difficult for hackers to reach their targets. Many threats have been eliminated in recent years –but this should not lull us into a false sense of security. When Heather Adkins thinks back to Operation Aurora, she does so with a mixture of pride and humility: “We stopped them once,” she says. “But that doesn’t mean they won’t try again.”

The most common threats

To society

- Identity theft

- Sextortion

- Fake online shops

To the economy

- Ransomware

- IT supply chain attacks

- Vulnerabilities

- Open or incorrectly configured online servers

To government & administration

- Ransomware

- Attacks on critical IT infrastructure

- Vulnerabilities

- Open or incorrectly configured online servers

The scale and frequency of cybercrime have risen dramatically, says Mandiant’s Sandra Joyce.

“We have to talk

Sandra, you’ve been working in the field of cybersecurity for many years. How have cyberattacks changed in the last few years – and what might we have to face in the future?

I remember giving a lecture five years ago in France. When I said that some hackers demanded ransom at an amount of 300,000 euros, everybody in the audience was shocked. Today, ransom demands in the tens of millions of US dollars are quite normal. That is just one of many examples that illustrates: The scale and frequency of cybercrime have risen dramatically in the last few years.

How did, on the other hand, skills in cybersecurity develop?

They have been improving a lot recently – on a broad level. Along with the democratization of information, we now see the democratization of cybersecurity. Even smaller states have the capacity to make a difference in cybersecurity and, also, public cloud technology really democratizes security.

Mandiant helps businesses around the world to protect themselves from cyberattacks. What is your most important advice to companies?

Ransomware is currently the most urgent problem. It is something to be prepared for: As a business, you should be conducting exercises with your decision-makers and rehearsing what you are going to

do in the event of a ransomware attack. Otherwise, a real attack can catch you unprepared. Businesses should also check how well they have segmented their networks. The “crown jewels”…

…the sensitive data and information… …should be separated from the day-to-day working networks. And finally, as a business, you should be able to identify a breach when it happens – if you do not yet have this skill in your organization, work on getting it. Because most threat actors take some time to become active after they have entered a network, depending on their aims. If they want to deploy ransomware, they act as fast as possible, but that can still take several hours to several days. If the threat actors’ focus is on getting information and doing espionage – like many hackers from governments do – they stay in the network for years, just watching and collecting data.

What exactly is Mandiant doing to help businesses prepare against cyberattacks?

We work in two big fields: incident response and threat intelligence. If somebody is breached, they can call Mandiant for incident response. Then we help to find the threat actor in the network, mitigating the situation, providing advice on how to rebuild the network and resolve the situation. Our other core competence is

It is a huge challenge to hold hackers accountable. Nevertheless, companies can improve their own protection, says Sandra Joyce, Vice President of Mandiant Intelligence, a cybersecurity firm that is now a subsidiary of Google

more proactive: We do intelligence work and look for suspicious threat actors’ activity on the internet. We also monitor the deep and dark web, where hackers exchange information. For example, when hackers offer data they captured, we warn the companies that they were breached – sometimes even before the company realizes it has a problem.

How do you get access to these forums on the dark net?

We have covert identities and read along when the hackers chat and meet.

In 2022, Google Cloud acquired Mandiant. What does Mandiant bring to Google and to Google Cloud customers?

We are still very new to Google, but what we are already doing is that we are using intelligence to inform individuals about threats, to strengthen Google’s own defense, and to augment the Google Cloud Security products for Google Cloud customers. With our knowledge, we can make a difference, because we have insights about threats from all around the world, also outside of the Google environment.

About Sandra Joyce is Vice President of Mandiant Intelligence at Google Cloud. The cybersecurity firm was acquired by Google in 2022.

How far does the current political climate change cybersecurity?

Russia’s invasion of Ukraine, for example, initially put cyber defenders in a state of increased alertness. There is a risk of Russian cyber aggression

to each other”

beyond the Ukrainian battlefield. For example, an attack on several US airport internet sites from a hacktivist group took place, which was linked to the Russian government. But the impact there and in other cases was minimal – up to now. Hackers also try to deploy false information. Russian hacker activists focus on trying to drive a wedge between Ukraine and its allies.

What about the “big four” in the cyber domain: Russia, Iran, China, and North Korea? What can we expect from them in the future?

All four are relevant and currently very active. Russia is pretty self-explanatory these days with its actions in Ukraine. North Korea continues to exploit cryptocurrency exchanges and infrastructure for cryptomining in order to fund its government’s activities. Iran is agile in general. We monitor its constant activity and found Iran nexus actors targeting countries

like Albania. And we see China doing a lot of espionage and intellectual property theft again.

How would you rate the current cybersecurity situation in Germany?

Like many countries, Germany is currently experiencing a soaring number of ransomware attacks. On the sites where stolen data is dumped, we regularly count the victims per country. In Germany, the number of victims has doubled since 2020. The countries that are having great success in cybersecurity have very strong relationships with the private sector – domestic and international. Cybersecurity is a team sport; you cannot face it alone. Germany is on the right path.

In many cases, hackers aren’t held accountable for their actions. Do you see a way to change that?

Many cybercriminals are sitting in places where they are out of reach

for Europol or US agencies. If they’re somewhere in Russia, for example, they can continue hacking without facing punishment. So cybercrime will remain low risk for criminals – which is alluring. And that is another reason why cybercrime is unfortunately here to stay until relationships between governments improve and diplomatic solutions can be reached.

And how should one face this challenge?

Threat actors are most successful when victims don’t talk to each other. We have to exchange threat information more openly about security breaches and menaces. And: The internet was designed with no regard to security, in its early days. But whenever something new is integrated in the internet in the future, security thoughts and concepts should be integrated from the beginning.

Approaches towards building better security

Certain internet users – such as those working in business, politics, or the media – find themselves at greater risk online. Google offers a variety of training resources to help these organizations and individuals effectively protect themselves against cyberattacks.

It happens every day in companies across Germany: A malicious actor gains access to an employee’s computer and installs malware that captures passwords by recording keystrokes, or steals security keys required for authentication. Once the hacker has gained a foothold in a company’s IT systems, important data is often blocked or stolen – sometimes bringing all business operations to a standstill. This nightmare scenario is one of the situations explored in the cybersecurity courses offered by the Google Zukunftswerkstatt.

“For companies without a large IT department, staying safe online is a massive challenge,” says Verena Gauthier, who leads the Google Zukunftswerkstatt in Germany alongside her colleague Lena Rohou. Since 2014, the Google program has been supporting individuals in developing their digital skills and helping companies to maintain a competitive advantage. In 2022, Google commissioned market research firm Kantar to conduct a survey of 250 small and medium-sized enterprises (SME) in Germany, and the results showed the

extent of the challenges that cybersecurity presents. According to the survey, four out of ten companies had been the victim of a cyberattack in the previous two years, and only twelve percent of those surveyed said they were “very well prepared” for such an attack.

Establishing a culture of security

To address this issue, Google recently started offering special courses on cybersecurity and data protection. These courses use real-life examples to teach SME owners and entrepreneurs essential skills, including how to safely store company data in the cloud and how to create an

Individuals can improve their digital skills in courses offered by the Google Zukunftswerkstatt.

overall security culture that defends against digital attacks.

The courses are free of charge and no prior knowledge is required. An overview of the available online courses can be found at zukunftswerkstatt.de

The SME workshops are part of a series of Google programs that aim to train different groups of people on how to better protect themselves online.

Another important contribution is Google’s Advanced Protection Program, which is also available free of charge. Offering Google’s strongest account security, it defends users with high visibility and sensitive information against targeted online attacks. The program’s main feature is to prevent unauthorized account access with the help of a physical security key required at login. Additional security checks provide extra protection against harmful downloads. If a user attempts to download something potentially malicious, they are either notified of the risk or the download is blocked. In addition, access to a user’s Google Account data is limited only to Google apps and verified third-party apps.

Safer online

Managing passwords securely

“Google Password Manager helps users create and manage unique passwords with improved security, simplifying the process of logging into their online accounts. It ensures that passwords are available across all devices and that the login process is easy and secure. It also reliably protects against phishing attacks by disabling the autofill function on websites that imitate other sites to steal passwords. If security leaks on third-party websites lead to a user’s login details being compromised or published, Google informs them so they can change their password. Google Password Manager now also provides users with optional passkeys – encrypted digital credentials that do not have to be remembered and cannot be stolen. Passkeys are stored on-device and require users to unlock the screen – with a fingerprint, for example – to log in. Passkeys can be managed in Google Password Manager, just like standard passwords.”

Making digital safety easy to understand

“Parents want their children to have the skills to stay safe when using digital media. That’s why safety for children and families is a central topic for us at Google. At the Google Safety Engineering Center in Munich, a global privacy and security engineering hub, we engage with children and teens to help make our digital privacy and security settings even easier to understand and use. For example, we developed a privacy guide for 13- to 17-year-olds who want to know how Google handles their data. We’ve established guidelines specifically for protecting younger users, and we provide easy-to-understand informational materials. Recently, we launched a dedicated Google Safety Center website for families, which offers tips on media use and helps parents set digital ground rules.”

The biggest security vulnerabilities – through which malware and hackers can enter a system – are often a result of user error

At GSEC Munich, hundreds of experts are working on products, services, and open-source software to make the internet a safer place

Enabling quick access to data

“We’ve conducted surveys and studies to find out what users expect from their Google Account and discovered that this includes quick access to their passwords, profile picture, and other personal data. They also want to be able to see if something is wrong with their account. The good news is that we already meet these needs: Users can access their Google Account from practically any Google product by clicking on their profile picture in the top righthand corner. If we discover that passwords stored in a Google Account have been compromised or published online, we warn the user and provide concrete instructions on how to change the compromised passwords to secure their accounts. We’re constantly testing new concepts to see if they work the way we want them to. If we identify any problems with the user experience at an early stage, we collaborate with users on developing a better solution – or take the idea in a completely different direction.”

Browsing safely with Chrome

“We ensure privacy and security are embedded into every facet of Google’s Chrome browser. The settings offer a variety of options that can be configured to meet every user’s individual privacy needs; we also provide a guide that explains things like cookie settings, history sync settings, and Safe Browsing. Google’s Safe Browsing feature helps users by displaying warnings when they are about to visit a dangerous website or download a potentially malicious file. The Chrome Safety Check, meanwhile, allows users to easily check important security questions, such as: ‘Are any of my passwords compromised?’ or ‘Do any of my browser extensions potentially contain malware?’ Users can find the Safety Check in Chrome’s privacy and security settings.”

Several thousand attacks a day

Cyberattacks are increasing, and German retailers need to defend themselves. The Schwarz Group, which owns companies including supermarket chains Lidl and Kaufland, has stepped up its cybersecurity by acquiring Israeli firm XM Cyber. This new intercompany enterprise is led by Alexander Schellong

“Our networks are bombarded with several thousands of hacking attempts a day. After our baby food donation campaign for Ukraine, that number briefly rose to six figures. The spectrum of these attacks is broad, and – of those which we could track down –many originated in Russia, Belarus, China, Iran, and North Korea. Sometimes hackers try to take down our websites and systems by submitting a vast number of requests. And of course there are the more complex attacks that attempt to penetrate our systems by combining techniques and exploiting weaknesses. We fend off these attacks with a range of IT security solutions. Thankfully, no one has managed to break down our defenses.

A 24-hour interconnected operation

Cybersecurity represents a major challenge for us. We operate in 32 different countries using a vast network, which makes us a major target for attacks. Lidl and Kaufland alone – with their 13,500 brick-and-mortar stores, the Lidl online shop, and the Kaufland marketplace – rely on thousands of different suppliers and partners. And all of these are connected via automated systems and the cloud. When our stores close, our warehouses keep on working. We run a 24-hour interconnected operation that serves all of Europe and the United States.

Our 550,000 employees are another factor: In spite of spam filters, training sessions, and instructions not to open unfamiliar links, there is always the risk of someone accidentally opening an attachment in one of the million-plus phishing mails we receive each day.

The large team at the Cyber Defense Center in our Neckarsulm headquarters works around the clock. As part of our global IT force, which has around 4,000 members in total, they play a decisive role in securing our IT systems. In Neckarsulm, we have our own forensics lab, where we scrutinize questionable IT components, for example. It’s not just about warding off acute threats; we also want to learn how we can improve our security in the future.

In addition to enhancing our technological solutions, we place a great deal of importance on exchanging information about current threats with other companies and security authorities. That’s why we consult

with commercial enterprises and suppliers from around the world.

At present, German companies and authorities are struggling with a shortage of up-and-coming IT security specialists. We’re addressing this problem by mentoring new cybersecurity personnel through education programs at the Bildungscampus in Heilbronn.

In spite of our best efforts, we know that hackers will always be one step ahead. So it’s crucial not to make things too easy for them if they ever do manage to penetrate our infrastructure. In late 2021, we acquired Israeli security firm XM Cyber to further strengthen our defenses. That has brought us a new perspective on cybersecurity – for instance, an awareness that however high we build our walls, we must assume that the hackers have long since broken through them. With their internationally recognized expertise, XM Cyber continually simulates all kinds of cyberattacks, running through drills of various tactics hackers might employ to get at our ‘crown jewels’ –without actually endangering our critical IT systems, of course.

Companies have varying levels of protection

‘Crown jewels’ refers to sensitive data or systems that absolutely must not fall into the hands of hackers. Naturally, this includes customer data, but it’s also essential that our logistics operations are never brought to a standstill – a real risk given that almost all our trucks and shipments are interconnected. XM Cyber’s expert knowledge helps us make our systems resilient enough to keep the most sensitive data well out of reach. In fact, in more than two million of its customers’ systems, XM Cyber found that it was possible to accomplish this in just four steps or less.

To date, we’ve consistently been able to prevent data from being stolen and our systems from being taken hostage. It seems to me that German companies have varying levels of protection. Those with inadequate defenses are vulnerable to ransomware attacks, which can shut down operations for weeks. I’d advise everyone to get informed about cybersecurity as soon as possible. Many mishaps can be avoided if managers and staff stay alert and take appropriate action quickly.”

percent of German companies fell victim to at least one cyberattack in 2021, according to the internet safety initiative “Deutschland sicher im Netz.” These are targeted attacks on IT systems or infrastructures with the deliberate goal of damaging or disrupting them.

“I want to change the world”

By day, cybersecurity expert Ornella Al-Lami protects a large company from cyberattacks. In her free time, she’s N3LL4: a “hacktivist” on a mission to defend vulnerable internet users against digital violence, cyberbullying, and worse

Here’s how that story would go: The young computer programmer had her first after-school job as a software developer at just 13, yet went on to train as an application development specialist – because formal qualifications matter. She became a cybersecurity expert, working in vulnerability management at a large company with more than 15,000 employees. And now, she and her colleagues devise clever ways to protect the company’s IT infrastructure from unauthorized access – unannounced penetration tests and real-life hacking attacks are all in a day’s work. And this story of the schoolgirl-turned-cybersecurity-pro would no doubt touch on topics like young women in IT and the shortage of skilled professionals.

But that is only one side of Ornella Al-Lami’s story – her Twitter profile provides a clue about the rest. Moonlighting under the alias “N3LL4,” she keeps more

than 70,000 followers up to date on her work as a hacktivist. She’s a resource for those who’ve been the victim of online hate speech, cyberbullying, or worse. She trawls the darkest recesses of the web, digging out evidence and tracking down perpetrators until she has enough material to report them to the police. The cases that she shares in her Tweets are a tough read, triggering shock, fury, and speechlessness. These are tales from the murkiest abysses of our digital society, but sadly, they are all too commonplace. According to victim support organization Weisser Ring, half of all internet users have been a victim of cybercrime. Alongside fraud, the most common offenses are sexual harassment and cyberbullying.

“Being scared isn’t in my nature”

In addition to taking care of her family and her fulltime job in vulnerability management, Al-Lami spends around 25 hours each week tackling her cases. Her employer is aware of her mission and fully supports it. But Al-Lami does not earn money for her services –quite the contrary. The donations she receives barely cover the cost of the necessary technology and her other expenses. She often has to make up the difference out of pocket. But when asked why she does it, the 24-year-old Al-Lami cites: “When my son was born, I felt strongly that I wanted to change the world for the better. I wanted to help people, to do something about cybergrooming, about online sexual harassment and violence, and to protect my own child from such dangers. Not enough is being done about these problems.” A handful of helpers support her by taking care of communications and sifting through the 20 to 30 requests submitted to the website each day. But Al-Lami herself is responsible for conducting opensource research across social networks, exploring the dark net for source codes, and pursuing other measures to root out perpetrators and stop them in their tracks.

She’s been able to track down a young man who beat his own mother and tortured animals live on camera, while being cheered on by a community of followers. She’s gathered enough material to secure a search warrant for the home of a journalist who’d been distributing child sexual abuse materials online. And she’s hunted down the operators of an extreme right-wing

This could have been a perfectly standard story about a gifted schoolgirl who learned to code at an early age and was already interning at an IT company when she was in sixth grade.

online store that sold items violating Germany’s constitutional laws.

Criminal investigations and prosecutions are, of course, normally the responsibility of the state – even when the crimes take place online. But, according to Al-Lami, when police and district attorneys are pushed to their limits, when they have inadequate resources or have to wait too long for plans to be officially approved, it falls to private individuals to take action. And federal and state criminal investigators – at least in part –seem to agree. They often ask her for help with their investigations. After all, they have a common goal: to catch criminals and prevent serious cybercrime. Unsurprisingly, Al-Lami’s activities put her at risk, and she has long been target for some very dangerous groups. But, she says, “I’m not scared.” Still, she refuses to regard her fearlessness as bravery; being scared just isn’t in her nature, she claims, adding that that’s anything but a positive characteristic. She simply can’t help herself: She can’t look away, forget the victims, or let the criminals get away with it. Her past experiences have shaped her that way.

“How did he access to my webcam?”

As a girl, Al-Lami was stalked by an older man who frequently harassed her and sent her lewd messages. For a long time, nobody did anything about it, and for the first time in her life, she felt helpless and vulnerable. Later, when Al-Lami started using the internet, history seemed to repeat itself when an older man hacked her webcam and tried to persuade her to undress for him, knowing she was still a minor. This traumatic experience was the trigger that inspired her hacktivism. “I wanted to understand how this man had accessed my webcam. So I read up on the topic and started experimenting,” Al-Lami recounts. As her first foray into hacking, she used her newfound knowledge to access her mother’s email account and excuse herself from school. Then she taught herself programming languages like Java, C, Python, HTML, and CSS with the help of online forums. Her fight against pedocriminality and cybergrooming didn’t begin until later – initially, without the use of her hacking skills. She used her Instagram page as a platform to explain the dangers of sharing pictures of children – in swimsuits, on the

changing table, at bedtime – on social media. Such images can quickly end up on online platforms and file-sharing sites used by pedophiles. Al-Lami’s posts attracted plenty of attention; at times her profile had over 100,000 followers, many of them parents and teachers. And yet her account was blocked on several occasions. Apparently the dark realism of her posts didn’t fit the shiny, happy world of Instagram. So N3LL4 switched to Twitter, and the nature of her work changed. She began receiving requests from desperate parents whose children were suffering online abuse. In many cases, the authorities had provided little help. That’s when the hacktivist stepped in..

“I’ve often thought about giving up”

Often all it takes is a straightforward search of social media, chats, forums, or website source code. It turns out many perpetrators aren’t that careful with their data. The evidence goes straight to the relevant authorities; in an ideal scenario, the police and DA’s office handle the rest. Whenever Al-Lami’s work leads to a conviction and improved protection for victims, she knows her efforts have paid off and feels motivated to keep going – no matter how deep the abyss she stares into or the impact on her own psyche.

And a lot of people need help; the number of requests she receives increases daily. Children and teens are particularly at risk. A recent survey in Austria revealed that 27 percent of minors have been sexually harassed online at least once. And a Bitkom survey found that around 15 percent of German teenagers have been victims of cyberbullying – although experts believe the number of unreported cases is much higher. To help all these people, Al-Lami would have to work full time as a hacktivist – or switch to a career in law enforcement. But she can’t imagine doing either of those things. That would leave her with no way out should the stories and images eventually become too much to bear. “I want to have the option of stopping from one day to the next if need be, of stepping back from it all,” she says. At the moment, she doesn’t want to do that – there are simply too many people who need her help.

Cybercrime ...

....is a global threat. Cybercriminals can manipulate online systems and digital devices for nefarious purposes from almost anywhere in the world. That makes it difficult to track them down.

percent of teenagers in Germany have been victims of cyberbullying, according to digital industry association Bitkom. Experts believe the number of unreported cases is much higher.

Safe and the City

These days, hackers aren’t just going after companies – more and more cybercriminals are also targeting governments and critical infrastructure. In Germany, local and municipalitylevel authorities are devising ways to combat online attacks

Floods, blizzards, forest fires: These kinds of events – which pose “an immediate risk to lives, infrastructure and property, often involving major damages” – can prompt Germany’s local and state-level authorities “to declare a state of emergency.” But when the German municipality of Anhalt-Bitterfeld did so in the summer of 2021, the threat came from the web.

It was the first time in German history that a state of emergency had been formally declared following a cyberattack. Hackers had gained access to the local government’s IT network using a type of malware called ransomware and encrypted their data. Authorities were virtually paralyzed, and suddenly unable to pay out welfare benefits, register cars, or issue IDs. And the hackers demanded money in exchange for a program that would restore the data and make it usable again.

The greatest threat: ransomware

According to the German Federal Office for Information Security (BSI), ransomware attacks currently pose the greatest threat to cybersecurity. And the number of attacks on firewalls and routers belonging to both businesses and government has risen significantly since the war in Ukraine.

“We experience frequent attacks,” says Laura Dornheim, head of IT and Chief Digital Officer (CDO) for the City of Munich. She is aware of the risks, but believes Munich is poised to handle them: “We’ve held our ground so far, but as the events in Anhalt-Bitterfeld make clear, our work is not just a matter of theoretical precautions.” Dornheim compares the scenario to a game of cat and mouse that requires “constant monitoring of what’s happening and lightning-fast responses.”

Haya Shulman, a professor of computer science at the Goethe University Frankfurt and department head at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), is responsible for coordi-

nating “Analytics-based Cybersecurity” at the National Research Center for Applied Cybersecurity ATHENE. She cites three main approaches hackers use to break into organizations. The first is via compromised passwords: “Obtaining login data is the easiest way to infiltrate an organization, a method of attack that almost all companies fall victim to at some point.” The second is via technical vulnerabilities within systems: “This involves attackers using automated tools to find weak spots.” And, last but not least, is via so-called “malicious insiders” – i.e., employees who aid and abet hackers: “There are organizations that both recruit moles at a targeted company or have spies and informants apply for jobs there.”

What happens next depends on what the hackers want. Very often, as was the case with the AnhaltBitterfeld incident, the next move is blackmail. But hackers often have their sights set on cyber espionage or sabotage. To make matters worse, COVID-19 only made things easier for hackers, as the increase in digitalization in government agencies during the lockdowns widened their field of vulnerability.

Support for local authorities from the BSI

Munich’s IT department is responsible for nearly 50,000 devices. “When the pandemic started, we handed out a lot of mobile devices to enable staff to work from home,” explains Laura Dornheim. “Over 90 percent of our city government employees now have work laptops – and keeping them all up to date is a big challenge. The software installed on these devices often differs,” she says, “and it’s only natural that these create potential new points of vulnerability.” Sometimes, Dornheim and her team will identify a vulnerability on a Friday evening and spend the weekend making sure that all 40,000 city employees are informed and can apply a security update by Monday morning.

With more than 1,400 employees, the Munich IT department is sizable – as are its resources. This allows the city to operate two separate data centers that can step in for each other in an emergency. Smaller government offices can’t afford such solutions.

Still, they’re not without help: Germany’s Federal Office for Information Security (BSI) supports local governments implement measures that have been proven

to increase the level of information security. The BSI recommends, for example, that all municipal IT security officers join the Alliance for Cyber Security and the IT-SiBe Forum to share expertise and experience. In addition, the BSI has developed security concept frameworks called “IT-Grundschutz profiles” that outline sample scenarios and their solutions for others to use as templates. After the attack on Anhalt-Bitterfeld, the BSI began hosting information sessions in various German states to draw attention to the resources available, like the security concept frameworks.

Haya Shulman believes it would be more effective to turn to external IT security service providers. In a 2020 study, Fraunhofer SIT compared the online security of political parties in Germany and Israel, and found that Israel has been doing this significantly better. “Having your own infrastructure leaves you far more vulnerable to attack,” she explains. “In Israel, it’s common to outsource IT security to external service providers – which isn’t just efficient, but also cheaper.” She also recommends that companies and government agencies conduct periodic scans for weak passwords and system vulnerabilities – in other words, that they themselves adopt the role of the hacker. There are external providers that offer this service, too.

Hackers usually access their target system through careless errors made by employees – like choosing weak passwords, leaving computers in sleep mode for days, or carelessly handing out login data. Even in Anhalt-Bitterfeld, it was very likely a phishing email that first opened the gates to the system, resulting in a disaster that lasted almost seven months once the head of the district decided against paying the ransom.

In Munich, Laura Dornheim wants to focus on employee training even more in the future. “For a long time, cybersecurity did not focus on the human factor, because people thought everything could be solved with technology. But it’s equally important to involve individual users and make it clear to them that keeping the city safe is a joint effort.”

At the same time, there’s a fast-growing trend toward zero-trust architecture, in which stricter authentication procedures protect individual servers rather than providing umbrella security for an entire network. In the US, all federal agencies must implement their own zero-trust approach by 2024. Currently, Haya Shulman is leading a project to develop a reference architecture tailored to German organizations and municipalities. Within the zero-trust framework, a computer no longer automatically “trusts” other computers on the same network, but must authenticate itself through further security checks. Even if attackers gain access to one device, as they did in Anhalt-Bitterfeld, the next door in the system will remain closed.

“Towards an environment that offers unparalleled security”

Markus Richter, Federal Government Commissioner for Information Technology, wants to fast forward the digitalization of the public sector in Germany with the help of a multicloud. The aim is to establish a central resource where various providers can offer a wide range of services – all while guaranteeing even better security for citizen-related data.

Mr. Richter, the federal government of Germany has said it would like to transition and process more public administration data in the cloud. Are there any concrete plans in place?

The strategy adopted by federal and state governments is to implement a so-called multicloud solution, where we can offer bundled services from various providers. Last fall, we initiated a pilot project in which we set up a coordination center and tested several services.

What do you hope to achieve with a multicloud of this nature?

It will enable us to provide new options, maintain healthy competition, and benefit from innovations. Because the services run on various cloud platforms, we’ll be able to quickly and inexpensively equip a large number of workstations at once. At the same time, a multicloud approach will help us move away from having numerous small data centers and towards an environment that offers maximum scalability and unparalleled security.

How will you guarantee security?

All of the services must fulfill the requirements of Germany’s Federal Office for Information Security (BSI). And of course they must adhere to the European legal framework. In addition, a multicloud approach offers the option of moving data and programs from one location to another if the situation demands.

What is the role of the coordination center you mentioned?

We serve as the central liaison to everyone involved. When a German government agency requires an IT service, they’ll contact the coordination center. The coordinators will ask the network of public service providers if anyone can cover that need. If not, the service will be put out to bid. We’re currently evaluating the results of the pilot project. After that, we’ll begin implementing the new approach.

Germany is lagging far behind when it comes to providing digital access to the public sector. The Online Access Act singled out 600 services meant to be completely digitalized by the end of 2022. Not even half of this goal has been met.

It’s true that we haven’t reached our goal. However, we’ve made considerable progress, particularly in the past few months. Numerous popular services are now

available online: change of address forms, building permits, student loan applications. We’ve learned that the main stumbling blocks in the rollout have had more to do with change management than with the technology itself. Processes have to be adapted, and that is a major challenge.

When will the multicloud go into operation?

We’ll issue the first call for tenders sometime this year. But there isn’t a single launch date. Rather, it will be an ongoing process – we have yet to work out the precise schedule. There’s currently a great deal of movement on the market, and the biggest service providers still have some homework to do.

You’re alluding to the idea of digital sovereignty. What does that mean, and why is it so important?

Sovereignty is a prerequisite. I’m pleased about the constructive ongoing negotiations between the European Commission and the United States. The latest presidential executive order takes European demands into account. I’d recommend that companies such as Google, Microsoft, and Amazon also reach agreements with regard to interfaces and standards. And open source will play an important role for us.

How much will the multicloud cost German citizens?

The model we have in mind is that the providers will be responsible for setting up the infrastructure, and we will get access via licenses. That means we won’t be building our own data center to house the cloud. The exact costs will greatly depend on actual demand for the services and infrastructure. To better understand that, we’ll conduct surveys on the state and federal levels.

About

Dr. Markus Richter has been the Federal Government Commissioner for Information Technology since May 2020, in addition to serving as Secretary of State at the Federal Ministry of the Interior and Community. Known as the “Federal CIO,” Richter is the key point person for IT issues in public administration and is responsible for overseeing IT and digitalization in the federal administration. Previously, the 46-yearold lawyer spent nearly 15 years with the Federal Office for Migration and Refugees, serving as Vice President from 2018 to 2020.

“Security and sovereignty are two sides of the same coin”

Higher security standards at a lower cost: That’s what Google’s experts are working on.

The cloud plays a decisive role for companies looking to protect their infrastructure from cyberattacks, says Wieland Holfelder, Vice President of Engineering at Google. Beyond that, the cloud also helps to accelerate digitalization.

“Companies today are exposed to a wide range of cyber threats; protecting their infrastructure from attacks and even losses is essential to ensuring their survival. But keeping technology and software constantly up to date is a challenge – especially if IT security isn’t part of a company’s core business.

Google Cloud takes many of these challenges off a company’s plate. Hundreds of experts are constantly expanding our cloud platform with new functionalities which also offer improved protection. As a result, the speed of innovation is increasing. Every security update that we provide for our customers takes into account what we have learned from new threat intelligence, vulnerabilities, or potential attack techniques. This creates a digital immune system for the cloud.

Our customers also benefit from scale effects – i.e., while the costs to ensure data and infrastructure security are decreasing, security standards are increasing. At the same time, the cloud offers unique elasticity, so customers can adapt their workloads at any time; for example, if they need more storage space or faster compute power depending on their individual needs.

In the past, businesses have raised concerns about using cloud technology – and some still have reservations today. They may worry about becoming dependent on a particular provider, or feel skeptical about who has access to their data, where exactly it’s stored, and how it’s encrypted. Some also wonder what would happen to their data if access to the cloud provider were to be temporarily suspended.

We take these concerns regarding digital sovereignty very seriously and have developed specific products and solutions that address these concerns and the security needs of our customers. We call it the Sovereign Cloud. The first Sovereign Cloud product in

Germany, launched in 2022, is called Sovereign Controls, and guarantees that customer data is stored and encrypted in Google Cloud’s German region and cannot be moved to other countries. The encryption keys are stored and managed outside of Google’s infrastructure; with this external key management, we make sure that only authorized users have access to the data. Since Google embraces open-cloud and open-source technology, customers also have the option to migrate workloads to other platforms should this be desired or necessary.

A view towards the overall solution

For us, security and sovereignty go hand in hand. I see them as two sides of the same coin. If you lose your data due to a hacking attack, for example, your sovereignty is also gone. And if you cannot act with sovereignty, it’s difficult, or even impossible to guarantee your own security. That’s why both issues are at the core of our strategy and why the cloud solutions we offer comply with European data protection rules.

And so far, cloud providers have acted according to the principle of ‘shared responsibility,’ with the cloud provider being responsible for the security of the infrastructure, and the customer for the security of the applications running on it. At Google Cloud, we have introduced a new model we call ‘shared fate.’ This goes beyond shared responsibility and means that Google also helps provide support for the overall cloud solution. It even means that Google Cloud customers may benefit from cheaper cyber insurance.

The growing trust that users have in cloud solutions is fueling the migration to the cloud – which also increases security for everyone.

I strongly believe that we can only continue to advance digitalization and data security in both large and small German companies with the help of the cloud, because only the cloud offers businesses the ability to flexibly adapt their capacities at any time based on individual needs – while providing the highest possible security and sovereignty.”

Can technology protect democracy?

In recent months, Russia’s invasion of Ukraine has proven just how hostile cyberspace conflicts can be. War isn’t only being waged in towns and villages, but on the internet, too – via cyberattacks.

According to a recent report from the Federal Office for Information Security (BSI), the past year has demonstrated “that unforeseen events can raise the risk of cyber threats to a new level and that collateral damage from cyberattacks in neighboring countries can have a direct impact on Germany.” From the BSI’s perspective, threats in cyberspace are greater than ever before.

What’s more, cyberattacks on German companies also pose a threat to society at large. In 2022, attacks of this nature incurred over €200 billion in damages. Ransomware attacks, in which a victim’s data is encrypted and only released once a ransom has been paid, are particularly common. And then there are distributed denial-of-service (DDoS) attacks, which flood a server with incoming traffic until it collapses.

Attacks like these have a major financial impact –and also pose a threat to critical infrastructure – which, in a worst-case scenario, can endanger social stability. Websites operated by German government agencies such as the federal police, several state police authorities, and the German Bundestag have already been targeted. Clearly, software can be weaponized in many ways, and anyone could be the next victim: individuals, companies, the media, or even governments.

In the past, organizations commonly isolated their systems in an attempt to block malicious attacks. However, the closed-system approach actually makes it harder for individuals to defend themselves against growing digital threats. More effective are cyber solutions based on open, highly secure standards that foster close, transparent collaboration between security industry stakeholders. This approach, known as “open security,” is favored by Google as well.

What exactly is open security?

To some, the concept of “open security” may sound like a paradox, but in today’s mobile, hybrid environment, cybersecurity has to be a team sport. Together, we can set improved security standards that benefit everyone. A key principle of open security is zero trust – an approach that continuously scans all users, devices, and applications for security risks.

With this approach, we can protect the community and everyone in it. The common goal: to defend against hackers and reinforce democratic structures in the process.

However, cybersecurity isn’t a means to an end. Long-term protection requires continuous development. For that reason, Google is investing in European sites, with the aim of making Europe the heart of its global cybersecurity efforts.

How is Google promoting the expansion of cybersecurity in Europe?

Security has always been central to Google’s product strategy. The company strives to provide all of its users with the most advanced security solutions in the world. Individuals, companies, organizations, and governments need to be able to use the internet safely. To promote this vision in Europe, hundreds of cybersecurity experts work at Google Safety Engineering Centers (GSECs) across Europe to develop products and solutions, share knowledge, and exchange information with other companies and organizations. At the site in Munich, experts are tackling privacy and security. In Dublin, the focus is

Distributed denial of service

A distributed denialof-service attack, or DDoS for short, is a malicious attempt to flood a server belonging to an individual or organization with what’s known as “attack traffic,” blocking legitimate traffic from the service. To do this, hackers infect multiple interconnected devices with malware. The more devices are involved, the more potent the attack.

From online banking to the digitalization of public administration and networking of supply chains – cyber risks affect every sector and are a widespread cause for concern. Though the task is daunting, individuals, companies, and organizations need to protect themselves online: These days, hackers aren’t just interested in stealing data – they’re trying to undermine democratic structures

Threat intelligence

Threat intelligence describes the process of identifying and investigating cyber threats. Data is analyzed to identify problems, methods of attack, and malicious actors, enabling the development of concrete solutions to make systems more secure in the future.

on developing strategies against the spread of illegal and harmful content. And another site is set to open soon in Málaga. The goal is to bring together users, experts, entrepreneurs, and politicians to fortify Europe’s digital security against burgeoning threats – strengthening democracy through cooperation. A key part of this mission is ensuring that people have access to information from a wide range of credible sources.

How is Google securing access to reliable information?

Dictatorships and autocratic regimes have always employed censorship and control of the press to hinder freedom of ideas.

One example of this was the attack on Russian independent newspaper Novaya Gazeta in autumn 2021. Its server was overwhelmed with a mind-boggling 1.2 million requests per second, causing the newspaper’s webpage to crash. A DDoS attack –launched on one of the last days of the Russian parliamentary elections.

Project Shield, developed in 2013 by Google subsidiary Jigsaw, can protect websites from DDoS attacks. Jigsaw’s main focus is combating extremism, online censorship, and cyberattacks.

Currently active in more than 100 countries, Project Shield protects thousands of websites – including in Ukraine. Traffic intended for a particular website is redirected to the much more resilient Google network. Potentially damaging requests – such as those related to DDoS attacks – are filtered out, and only requests deemed trustworthy are forwarded to the intended website. Essentially, Google acts as a shield, protecting the targeted website and stopping its server from becoming overloaded, thus ensuring that users are still able to access reliable information.

Still, there are other strategies that antidemocratic actors can employ, such as deliberately spreading misinformation – a technique that is increasingly common.

How can people protect themselves from misinformation?

Pre-bunking is a strategy developed to help people boost their “mental immune systems” – empowering them to better recognize misinformation and build up resilience against manipulation and false narratives.

One pre-bunking strategy is to share videos that demonstrate how to identify misleading arguments and targeted misinformation.

In 2022, Jigsaw launched a pre-bunking campaign in several Central and Eastern European countries. The goal was to counter misinformation created about refugees fleeing Ukraine.

The approach seems to be working: Tests have shown that people who watch pre-bunking videos are better able to distinguish accurate information from inaccurate information. As such, pre-bunking could play an important role in protecting democratic values.

Despite the work being done, there’s no end in sight to the fight against cyberattacks, disinformation, and assaults on democracy. No one should relax just yet, according to Royal Hansen, who leads the global development team for data privacy and protection at Google and is Vice President of Engineering for Privacy, Safety, and Security. He believes that “we all must work together to protect this future, whether that means combating cyber threats, building safe technologies that unlock society’s full potential, or developing responsible technology policies. ”

Quantum optics, AI software, and more

1. MAKING PASSWORDS OBSOLETE

●

Who? Jannis Froese and Nils Vossebein developed DeepSign, a quicker, safer alternative to two-factor authentication for website and app logins.

What? DeepSign makes it unnecessary to enter additional passwords and codes sent to phones. Instead, the software recognizes computer users by their keyboard and mouse movements –such as typing speed, reaction speed, and scrolling action. Apparently, these behaviors are as unique as our fingerprints.

Why? DeepSign accelerates the authentication process and makes it possible to quickly and reliably identify authorized users. The technology is suitable for both personal and professional use and can also be adopted in production and research.

More information at: deepsign.de

2. ENCRYPTING DATA WITH QUANTUM OPTICS

● Who? Dr. Oliver de Vries and Dr. Kevin Füchsel founded the quantum technology startup Quantum Optics Jena (QOJ) based on their work at the Fraun-

hofer Institute for Applied Optics and Precision Engineering (IOF). Their goal is to make communication systems more secure.

What? In the future, we’ll see the development of quantum computers with remarkable mathematical capabilities, many times more powerful than conventional computers. This represents a threat for current data transfer encryption methods. QOJ employs a new encryption method that allows only the sender and the receiver to read out data –with no access granted to external parties. That way, data transfers can remain secure in the future.

Why? QOJ’s products and projects are already being applied in research. Soon, they’ll help governments, energy suppliers, financial institutions, and healthcare facilities fend off cyberattacks.

More information at: qo-jena.com

3. TRACKING DOWN MALWARE

●

Who? Julian Ziegler and Christian Boll developed Inlyse, an AI program that instantly identifies malware and cyberattacks.

What? Inlyse uses neural networks to detect malware. The technology converts data into images, which are then interpreted by the neural networks. They immediately recognize even the slightest indications of viruses and unknown threats.

Why? In the future, Inlyse will provide private individuals and companies with reliable but affordable protection from cyber threats. Inlyse is compatible with browsers, email accounts, and computer software.

More information at: inlyse.com

Google’s cybersecurity engagement extends beyond its own products; the company also supports young founders through the Google for Startups Growth Academy, connecting them with the global Google for Startups community. Over the course of aa three-month program, the foundersacquire the skills needed to grow their business, all under the guidance of experienced mentors. GSEC experts regularly offer training courses to founders and consult on data anonymization and privacy, as well as data protection in product design and development.

All over the world, people are fighting cybercrime – including in Germany, where countless startups are working on ways to improve internet security. A brief look at three exciting projects.

Massachusetts Institute of Technology

11/2/1988

The first computer worm in internet history

How

On November 2, 1988, experts declared that the internet was broken beyond repair.

The cause: a program developed by computer science graduate student Robert Tappan Morris to determine how many computers were connected to the internet.

To calculate this, Morris’s program was supposed to access each computer via a hole in its security, transmit a count, and

then copy itself onto other computers. But things didn’t quite go as planned: The program hacked into each computer multiple times, causing the network to overload and eventually collapse. Just like that, the first computer worm in history was born. Morris insisted that the damage wasn’t intentional, but his defense didn’t hold up in court. He was the first person to be convicted of

computer abuse, which landed him with three years of probation, 400 hours of community service, and a fine of $10,050. At the time, an assessor estimated that Morris had crippled about ten percent of the internet. Since 1999, Robert Tappan Morris has been a professor at the Massachusetts Institute of Technology (MIT), the very same place he built the first computer worm.