SlideShare une entreprise Scribd logo

SURVEILLANCE SOFTWARE THREATENS PRIVACY

Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD

SURVEILLANCE SOFTWARE

Technologie
1  sur  7
SURVEILANCE SOFTWARE INTRODUCTION Modern information environment is already saturated with massive amounts of data and malicious monitoring. Digital devices, software and sensors are everywhere as each of us has mobile digital devices on a 24-hour basis that create a continuous, mobile network of digital information around us and wherever we move to. Our reliance on digital technology beyond its benefits has created vulnerabilities that can potentially be exploited by various entities for their own gain. The evolution of digital Social Media platforms into powerful and highly intrusive social machines has contributed to the creation of the environment of "Surveillance Capitalism" within which we act, co-exist and in which user behavior is monitored in return, on the one hand the free access to various services and applications, and on the other the capitalization and exploitation, in various ways, of the produced individual data. This model dominates not only Social Media but the entire digital ecosystem forcing digital platforms to create an intrusive, relentless logic, accurately approximating our digital behavior patterns. DIGITAL SECURITY The European Cybersecurity Agency (ENISA) has listed digital surveillance among the top ten emerging cybersecurity threats for 2030. The produced software, although it has improved in terms of cyber-security, still has weaknesses, as a result of which malicious users (hackers, groups, companies, states, etc.) exploit these vulnerabilities for their own benefit (money, reputation, power, malicious intentions, etc). The result is the production of high "value" tracking software that is used to serve a variety of nefarious or nefarious purposes. More specifically the latest versions of tracking software can access a target's device without any visible signs of tampering. That is, without having to trick the target into taking an action (clicking) on a link.
This means that any malicious user (hackers, groups, organizations, states, etc) will be able to use spyware (Pegasus, Predator, etc) to infiltrate with little effort (traditional malware, Social Engineering, phishing, etc) and/or invisible (advanced spyware) on users' devices. Users practically cannot defend themselves effectively, since at their level and for the sake of practicality-usability they can adopt limited protection measures such as using two-factor authentication or a password manager, or using an application such as signal for the exchange of messages Unfortunately, although the perpetrators use the latest technology software (taken from the future) so that with one or no simple action they can penetrate the victim's devices without his knowledge, the controls and monitoring mechanisms belong to past centuries. There are many types of malware (viruses, trojan horses, digital worms, etc.), which can be installed on users' digital media in many ways (attacks): 1. Phishing: involves tricking users into revealing sensitive information (passwords, account numbers or personal data). 2. Clickjacking: involves tricking users into acting (clicking) on a hyperlink or button. 3. Zero click attacks: This attacks take advantage of a zero day vulnerability in the system without requiring any intervention from users who are usually unaware of these attacks and therefore unable to deal with them or mitigate their effects . 4. Drive-by download attacks: Launched from infected websites, allowing malicious users to infiltrate, access, control and collect large amounts of information from digital devices. An evolution of these attacks are the Watering hole attacks, in which the attacker finds websites known to be visited by users of the target digital system, infects them with software aimed at obtaining information about the users and the digital system, waiting until some users visit the page and become infected. SURVEILLANCE Historically, intelligence agencies had the same targeting regarding the type of information they were looking for, but they used "traditional" surveillance techniques (agents, photos, “bugs”, etc) to obtain it, which were mostly scattered, quite laborious and very primitive. Digital monitoring and surveillance has removed many of the physical limitations giving agencies enormous "invisible" surveillance capabilities. Monitoring can be categorized as follows: 1. Traditional (Classic): Deliberate, systematic and sustained surveillance of individuals and groups, focusing effort on personal information for purposes of influence, management, protection or direction. 2. Modern: Evolution of traditional surveillance by using sophisticated means overcoming space-time, quantitative and other limitations of traditional surveillance.
3. Targeted: Addresses specific persons of interest. 4. Mass-Diffuse: It is directed indiscriminately to large groups of people or even to the entire states, affecting private life, data protection, people’s individual rights (freedom of speech, association, assembly) and the democratic institutions of society and especially of participatory deliberative democracy which guarantees three fundamental aspects: private autonomy of citizens, democratic status of the citizen, independence of a public sphere. Of particular importance is the issue of targeted espionage through spyware, which is more concerning because of the level of intrusiveness. For an entity (government agency, etc) to be able to penetrate a digital device is a qualitative evolutionary leap in the capabilities of government surveillance and control, given that most governments around the world do not have the proper institutional checks and balances to prevent abuse power. In essence, covert surveillance creates the impression of a Panopticon effect, which puts pressure on individuals to behave in accordance with what they believe is expected of them, as they are under the mere possibility of being monitored and 'punished'. SURVEILANCE SOFTWARE Spyware compromises digital devices enabling covert pervasive surveillance, the unnecessary implementation of which affects a range of human rights such as privacy, data protection, human individual rights (freedom of speech, association, assembly) as well as democratic institutions of society and especially of participatory deliberative democracy. In this perspective the use of spyware can affect political participation and ultimately the electoral process itself not only because the targeted users feel compelled to refrain from participating in interactions with political content, expressing their honest opinions and socializing with others for political purposes but also because the collected information, possibly manipulated, may be used to carry out smear campaigns against undesirable candidates or to take other actions that reduce their chances of success in elections. The cyber intervention of surveillance software in the electoral process through the extraction of private information from the devices of the victims, allows the first step for the so-called "doxing", i.e. gaining unauthorized access to digital systems and user accounts (e-mail, MKS, etc. ), extracting non-public data, and then leaking the data to the public. Material obtained through monitoring software can enable two types of malicious doxing: Strategic hacking: Selective leaking of material on matters of public interest, with the aim of promoting friendly interests (party, political, etc.).
Altered leaks (disinformation): Deliberately incorporating false or misleading information into a larger body of genuine confidential data leaked to the public. SPY SOFTWARE-EXAMPLE PEGASUS Surveillance software such as Predator, Pegasus, QuaDream, Candiru and Karkadann have the ability to: 1. Make attacks with or without action (click). 2. Gain full access to the targeted devices. 3. Leave little or no traces of their action. After gaining full access the software performs: 1. Initial Data Export Export information already available on the device such as: SMS and calendar files, contact details, call history, email messages, instant messages, browsing history. 2. Passive surveillance Real-time collection of new information (as above) as well as location tracking via cell- id. 3. Active Surveillance Features of the target device are used to perform further activities such as: location tracking using GPS, recording voice calls-ambient sounds, file recovery, taking photos, saving screenshots. 4. Additional actions Modifying the content of the device, creating and storing fake messages or other documents, sending fake messages, impersonating the owner of the device, gaining access to the owner's digital or physical assets and possibly conducting transactions in the owner's name, placing false evidence of crimes or other illegal activities on the device. According to the Pegasus Project targets of the software were: • Members of the Arab Royal Family • 64 Entrepreneurs • 84 Human Rights Activists • 600+ political and government officials • 189 Journalists Also a list of 50,000 phone numbers was leaked appearing to belong to people who had been selected as potential surveillance targets: • Terrorists and known criminals. • Business executives.
• Religious figures. • University students. • NGO employees. • Union and government officials (Presidents, Prime Ministers, Ministers. • 100 Journalists, including editors and executives of leading publications. According to a report to the European Parliament several countries (Hungary-France- Spain-Finland-Poland-Belgium) have been accused of abusive use of surveillance software such as Pegasus with victims including journalists, politicians, academics, prosecutors, lawyers and government officials . NATIONAL SECURITY The concept of national security has a broad and not clearly defined meaning. The use of spyware is usually justified by invoking national security, which is more closely related to the idea of National Defense, but whose extended use should be avoided, understood restrictively, and distinguished from the concept of internal security, which has a wider scope that includes the prevention of risks to individual citizens (terrorism, serious and organized crime On Sep 21, EU Justice Commissioner Didier Reynders denounced the abusive invocation of National Security, condemning in full the alleged attempts by the national security services of several states to illegally obtain information about political opponents through their phones. In the same vein, the UN Human Rights Council has recognized that many states have used counter-terrorism powers as a cynical legal pretext to limit freedom of expression, legalize torture and other forms of ill-treatment, and intimidate minorities, activists and the opposition. The EU Agency for Fundamental Rights has found that this concept (National Security) is relatively undefined and understood in different ways in different legal systems, generally national security cannot include activities that aim to: • Unfavourably influence political opponents; • Affect democratic processes, such as elections, or government functions, such as justice and administration; • Intervene in the media; • Target human rights activists; • Suppress criticism and dissent; • Provide special advantages to favoured businesses or industries; or • Benefit or harm members of groups defined by religion, political opinion, nationality, race, gender or other categories of people who may be subject to discrimination. Of course, the fact that the competence of National Security has not yet been transferred by the Member States does not imply that the acts performed in the
exercise of this competence are excluded from the scope of Union law. This principle has been confirmed by the CJEU in several cases (Schrems I-II, Quadrature du Net of 2020, SpaceNet and Telekom Deutschland 2022) in which the EU ruled on matters concerning the monitoring and management of digital personal data. ENFORCEMENT OF THE LAW While national security activities are excluded from the scope of the main acts of EU data protection law, this is not the case for law enforcement activities which fall within the scope of the Law Enforcement Directive, which, according to with Art 1 par 1, governs the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including protection against threats to public security and prevention their. The use of surveillance software for law enforcement purposes must be considered on a case-by-case basis, taking into account multiple factors: the seriousness of the crime or security risk to be investigated or prevented, the limitations under which system functions are used, and the applicable national law LEGAL Surveillance activities must be assessed in accordance with both UN (Human Rights Treaties, International Covenant on Civil and Political Rights) and EU (EU Charter of Fundamental Rights, European Convention on Human Rights) international law. of Man, etc). The use of spyware is a threat to fundamental rights and fundamental principles of EU law, such as (representative-deliberative) democracy and the rule of law. The European Court of Human Rights has found that secret surveillance violates "private life" but also sometimes "home" and "correspondence" and thus raises an issue under Article 8 of the European Convention on Human Rights. National security activities may justify restrictions on fundamental rights, but for such restrictions to be lawful, they must meet the conditions of legality, necessity, proportionality, legitimacy, balancing and consistency with democracy. Such interference can only be justified if the conditions laid down in Article 8(2) are met, i.e. when the interference is provided for by law and is a measure which, in a democratic society, is necessary for national security, public safety, economic well- being of the country, the defense of order and the prevention of criminal offences, the protection of health or morals, or the protection of the rights and freedoms of third parties […]. Due to Snowden revelations, the Parliamentary Assembly of the Council of Europe, in its resolution 2045, stated that surveillance practices by states put at risk
human rights, which are "the cornerstones of democracy" and whose " breach without adequate judicial review poses also endangering the rule of law". EPILOGUE We should recognize that there are serious threats to people's safety and well- being, and for this reason states have agencies (law enforcement, security services, armed forces, etc.) tasked with maintaining security (private, national, etc. ). In fact, we need well-equipped, well-trained security services that respect human rights, but on the other hand we cannot have a situation where law enforcement and secret services operate without oversight and institutional checks and balances, which seems to be happening in many of the countries in Europe that have been involved in scandals related to the Pegasus program. The surveillance and mass domestic surveillance of a segment, at least a segment of the population, by one or more security services, without any proper guarantees or oversight and certainly without transparency or accountability, is very dangerous for liberal democracy which is likely to begin to slip. towards authoritarianism, and this is certainly a concern for every citizen of any country. Although there are legislative frameworks in place at the state and international level, they are clearly inadequate for the kind of monitoring that is available, creating the need to invest in strong modern and independent mechanisms of restraint and oversight to prevent abuse of power, preserve the liberal democracy and moving forward, principles that have their roots in ancient Greece, in the idea of the separation of powers and counterweights, are at the heart of liberal democracy. And we have to remind people that we can't take them for granted. The Russian invasion of Ukraine showed that despite the digital evolution we still live very much in a physical world, where conventional businesses can cause appalling losses to human life and infrastructure. In this specific conflict, although it was expected, no confrontation of any kind was observed in the field of Cyberspace, while on the contrary, the conflict was extensive in the information environment and especially in the fields of Strategic Communication, disinformation, propaganda, spreading messages.

Recommandé

Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey92
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey96
 
C018131821
C018131821C018131821
C018131821IOSR Journals
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of securityGemy Chan
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)Elsayed Muhammad
 
Getting the social side of pervasive computing right
Getting the social side of pervasive computing rightGetting the social side of pervasive computing right
Getting the social side of pervasive computing rightblogzilla
 
Technology helps people in implementing privacy in their day today l.pdf
Technology helps people in implementing privacy in their day today l.pdfTechnology helps people in implementing privacy in their day today l.pdf
Technology helps people in implementing privacy in their day today l.pdfaparnaagenciestvm
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 

Recommandé

Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey92
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.pptShailendraPandey96
 
C018131821
C018131821C018131821
C018131821IOSR Journals
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of securityGemy Chan
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)Elsayed Muhammad
 
Getting the social side of pervasive computing right
Getting the social side of pervasive computing rightGetting the social side of pervasive computing right
Getting the social side of pervasive computing rightblogzilla
 
Technology helps people in implementing privacy in their day today l.pdf
Technology helps people in implementing privacy in their day today l.pdfTechnology helps people in implementing privacy in their day today l.pdf
Technology helps people in implementing privacy in their day today l.pdfaparnaagenciestvm
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Shumail Tariq
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11DaliaCulbertson719
 
Seminar on Internet security
Seminar on Internet securitySeminar on Internet security
Seminar on Internet securityRahul Sah
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Spyware
SpywareSpyware
SpywareFarheen Naaz
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Conkarenahmanny4c
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxcroysierkathey
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Information security
Information securityInformation security
Information securityIshaRana14
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorismDharani Adusumalli
 
Cyber War
Cyber WarCyber War
Cyber WarPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxTopic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxOxfordRiNorth
 
Survillance description
Survillance descriptionSurvillance description
Survillance descriptiongururaj lulkarni
 
Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdflalitaggarwal627
 
Encountering social engineering activities with a novel honeypot mechanism
Encountering social engineering activities with a novel honeypot mechanismEncountering social engineering activities with a novel honeypot mechanism
Encountering social engineering activities with a novel honeypot mechanismIJECEIAES
 
Russia Ukraine war Cyberspace operations (2022-2024)
Russia Ukraine war Cyberspace operations (2022-2024)Russia Ukraine war Cyberspace operations (2022-2024)
Russia Ukraine war Cyberspace operations (2022-2024)Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdfRussia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdfPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 

Contenu connexe

Similaire à SURVEILLANCE SOFTWARE THREATENS PRIVACY

Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Shumail Tariq
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11DaliaCulbertson719
 
Seminar on Internet security
Seminar on Internet securitySeminar on Internet security
Seminar on Internet securityRahul Sah
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Conkarenahmanny4c
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxcroysierkathey
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Information security
Information securityInformation security
Information securityIshaRana14
 
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxTopic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxOxfordRiNorth
 
Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdflalitaggarwal627
 
Encountering social engineering activities with a novel honeypot mechanism
Encountering social engineering activities with a novel honeypot mechanismEncountering social engineering activities with a novel honeypot mechanism
Encountering social engineering activities with a novel honeypot mechanismIJECEIAES
 

Similaire à SURVEILLANCE SOFTWARE THREATENS PRIVACY (20)

Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02Cybercrime 111205224958-phpapp02
Cybercrime 111205224958-phpapp02
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
 
Seminar on Internet security
Seminar on Internet securitySeminar on Internet security
Seminar on Internet security
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Spyware
SpywareSpyware
Spyware
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
 
Information security
Information securityInformation security
Information security
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Cyber War
Cyber WarCyber War
Cyber War
 
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxTopic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
 
Survillance description
Survillance descriptionSurvillance description
Survillance description
 
Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
 
Encountering social engineering activities with a novel honeypot mechanism
Encountering social engineering activities with a novel honeypot mechanismEncountering social engineering activities with a novel honeypot mechanism
Encountering social engineering activities with a novel honeypot mechanism
 

Plus de Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD

Plus de Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD (20)

Russia Ukraine war Cyberspace operations (2022-2024)
Russia Ukraine war Cyberspace operations (2022-2024)Russia Ukraine war Cyberspace operations (2022-2024)
Russia Ukraine war Cyberspace operations (2022-2024)
 
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdfRussia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
Russia Ukraine Conflict_Cyberspace Operations_2021_2023.pdf
 
Mitigation of cyber threats 1a.pdf
Mitigation of cyber threats 1a.pdfMitigation of cyber threats 1a.pdf
Mitigation of cyber threats 1a.pdf
 
CYBER KILL CHAIN Table
CYBER KILL CHAIN TableCYBER KILL CHAIN Table
CYBER KILL CHAIN Table
 
Logismika Parakolouthisis.docx
Logismika Parakolouthisis.docxLogismika Parakolouthisis.docx
Logismika Parakolouthisis.docx
 
Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)
Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)
Ρωσία εναντίον Εσθονίας:ο πρώτος κυβερνοπόλεμος (2007)
 
Russia vs Estonia_First Cyber War (2007)
Russia vs Estonia_First Cyber War (2007)Russia vs Estonia_First Cyber War (2007)
Russia vs Estonia_First Cyber War (2007)
 
ΚΥΒΕΡΝΟΠΟΛΕΜΟΣ
ΚΥΒΕΡΝΟΠΟΛΕΜΟΣΚΥΒΕΡΝΟΠΟΛΕΜΟΣ
ΚΥΒΕΡΝΟΠΟΛΕΜΟΣ
 
Κυβερνοχώρος: Νέο πεδίο αντιπαραθέσεων
Κυβερνοχώρος: Νέο πεδίο αντιπαραθέσεωνΚυβερνοχώρος: Νέο πεδίο αντιπαραθέσεων
Κυβερνοχώρος: Νέο πεδίο αντιπαραθέσεων
 
Cyberspace_New Operational Domain
Cyberspace_New Operational DomainCyberspace_New Operational Domain
Cyberspace_New Operational Domain
 
Πληροφοριακός Πόλεμος-Information Warfare
Πληροφοριακός Πόλεμος-Information WarfareΠληροφοριακός Πόλεμος-Information Warfare
Πληροφοριακός Πόλεμος-Information Warfare
 
Information Warfare
Information WarfareInformation Warfare
Information Warfare
 
Corporate Cyber Security
Corporate Cyber SecurityCorporate Cyber Security
Corporate Cyber Security
 
Russia Georgia 2008 Conflict-Information Operations, Cyberwarfare
Russia Georgia 2008 Conflict-Information Operations, CyberwarfareRussia Georgia 2008 Conflict-Information Operations, Cyberwarfare
Russia Georgia 2008 Conflict-Information Operations, Cyberwarfare
 
Cyber risks for enterprises-Vacations Time
Cyber risks for enterprises-Vacations TimeCyber risks for enterprises-Vacations Time
Cyber risks for enterprises-Vacations Time
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
 
Κυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber Warfare
Κυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber WarfareΚυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber Warfare
Κυβερνοπόλεμος-Επιχειρήσεις Κυβερνοχώρου-Cyber War-Cyber Warfare
 
Οδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing Guide
Οδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing GuideΟδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing Guide
Οδηγός Προστασίας από την Ηλεκτρονική Εξαπάτηση-Phihing Guide
 
Οδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security Guide
Οδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security GuideΟδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security Guide
Οδηγός Ορθής χρήσης Μέσων Κοινωνικής Δικτύωσης-Social Media Cyber Security Guide
 

Dernier

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Dernier (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

SURVEILLANCE SOFTWARE THREATENS PRIVACY

  • 1. SURVEILANCE SOFTWARE INTRODUCTION Modern information environment is already saturated with massive amounts of data and malicious monitoring. Digital devices, software and sensors are everywhere as each of us has mobile digital devices on a 24-hour basis that create a continuous, mobile network of digital information around us and wherever we move to. Our reliance on digital technology beyond its benefits has created vulnerabilities that can potentially be exploited by various entities for their own gain. The evolution of digital Social Media platforms into powerful and highly intrusive social machines has contributed to the creation of the environment of "Surveillance Capitalism" within which we act, co-exist and in which user behavior is monitored in return, on the one hand the free access to various services and applications, and on the other the capitalization and exploitation, in various ways, of the produced individual data. This model dominates not only Social Media but the entire digital ecosystem forcing digital platforms to create an intrusive, relentless logic, accurately approximating our digital behavior patterns. DIGITAL SECURITY The European Cybersecurity Agency (ENISA) has listed digital surveillance among the top ten emerging cybersecurity threats for 2030. The produced software, although it has improved in terms of cyber-security, still has weaknesses, as a result of which malicious users (hackers, groups, companies, states, etc.) exploit these vulnerabilities for their own benefit (money, reputation, power, malicious intentions, etc). The result is the production of high "value" tracking software that is used to serve a variety of nefarious or nefarious purposes. More specifically the latest versions of tracking software can access a target's device without any visible signs of tampering. That is, without having to trick the target into taking an action (clicking) on a link.
  • 2. This means that any malicious user (hackers, groups, organizations, states, etc) will be able to use spyware (Pegasus, Predator, etc) to infiltrate with little effort (traditional malware, Social Engineering, phishing, etc) and/or invisible (advanced spyware) on users' devices. Users practically cannot defend themselves effectively, since at their level and for the sake of practicality-usability they can adopt limited protection measures such as using two-factor authentication or a password manager, or using an application such as signal for the exchange of messages Unfortunately, although the perpetrators use the latest technology software (taken from the future) so that with one or no simple action they can penetrate the victim's devices without his knowledge, the controls and monitoring mechanisms belong to past centuries. There are many types of malware (viruses, trojan horses, digital worms, etc.), which can be installed on users' digital media in many ways (attacks): 1. Phishing: involves tricking users into revealing sensitive information (passwords, account numbers or personal data). 2. Clickjacking: involves tricking users into acting (clicking) on a hyperlink or button. 3. Zero click attacks: This attacks take advantage of a zero day vulnerability in the system without requiring any intervention from users who are usually unaware of these attacks and therefore unable to deal with them or mitigate their effects . 4. Drive-by download attacks: Launched from infected websites, allowing malicious users to infiltrate, access, control and collect large amounts of information from digital devices. An evolution of these attacks are the Watering hole attacks, in which the attacker finds websites known to be visited by users of the target digital system, infects them with software aimed at obtaining information about the users and the digital system, waiting until some users visit the page and become infected. SURVEILLANCE Historically, intelligence agencies had the same targeting regarding the type of information they were looking for, but they used "traditional" surveillance techniques (agents, photos, “bugs”, etc) to obtain it, which were mostly scattered, quite laborious and very primitive. Digital monitoring and surveillance has removed many of the physical limitations giving agencies enormous "invisible" surveillance capabilities. Monitoring can be categorized as follows: 1. Traditional (Classic): Deliberate, systematic and sustained surveillance of individuals and groups, focusing effort on personal information for purposes of influence, management, protection or direction. 2. Modern: Evolution of traditional surveillance by using sophisticated means overcoming space-time, quantitative and other limitations of traditional surveillance.
  • 3. 3. Targeted: Addresses specific persons of interest. 4. Mass-Diffuse: It is directed indiscriminately to large groups of people or even to the entire states, affecting private life, data protection, people’s individual rights (freedom of speech, association, assembly) and the democratic institutions of society and especially of participatory deliberative democracy which guarantees three fundamental aspects: private autonomy of citizens, democratic status of the citizen, independence of a public sphere. Of particular importance is the issue of targeted espionage through spyware, which is more concerning because of the level of intrusiveness. For an entity (government agency, etc) to be able to penetrate a digital device is a qualitative evolutionary leap in the capabilities of government surveillance and control, given that most governments around the world do not have the proper institutional checks and balances to prevent abuse power. In essence, covert surveillance creates the impression of a Panopticon effect, which puts pressure on individuals to behave in accordance with what they believe is expected of them, as they are under the mere possibility of being monitored and 'punished'. SURVEILANCE SOFTWARE Spyware compromises digital devices enabling covert pervasive surveillance, the unnecessary implementation of which affects a range of human rights such as privacy, data protection, human individual rights (freedom of speech, association, assembly) as well as democratic institutions of society and especially of participatory deliberative democracy. In this perspective the use of spyware can affect political participation and ultimately the electoral process itself not only because the targeted users feel compelled to refrain from participating in interactions with political content, expressing their honest opinions and socializing with others for political purposes but also because the collected information, possibly manipulated, may be used to carry out smear campaigns against undesirable candidates or to take other actions that reduce their chances of success in elections. The cyber intervention of surveillance software in the electoral process through the extraction of private information from the devices of the victims, allows the first step for the so-called "doxing", i.e. gaining unauthorized access to digital systems and user accounts (e-mail, MKS, etc. ), extracting non-public data, and then leaking the data to the public. Material obtained through monitoring software can enable two types of malicious doxing: Strategic hacking: Selective leaking of material on matters of public interest, with the aim of promoting friendly interests (party, political, etc.).
  • 4. Altered leaks (disinformation): Deliberately incorporating false or misleading information into a larger body of genuine confidential data leaked to the public. SPY SOFTWARE-EXAMPLE PEGASUS Surveillance software such as Predator, Pegasus, QuaDream, Candiru and Karkadann have the ability to: 1. Make attacks with or without action (click). 2. Gain full access to the targeted devices. 3. Leave little or no traces of their action. After gaining full access the software performs: 1. Initial Data Export Export information already available on the device such as: SMS and calendar files, contact details, call history, email messages, instant messages, browsing history. 2. Passive surveillance Real-time collection of new information (as above) as well as location tracking via cell- id. 3. Active Surveillance Features of the target device are used to perform further activities such as: location tracking using GPS, recording voice calls-ambient sounds, file recovery, taking photos, saving screenshots. 4. Additional actions Modifying the content of the device, creating and storing fake messages or other documents, sending fake messages, impersonating the owner of the device, gaining access to the owner's digital or physical assets and possibly conducting transactions in the owner's name, placing false evidence of crimes or other illegal activities on the device. According to the Pegasus Project targets of the software were: • Members of the Arab Royal Family • 64 Entrepreneurs • 84 Human Rights Activists • 600+ political and government officials • 189 Journalists Also a list of 50,000 phone numbers was leaked appearing to belong to people who had been selected as potential surveillance targets: • Terrorists and known criminals. • Business executives.
  • 5. • Religious figures. • University students. • NGO employees. • Union and government officials (Presidents, Prime Ministers, Ministers. • 100 Journalists, including editors and executives of leading publications. According to a report to the European Parliament several countries (Hungary-France- Spain-Finland-Poland-Belgium) have been accused of abusive use of surveillance software such as Pegasus with victims including journalists, politicians, academics, prosecutors, lawyers and government officials . NATIONAL SECURITY The concept of national security has a broad and not clearly defined meaning. The use of spyware is usually justified by invoking national security, which is more closely related to the idea of National Defense, but whose extended use should be avoided, understood restrictively, and distinguished from the concept of internal security, which has a wider scope that includes the prevention of risks to individual citizens (terrorism, serious and organized crime On Sep 21, EU Justice Commissioner Didier Reynders denounced the abusive invocation of National Security, condemning in full the alleged attempts by the national security services of several states to illegally obtain information about political opponents through their phones. In the same vein, the UN Human Rights Council has recognized that many states have used counter-terrorism powers as a cynical legal pretext to limit freedom of expression, legalize torture and other forms of ill-treatment, and intimidate minorities, activists and the opposition. The EU Agency for Fundamental Rights has found that this concept (National Security) is relatively undefined and understood in different ways in different legal systems, generally national security cannot include activities that aim to: • Unfavourably influence political opponents; • Affect democratic processes, such as elections, or government functions, such as justice and administration; • Intervene in the media; • Target human rights activists; • Suppress criticism and dissent; • Provide special advantages to favoured businesses or industries; or • Benefit or harm members of groups defined by religion, political opinion, nationality, race, gender or other categories of people who may be subject to discrimination. Of course, the fact that the competence of National Security has not yet been transferred by the Member States does not imply that the acts performed in the
  • 6. exercise of this competence are excluded from the scope of Union law. This principle has been confirmed by the CJEU in several cases (Schrems I-II, Quadrature du Net of 2020, SpaceNet and Telekom Deutschland 2022) in which the EU ruled on matters concerning the monitoring and management of digital personal data. ENFORCEMENT OF THE LAW While national security activities are excluded from the scope of the main acts of EU data protection law, this is not the case for law enforcement activities which fall within the scope of the Law Enforcement Directive, which, according to with Art 1 par 1, governs the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including protection against threats to public security and prevention their. The use of surveillance software for law enforcement purposes must be considered on a case-by-case basis, taking into account multiple factors: the seriousness of the crime or security risk to be investigated or prevented, the limitations under which system functions are used, and the applicable national law LEGAL Surveillance activities must be assessed in accordance with both UN (Human Rights Treaties, International Covenant on Civil and Political Rights) and EU (EU Charter of Fundamental Rights, European Convention on Human Rights) international law. of Man, etc). The use of spyware is a threat to fundamental rights and fundamental principles of EU law, such as (representative-deliberative) democracy and the rule of law. The European Court of Human Rights has found that secret surveillance violates "private life" but also sometimes "home" and "correspondence" and thus raises an issue under Article 8 of the European Convention on Human Rights. National security activities may justify restrictions on fundamental rights, but for such restrictions to be lawful, they must meet the conditions of legality, necessity, proportionality, legitimacy, balancing and consistency with democracy. Such interference can only be justified if the conditions laid down in Article 8(2) are met, i.e. when the interference is provided for by law and is a measure which, in a democratic society, is necessary for national security, public safety, economic well- being of the country, the defense of order and the prevention of criminal offences, the protection of health or morals, or the protection of the rights and freedoms of third parties […]. Due to Snowden revelations, the Parliamentary Assembly of the Council of Europe, in its resolution 2045, stated that surveillance practices by states put at risk
  • 7. human rights, which are "the cornerstones of democracy" and whose " breach without adequate judicial review poses also endangering the rule of law". EPILOGUE We should recognize that there are serious threats to people's safety and well- being, and for this reason states have agencies (law enforcement, security services, armed forces, etc.) tasked with maintaining security (private, national, etc. ). In fact, we need well-equipped, well-trained security services that respect human rights, but on the other hand we cannot have a situation where law enforcement and secret services operate without oversight and institutional checks and balances, which seems to be happening in many of the countries in Europe that have been involved in scandals related to the Pegasus program. The surveillance and mass domestic surveillance of a segment, at least a segment of the population, by one or more security services, without any proper guarantees or oversight and certainly without transparency or accountability, is very dangerous for liberal democracy which is likely to begin to slip. towards authoritarianism, and this is certainly a concern for every citizen of any country. Although there are legislative frameworks in place at the state and international level, they are clearly inadequate for the kind of monitoring that is available, creating the need to invest in strong modern and independent mechanisms of restraint and oversight to prevent abuse of power, preserve the liberal democracy and moving forward, principles that have their roots in ancient Greece, in the idea of the separation of powers and counterweights, are at the heart of liberal democracy. And we have to remind people that we can't take them for granted. The Russian invasion of Ukraine showed that despite the digital evolution we still live very much in a physical world, where conventional businesses can cause appalling losses to human life and infrastructure. In this specific conflict, although it was expected, no confrontation of any kind was observed in the field of Cyberspace, while on the contrary, the conflict was extensive in the information environment and especially in the fields of Strategic Communication, disinformation, propaganda, spreading messages.