Hackers will try to exploit Covid-19. How to stop them?

New digital habits will be a gift to hostile actors unless governments and internet users show vigilance

March 19, 2020
hostile states can take advantage of the present crisis to sow the seeds of public confusionPhoto: Annette Riedl/DPA/PA Images
hostile states can take advantage of the present crisis to sow the seeds of public confusionPhoto: Annette Riedl/DPA/PA Images

The internet is coming into its own, a digital coming of age, during the Covid-19 pandemic. The world of interpersonal internet communication will never be the same again. The present global crisis is the first in which we can see how valuable internet purchasing and social media are in preserving the fabric of everyday life and the personal interactions that are at the heart of our shared humanity. For the first time in our history we do not have to face alone the isolation of ignorance, quarantine or social distance in the face of communicable disease. But with that welcome public reliance on digital connectivity comes a different vulnerability, especially for those most at risk from the disease. For criminal greed and authoritarian malice do not respect our difficulties, they thrive on them.

With so many of us who are at particular risk from catching Covid-19, including myself, now confined indoors, our previous direct interactions with families and friends are having to cease. By working from home, and exercising the need to maximise social distance, we will miss the everyday banter of colleagues, and the stimulus contact with them has on our sense of proportion and indeed our creativity. This is where internet-enabled one-to-one, one-to-many, and many-to-many communications applications can help so much in keeping us connected. And ordering food and essential supplies online protects others as well as ourselves from cross-infection.

Relatively few of us are used to daily video and audio conferencing, but these applications are now what we all need to learn to use for social and communal purposes, not just business needs. The elderly are at greater risk when they catch the virus and for them social distance is most important. Yet they are on average going to be the least familiar with the power of internet-enabled communications and online shopping. Bringing them up to speed and helping them have access to digital technology is therefore a pressing task for families and friends, and carers and communities. We know that being cut off from human contact has profound psychological consequences and can even affect our immune response to disease. Digital contact is in the circumstances an essential substitute.

The elderly at-risk groups have also been shown over the last few years to be most vulnerable to frauds and scams online or perpetrated over the telephone and mobile devices. The greatly increased use of the internet by the elderly and others in self-isolation creates opportunities for criminal gangs who prey on the vulnerable. There are no polite words to describe such contemptible behaviour towards those who are weakest in society, but sadly it must be expected. Companies and educational institutions will also be more vulnerable as they race to connect up digitally employees and students in innovative ways.

The principles of good cyber security remain therefore and must be followed. As the UK National Cyber Security Centre (NCSC) has rightly reminded us, security measures cannot be waived in the Covid-19 emergency since they protect us against criminals who sadly do not respect our vulnerability, indeed may go out of their way to exploit it. The NCSC has republished on its website its helpful guidance for UK companies now relying on home and remote working, with staff using laptops, mobiles and tablets. Setting up new accounts and accesses, controlling access to corporate systems, helping staff to look after devices and reducing the risk from removable media (such as USB sticks) are just some of the areas where sensible guidance is available. Tips help staff spot typical signs of phishing scams that try and trick users into clicking on a bad link and lead, if clicked, to malware infection and loss of data like passwords. The scams may even claim to have a "cure” for the virus, offer a financial reward, or be encouraging individuals to “donate” to apparent charitable funds. We may well not go back to all our old face-to-face habits when the pandemic ebbs. All the more reason to ensure that the foundations of good cyber security are laid down now for these new ways of working within the population.

It is very regrettably also the case that hostile states can take advantage of the present crisis to sow the seeds of public confusion. A vivid example is the way that Russian state media have repeatedly floated the conspiracy story that the Covid-19 virus was engineered in a US biowarfare laboratory and spread deliberately to slow down the Chinese economy. Never mind the nonsensical implausibility of this story, the efforts being made by Russian outlets to keep it alive in the public mind will have an effect on some. We know that internet lies, often enough repeated, take on a life of their own. “It is as good as true” becomes “it might be true,” and that becomes with repetition “and anyway who knows?” The government will need to combat such lies and present through social media its own clear unambiguous narrative, and to continue to protect the critical infrastructure in case of opportunist attacks upon it.

Here the reach of social media (which is where younger people now get their news) can be a huge advantage in responsible public information for governments that are prepared to be transparent about the science behind their actions, and to allow the experts to explain the basis of their modelling and advice. The media need to help the public understand the science of Covid-19 and what is driving government policy to contain and respond to the outbreak. Last month Facebook said it would act to limit disinformation about the spread of the virus, and Twitter too has said it will protect the public conversation about Covid-19 and the measures being taken to flatten the curve of infection, so that our health service is not overwhelmed by a peak of cases. But already we see fake news stories circulating (bearing the hallmarks of orchestration, with similar falsehoods appearing in different forms with essentially the same false story ascribed vaguely to “a doctor in our area”). The BBC has usefully been exposing such falsehoods and telling listeners of the fake news that is circulating.

Only time will tell whether the clear sense of public spiritedness now being shown by community groups and neighbours around the country will also be reflected in a reduction of the everyday level of crude and violent language and unpleasantness that was evident in many past emails and social media blogs. I would like to think that is another corner we can turn as a result of the searing effect of Covid-19. It would be a great comfort if, when we emerge from the crisis—as we will—we have become better aware of the benefits of a moral system that places high value on behaving well and considerately towards others when online as much as off-line. We will have learned to enjoy performing social duties to others in parallel with safeguarding our cherished individual rights. We will have learned which information sources we can trust. We will also have learned whether states behaved responsibly, or whether they yet further eroded our trust in the very thing—the internet—we now know is existential to our survival.

David Omand is a visiting professor in the war studies department at King’s College London. He was director of GCHQ and later, the UK security and intelligence coordinator