Episode 23
Cyber Security Part 1 – The Human Factor: Awareness, Prevention, Emotion
"Cybersecurity doesn't mean I have to be a 'techy'. It also doesn't mean that I necessarily need an IT certification."
Note: This Podcast is exclusively avaliable in german.
Hello and welcome back to our Podcast "Technik über dem Tellerrand. Today we start our three-part series on cybersecurity. For our first episode we have a special guest for you. consistec CEO Dr. Thomas Sinnwell has invited innovation consultant, entrepreneur and supervisory board member with a focus on digital transformation, Prof. Dr. Mana Mojadadr. In addition, we have a field report from Andreas Storb from LEG-Service GmbH. What should you do if your company has been hacked? Are cyberattacks an unavoidable risk? And how can you take preventive measures to protect yourself? An exciting and interesting episode awaits you.
Have fun listening!
Transcription.
Thomas Sinnwell: Welcome to the second episode in our three-part series on cybersecurity. In episode one, the focus was on the human factor. We talked about what it's like to be a victim of a cyberattack. We talked about the emotions of the people involved. And yes, no matter how you prepare, you can always be a victim. But it is also very clearly worked out that it is insanely important to be prepared. Today we are doing a very stark change of perspective. We're going to the dark side of this issue and as part of our current episode, we're also going to explore the question: Are all hackers criminals? In order to be able to discuss the topic as competently as possible, I was able to get a fantastic guest. With me today is Professor Dr Thorsten Holz from the CISPA Helmholtz Centre. And if you don't know it yet, the CISPA Helmholtz Centre is one of the world's leading research centres for cybersecurity and privacy. Welcome, Professor Holz.
Thorsten Holz: Thank you very much.
Thomas Sinnwell: Yes, I am very pleased that we can speak on this topic today, so that our listeners can get a better sense of who I am talking to and how it is possible that a proper German professor is also familiar with the dark side of the subject. I would ask you to introduce yourself briefly.
Thorsten Holz: Yes, hello, my name is Thorsten Holtz. I am a trained computer scientist and have already dealt with the topic of IT security as part of my diploma thesis. So-called honeypots. I think we will certainly come back to this later. I work at CISPA and mainly deal with the area of software security. So it's about either finding vulnerabilities in the system or looking at how we can implement defensive mechanisms to make our systems more robust.
Thomas Sinnwell: Yes, thank you very much for the brief insight. I have admittedly thought of a somewhat coloured question to start with. Would you describe yourself as a hacker?
Thorsten Holz: I think it depends. Maybe more or less, yes.
Thomas Sinnwell: So that means you are a criminal?
Thorsten Holz: Of course not, but rather we look at how an attacker can act and put ourselves in the attacker's shoes.
Thomas Sinnwell: The issue of who is a hacker? We still have to define that.
Thorsten Holz: Exactly. For me, hacking is a positive term. It's all about creatively dealing with technology, solving problems and thus advancing technological progress. So I think 'hacker' is sometimes misused in the media. I still think it's a very positive term and we tend to talk about attackers when we talk about the dark side of power.
Thomas Sinnwell: Yes, I agree with you there. That is definitely the more accurate formulation. I have to admit, I hadn't really questioned it for myself. I mean, such a classification. And it was already clear to me that there are also people who do good things when hacking. But I did a bit of research and came across a definition from the BSI (German Security Agency). And then found the following, I have to read it off. I can't remeber it by heart. The BSI says: Who is a hacker? They are technology enthusiasts who break down products and software developed by other people into their component parts in order to understand how they work. So this is definitely also this positive view.
Thorsten Holz: That's exactly what I want to support. Or perhaps also the historical view. The term also comes a bit from MIT. The hackers, where the creative use of technology plays a role, or also in the CC environment, where of course attacks on systems always play a role. But I think it's above all this creative use of technology that fascinates me about this whole subject area.
Thomas Sinnwell: During my research, I came across a very interesting story. I didn't know it, the 'hacker ethics'. And then I came across the author Steven Levy. In his book, he describes the mindset of American hackers, which probably existed from the 1950s to the beginning of the 1980s. From my point of view, the topics listed are also very, very exciting. I'll pick out a few things. The first thing I found there: Access to computers and everything that can show you how the world works should be unlimited and complete. And then, second point: all information must be free. If I remember correctly, that was also an issue when Apple was founded or when Microsoft was founded. Microsoft brought the first commercial computer system onto the market and you had to pay for it. That was not free at first. And then the first discussions probably arose in the scene. Or also something like: Judge a hacker by what he does and not by his origin, his gender or his social position. It all read to me now that the topic of hacking is indeed very broad. So the question for me is, can we classify hackers?
Thorsten Holz: These key points were also largely adopted by the Chaos Computer Club, the CCC in Germany. Points like using public data, protecting private data. That is something that I believe still plays a very important role here. And there, too, the main issue is how to deal with computers or technology in general. And in the classification there is, I would say, this one big part. And then, of course, on the attacker side, there is a broad spectrum of so-called 'script kiddies' who simply use tools and perhaps don't have much technical understanding. Then, of course, there are all the cyber criminals who have financial incentives, so ransomware in particular is a very, very big issue in practice, and perhaps at the end of the spectrum there are the intelligence services or state-controlled agencies that try to steal information in a targeted manner and then use it for political purposes. So the spectrum is very broad, from people who deal with the technology more out of curiosity to the attacker side. From financial incentives to really politically motivated people.
Thomas Sinnwell: Yes, and what you typically find are these groups, the Whiteheads, the Blackheads and the Greyheads, and Whiteheads would ultimately be the technology enthusiasts you mentioned, who deal with the issues. Vulnerabilities in software, in systems. That's not just software, it can also be hardware-based systems, and then use this information to inform the manufacturer so that he has a chance to close the holes that have been found.
Thorsten Holz: That is exactly the typical application. Of course, this can also be used in a commercial environment, so-called "penetration tests", as a company I can also commission such a company, i.e. a penetration testing company, to try to examine my network for possible vulnerabilities. Or to simply look at certain systems from an attacker's point of view and to see what the points of attack are, where am I vulnerable, what do I still have to do in my security concept and how can I react to such incidents and where do I still have to improve? So this is also a whole industry that has developed around this whole topic in recent years. So it's more a case of simply looking at the company network to see where I am vulnerable to attacks, where do I still need to make improvements?
Thomas Sinnwell: I would like to take up this topic at this point and contrast it with what people often perceive about hacking. When you see it in films, there are people sitting in dark rooms, armed with pizza boxes and hacking away madly on the keyboard, wild characters on the screen and now they're breaking in somewhere. On the other side, someone notices and hacks away at the keys almost as fast to ward it all off. That's not the classic scenario.
Thorsten Holz: In practice, unfortunately, it's not like in Hollywood, it's usually a bit bleaker. In the sense that the penetration testers then sit in the company and first try to identify on the network level which systems are accessible at all, which so-called ports are open, i.e. which services are offered to the outside? And then, step by step, they first try to get an overview of the company network. Which servers are accessible in some way, which services are running on them, which vulnerabilities are perhaps known and then try to understand the systems step by step? Perhaps also by analysing the source code. And that's a process that doesn't necessarily take hours, but rather days, maybe weeks, depending on how complex the order is. And then the main thing is to first get an overview, identify weaknesses or find the points of attack. And that is also an interactive process, often in consultation with the client. What exactly should the focus be now and then at the end a report is written, the whole thing is presented, so it is also formalised, so that the company can also take something away with it, so that the admins then also know okay, what do I have to do? How can I improve security in my system? So in this respect it's not like in the movies. Whereas some series are also really well done, from a technical point of view, but often this: Yes, cracking a password within five seconds and then you're directly an administrator on the system is usually not that easy in practice.
Thomas Sinnwell: Not quite so. Yes, now one could get the idea that when such pentesters do that, they have such a special tool or that you might even have to get something on the darknet, that's not the case either. Can you perhaps say a bit more about which tools are actually used and how one gets hold of these tools?
Thorsten Holz: Well, in practice there is a whole arsenal of different tools, either commercial tools that try to automate the whole thing as well as possible, that also have reporting functionality, that also provide clear support for the whole work. There are also many in the open source area, for example Nmap as a network scanner, which has been developed as a tool for 25 years now. You can perhaps use it as a first step to see which services are available. Then there are also open source tools like Nessos and others that try to identify vulnerabilities. So there is a very broad spectrum, from open source, i.e. tools that are available free of charge, to tools that easily cost a five or six-figure sum, which of course tend to be used only in a commercial environment. And many companies also develop their own tools internally in order to have a bit of a distinction from the other companies. So it's a bit like separating the wheat from the chaff, depending on how good the people in the company are.
Thomas Sinnwell: Yes, what makes a good hacker?
Thorsten Holz: I think above all a very good understanding of the system, that he has a good understanding of the different levels of the system, i.e. hardware, operating system, software, how the individual components interact with each other, where there are potential weak points and above all this attacker mindset. In other words, thinking like an attacker, so to speak, where are the entry points that can be exploited? Where can you somehow exploit a vulnerability for your personal advantage?
Thomas Sinnwell: That is, I can imagine that, based on this experience, the good hacker then also proceeds in a very targeted manner and, with the initially acquired information, can then simply stab in at the right place many times.
Thorsten Holz: Exactly.
Thomas Sinnwell: And in contrast to the inexperienced hacker, who then painstakingly tries out everything until he perhaps eventually finds the spot.
Thorsten Holz: Exactly. So in the first phase it's mainly about gathering information and quickly developing a feeling for where it's actually worth drilling deeper to find potential weak points and then to get an entry point into the network.
Thomas Sinnwell: I'd like to talk very briefly about the tooling used by hackers. But then this is the information gathering, then the primary place where the tools are used, or does it continue here. When I have completed this phase, then the aspect that either I have implemented malicious code somewhere that helps me or that I simply make further progress on the basis of my experiential knowledge really hits home.
Thorsten Holz: Exactly in the first phase, I think you can rely a lot on standard tools to simply gather information. And then in the second step, when you know where which systems are running or perhaps when you have access to the source code from the customer, to look at the systems in detail. Tools can also help here. There are also static or dynamic analysis tools that can provide a lot of support. But there is also a lot of manual analysis of the source code to find potential weaknesses or programming errors. And I have to say that the very good people have a very good intuition. Where do you have to look, where is the point where something often goes wrong, during authentication or when checking inputs or during internal processing? And I think that's the point where you get better over time.
Thomas Sinnwell: Yes, that's where the wheat is separated from the chaff. Then I would like to talk about how cyber criminals actually act. In my discussions with security officers in companies, I have heard from time to time: Well, who is interested in us as a company? We are not an interesting candidate. Which, conversely, would mean that the hacker is specifically looking for a company, which of course is also possible. But can you perhaps give our listeners a bit more of an overview of which groupings there are? The targeted one is a case and often it is rather broad and you become a victim by chance.
Thorsten Holz: Exactly. So in practice there are actually more facets. On the one hand, of course, there are targeted attacks on companies, because maybe it's a medium-sized company that only has 50 or 100 people, but if it's the world market leader in its small sector, it's of course also interesting because it might develop interesting series or pre-series developments. Or perhaps they have customer data or other intellectual property. It's interesting for the attackers to steal recipes or construction plans or something. Because especially if the company is successful, then it is definitely somehow on the target of targeted attackers. Of course, the bigger the company is. So if you talk about DAX companies and the like, they are of course an interesting target simply because of their size and their technical knowledge. Most of the time, it's more likely to be targeted attackers who want to gain access to the research department, for example, or perhaps also the customer department or even the production parts of the company, in order to spy on information there or perhaps also to manipulate something.
Thomas Sinnwell: That means that at this point you could say that when it comes to acquiring knowledge from a company, it is usually the more targeted attacks.
Thorsten Holz: Exactly classic industrial espionage, simply to steal information and then use it. The other facet is this very broad attack, where the attackers simply look to see which potential victims I can find. This is currently a big topic, so-called ransomware. The basic idea is that the attackers gain access to the victim's network. Typically, they first have an entry point, i.e. some PC is infected, then within the network they try to take over other systems step by step until they finally have access to the so-called domain controller, i.e. the central control unit within the network. And then they start encrypting files. You then have coordinates, i.e. ransom money, which you can demand in order to simply release the key to decrypt all the files again. Of course, you're in a better position there because the company suddenly doesn't have access to the data anymore. And I think every kind of company has potentially important data, be it about customers, be it about orders, be it about payroll, be it about its own staff etc.. And if the company suddenly no longer has access to it, it is of course forced into a bit of a corner. Ideally, it still has access to the backup, that it can still import backups. In practice, unfortunately, this doesn't work as well as one would think.
Thomas Sinnwell: If the backup is not done well, even the backup server is encrypted again. That's a real disaster.
Thorsten Holz: That's the worst case scenario. Yes, exactly. And especially now with ransomware, the criminals in this area are very, very flexible in inverted commas in their choice of victims. For example, many small and medium-sized businesses were affected, some of them even larger companies. Now in Germany, for example, the TU Berlin or the Ruhr University Bochum or the university in Maastricht were also affected, so also universities, sometimes also hospitals or medical institutions. So they are simply trying to get as many victims as possible and then ransom them, because the companies simply can't do anything else. And this is not a targeted attack, but rather a random victim, in inverted commas, because you simply fall for this kind of attack because an employee clicks on an attachment or you have unpatched servers in your network. And they simply exploit whatever they find. It's rather aimless and you can always become a victim somehow.
Thomas Sinnwell: So if I go to such a high altitude, do you then go with the statement that there are basically two types of attacks? One is about the expansion of data, about data exfiltration. And the second is a type of sabotage, however deliberate, for example by encrypting and then blackmailing the company.
Thorsten Holz: Of course, sabotage goes one step further. So now, for example, attacks on industrial plants and the like are also about really sabotaging the processes that take place afterwards and thus really causing damage in practice. In other words, stealing data or manipulating data in an unauthorised way. These are probably the two main criticisms or main points of attack in practice.
Thomas Sinnwell: What can I do to recognise such attacks?
Thorsten Holz: Exactly. At the attack detection level, there are various types of anomaly detection, where you try to analyse either at the network level, i.e. all packets that enter or leave the company network, to see if you can find any anomalies, i.e. any aspects that typically do not occur. For example, observing at the network border what kind of objects are being sent into the company right now, i.e. by any users from the company network, downloaded from the Internet, and then looking to see if any malicious code is discovered there. Or any Office files that contain malicious content. The same can of course be done on the end devices, be it on the desktop. Of course, it is becoming more and more complicated nowadays, because many people have their mobile device with them, a laptop or perhaps a tablet, so that you have many different types of operating systems that you cannot necessarily monitor so easily, because they do not communicate via the company network, but perhaps via an LTE connection or 5G connections, so that you also have to monitor different types of communication channels, either at the network level or at the end device level. So mostly anomaly detection to see if you can detect something that shouldn't be there.
Thomas Sinnwell: It is not a trivial issue in large IT infrastructures, which can be very dynamic, to be able to determine normal behaviour as reliably as possible in order to indicate deviations with low error rates. These are also very current research topics at the moment. What is CISPA doing in these areas?
Thorsten Holz: On the research level, it is mainly about understanding better what the current state of the network is or what kind of objects are being downloaded or uploaded somewhere, so that one can then also determine through the analysis of these objects, is this legitimate? So it's simply a new website that users go to, where maybe a bit of JavaScript code is downloaded or maybe some PDF file is downloaded from somewhere or a Word file is uploaded somewhere. The next step is to identify potential malicious code, which is becoming increasingly difficult at the moment. Because the cloud is simply gaining in importance everywhere. The data is not always necessarily in the company network, i.e. not in the classic castle, but is now located somewhere outside, not on the company's own servers, where you also have to look at how do I get an overview at all? Who has access to these files? What is there in the first place? Are there perhaps any other types of access that I have overlooked? Or have I maybe left the access passwords somewhere unintentionally? Or have they been compromised somewhere, so that now not only the castle has to be monitored, but also the cloud. So these are all challenges that we are dealing with. And an important point is how can we use current developments in the field of machine learning to simply identify potential anomalies more efficiently with the help of algorithms and, above all, to make the whole thing scalable?
Thomas Sinnwell: At this point, I would like to move on to the topic we discussed at the beginning of our conversation. How does a proper German professor come to have to deal with this dark side of the issue? When you say to yourself, yes, especially machine learning, that this is of course a very legitimate approach to being able to recognise such anomalies, especially in large infrastructures, where a certain automation aspect simply plays a role. I can't look at each system individually and think about what could be abnormal there. Then I won't be able to finish. The machine has to go there and look over this huge amount of data. And when it comes to machine learning, it is still very important that I know the right features, the right scanners, in order to enable the best possible learning. As a security researcher, how do you come up with these features that you have to look at for learning?
Thorsten Holz: Exactly. So perhaps a good turn towards my background itself. As part of my doctorate, I was primarily concerned with how attackers actually proceed. And different aspects of it. On the one hand, so-called honeypots, you can imagine a honeypot as a kind of electronic bait. You have a computer system, so to speak, which you then specially prepare by installing even more tools on it in order to get a very detailed overview of how people interact with this system. So it's a kind of bait that you put out in your network and then you just wait. How do people interact with this system? Because by definition, nobody should interact with this honeypot. It doesn't offer any normal services. However, if an attacker simply scans the network in this information gathering phase, sooner or later he will stumble across this honeypot. In this way, the bait has fulfilled its task, so to speak. The attacker has found the honeypot, perhaps tries to trigger a vulnerability there and thus gain control over the honeypot. And then we can observe what happens on the system. From where is further malware loaded, which commands are executed, how is communication with each other, so that we can learn more step by step about how attackers actually proceed. Nowadays, there are also companies that offer such honeypots directly as solutions, typically quite well automated, so that you can distribute these electronic decoys in your network. The whole information evaluation is also automated, so that you also get an overview of it. What is actually happening in my network? How are these honeypots being interacted with, so that you have a kind of early warning system in your network, which potentially identifies attacks that have not been detected by the intrusion detection system and thus learns at an early stage, so to speak, when something interesting has happened in the network.
Thomas Sinnwell: And that is perhaps a very exciting point, the keyword malware. How do you get hold of malware? Or how do cybercriminals get hold of malware?
Thorsten Holz: Again, there is a relatively broad spectrum. Either they don't implement it, even if they have the skills, or even if it's a larger group. Most of the time, there is a lot of specialisation, so that the various aspects of an attack also include information gathering. So, as the pentesters did before, the cyber criminals also collect information first. Then they look at what kind of vulnerability they can exploit, typically also specialists who then carry out exactly these steps. And then there is typically also a team that implements the actual malware. This can now also be purchased as a service. So you don't have to do it yourself, but you have the option of simply buying it as a service for a certain amount. Or that you say here, I have a certain malware here, I would like to install it on 1,000 or 10,000 machines, you can now also buy this as a service. Or the sending of spam emails or phishing emails is also a service that can be purchased on such underground forums. So in this respect, there is a lot of specialisation, own developments or even that one falls back on services. Or sometimes the source code of some of the popular tools is also publicly available, so that the attackers can simply adapt it to their needs.
Thomas Sinnwell: Special needs.
Thorsten Holz: Yes, special needs.
Thomas Sinnwell: This is perhaps a good opportunity to talk about the darknet, because you hear that very often and I think few people really know what the darknet is. Could you perhaps briefly say something for our listeners?
Thorsten Holz: Exactly, Darknet sounds evil and all, but actually, from a technical point of view, perhaps briefly summarised. Tor is the best-known software in this area and was actually developed to enable anonymous access to the Internet.
Thomas Sinnwell: So the very positive story first of all.
Thorsten Holz: Exactly, and the basic idea is that I don't connect directly to a web server with my web browser, but I have three nodes in the middle and you can imagine that you first connect to the first node, from there to the second, then to a third and only then to the web server at the end. And through these intermediate nodes, I then disguise so that no one knows who the browser is that is accessing the website, so that even a very strong attacker who observes the entire network, even for him it is disguised, so that it is not clear who is actually using it? Interestingly, Tor was also financed by the DOD, the Department of Defense in the USA, but also by the EFF. This is the equivalent of the Chaos Computer Club in the USA. So there is a very, very broad spectrum of people who have supported the whole thing. The use cases of Tor in practice are very broad. So on the one hand, whistleblowers who can simply get information out there without their identity being established, so to speak, so that they can also use the circumvention of censorship that way. So another big use case is that you can also access websites that are perhaps blocked by the political party in a certain country, so that you can also circumvent censorship mechanisms. At the other end of the spectrum, there is of course also a lot of abuse, be it for cybercrime, but also for child pornography and so on. So this technology, that you can use the net anonymously, can be used very widely. Without wanting to go into all the ethical aspects of it now. And an interesting application of this technology is that you can also offer websites without it being clear where the server is located. So you have a web service. But it is not clear under which IP address it is now offered? Where is it physically located in the world?
Thomas Sinnwell: Yes.
Thorsten Holz: And that is the basic idea behind the Dark Web. That was the web server, i.e. certain services that can be accessed, where it is not entirely clear where they are actually located, in order to prevent potential censorship or text downtimes, i.e. that the servers can be taken down, we have this concealment mechanism. And in practice, it is used for various types of services and, especially in the press, mostly in the rather abusive way that there are also forums where you can buy drugs or perhaps weapons or fake credit cards or various types of malware.
Thomas Sinnwell: Of course, the obvious question is: How do I find these systems of these offers?
Thorsten Holz: There are also search engines on the dark web or, above all, there are mostly link collections where there are certain links to forums where you can exchange information. So via the Tor browser you can get access to such websites and then you can look at what kind of forums are there, what is offered there? But in principle it works just like normal web browsing. You have Firefox as a browser, which then also has a certain plug-in, the Tor Browser. But from the look and feel it's very similar. It's just much slower because of this obfuscation in the middle, because of these middle stations. But otherwise it just feels like surfing. Maybe in the 90s, because it's slower.
Thomas Sinnwell: Nice image. That means it is a very suitable way for cyber criminals to access the tools, the information, the groups.
Thorsten Holz: Yes, but the criminals don't necessarily have to be in dark web forums, they also have other types of exchange mechanisms, via various chat platforms or other messenger formats. So they already have the possibility, let's say among like-minded people in inverted commas, to exchange information in order to get access to such services. They have to have payment processing behind them. There has to be a certain amount of trust, because there, too, yes, of course, there is trust when you buy things and that has a certain quality in the software and so on.
Thomas Sinnwell: Yes, we have now addressed many exciting topics in our conversation, including the topic of machine learning. AI, artificial intelligence. We talked about how it can be used to recognise such anomalies. What is the situation now on the dark side of the issue? Is artificial intelligence being used there as well?
Thorsten Holz: I think, in general, machine learning will significantly change our interaction with computers in the next few years or decades. And of course we also see the potential on the attacker side. For example, a few years ago DARPA held a competition in the USA in which machines played against each other, in inverted commas. The setup was as follows. There were various types of programmes that offered some kind of service and then the task was to automatically find vulnerabilities in these programmes, to develop an exploit, so to speak, a mechanism to exploit this vulnerability and execute malicious code. And in the third step, of course, the patching of these gaps. And in this competition, it was really only the machines that played against each other. So of course humans developed these systems, but then the actual competition phase. It was really only the algorithms that played against each other and then in many rounds they simply attacked each other, developed exploits, developed patches and I think that is a step into the future, because these systems were still a bit simple in the sense that they were not a complete Linux or Windows system, the services were also a bit simpler. But it has already shown that you can actually automate all the steps from finding vulnerabilities, from exploiting vulnerabilities to patching. And that, I think, is the first step, and I think that will occupy us much more in the future. So how can we use algorithms to automate more and more some of the tasks that people are currently still doing?
Thomas Sinnwell: That means the competition between defenders and attackers will continue, but on a different level. The attacker's machines against the defender's machines.
Thorsten Holz: Exactly. It's definitely getting faster and faster.
Thomas Sinnwell: Sounds threatening or frightening at first.
Thorsten Holz: Exactly. I also think that in the future it will probably go in that direction. How can we achieve more and more automation? How can we manage to react effectively and, above all, very efficiently to new threats when, of course, the attacker side is moving more and more in the direction of automation. And perhaps another aspect of machine learning, which I think will become increasingly important in the future, is the whole area of deep fakes and the like. In the meantime, algorithms can simply create images where we as humans can no longer distinguish. Is that an authentic image or just generated by a computer? Similar to other media, that you can generate texts or audio.
Thomas Sinnwell: You can reproduce voices. Of course, that's a great instrument for making phone calls, because it sounds like the boss or the head of the department.
Thorsten Holz: Exactly, and it is precisely in this context that there have already been the first attacks, because the boss may have given lectures somewhere. So the attacker has access to audio material and can use it to synthesise new audio. To create any sentences in the pitch or in the voice of the boss and can then use that to carry out social engineering attacks. So I think that's a first step. And the other big threat that I also see are all the misinformation campaigns. That simply in order to destabilise a democracy, another country can try to start disinformation campaigns in a certain country in order to spread insecurity or false information. And fake pictures or fake profiles are used a lot to create a certain mood. And I believe that this is something that will occupy us a great deal in the next few years, because machine learning methods are becoming much better. It is becoming increasingly difficult to distinguish whether something is legitimate or not. And then this human knowledge, is it authentic at all or is it legitimate at all, what is being said there? It will become more and more of a challenge in the coming years.
Thomas Sinnwell: Yes, exciting times are coming. Thank you very much, Professor Holz. I enjoyed the conversation very much, and yes, to our listeners until the next episode. Bye!
Thorsten Holz: Thank you very much for this invitation and see you soon. Bye.
So, that's it from us again. We hope you enjoyed today's episode and that we were able to teach you a little bit about the topic of cybersecurity. You can find further links to the current episode in the show notes. And if you are interested in the wonderful world of technology and software development, we would of course be happy if you subscribed to us. In the next episode we are back with the third and final part of our series on cybersecurity. Host Dr. Thomas Sinnwell is back and has another expert in store. See you next time. We look forward to seeing you.