Nr 9
ISSN 2543–7321
© Instytut Bezpieczeństwa i Socjologii,
Uniwersytet Pomorski w Słupsku
Przyjęto: 12.12.2024
Zaakceptowano: 12.12.2024
DOI: 10.34858/SNB.9.2024.006
Tymoteusz Peta
e-mail: tymoteusz.peta@upsl.edu.pl
Abstract: In August 2022, a breach occurred on the city servers belonging to the Centre
for Shared Services, resulting in the encryption of data stored there, including the per-
-
yse the strengths and weaknesses of the city in relation to this situation, based on both of-
Zarys treści:
-
-
Keywords
Tymoteusz Peta
Słowa kluczowe:
Introduction
in technological advancement, has not only facilitated social development but
also introduced new problems and challenges not solely related to social be-
haviours, attitudes, addictions or diseases. Cybersecurity has emerged as one of
the most critical challenges of the contemporary era, where digital infrastructure
plays a key role in the daily functioning of societies, economies and governments.
Cybersecurity encompasses all categories directly linked to the broader con-
-
works. It addresses issues related to information, communication and network
As reliance on tech-
Things (IoT) and cloud computing become increasingly prevalent, the risks of
cyberattacks also rise. Hackers and organised criminal groups continuously seek
new ways to exploit vulnerabilities in systems, putting millions of people at risk
hate speech and online harassment, cybercrime ranks as one of the greatest chal-
lenges for Internet users.
Consequently, cybersecurity is not merely a techno-
logical concern but also a strategic priority for organizations and governments
worldwide.
However, it is worth questioning whether institutions are genuinely prepared
to prevent and combat cybercrime. This task is particularly challenging given the
rapid evolution of hacking tools and phishing techniques, necessitating constant
updates to security measures. This paper aims to examine the case of a hacker at-
1
Cyberbezpieczeństwo – zagadnienia denicyjne, “Cyberse-
2
Przejawy agresji i mowy nienawiści w Internecie – analiza komentarzy na wybra-
nych stronach portali informacyjnych
p. 118.
108
Analysis of the City of Słupsk’s Readiness for Cybersecurity Threats…
Attack on data – year 2022
services to educational institutions in the city. It also manages student scholar-
ships and debt collection. As a result, it holds sensitive data for approximately
1,200 teachers and additional individuals employed under various agreements,
On 26 August 2022, news broke
data was encrypted. The perpetrators demanded a ransom in Bitcoin worth
tens of thousands of euros in exchange for decryption. The city refused to pay,
citing past incidents where such agreements were not honoured.
Teachers
were promptly informed of the breach and advised on the possibility of re-
-
also emphasized that the incident would not disrupt salary payments, as the
-
cialising in responding to cybersecurity incidents, it was determined that the
group responsible for the attack had no prior record of stealing data outright.
-
cant data extraction occurred during this attack. The infected server was im-
mediately disconnected from the network. Additionally, rumours of student
data being compromised were refuted, as such information is not included in
Pracownicy oświaty w Słupsku dostaną wypłaty na czas. CUW odzyskuje
dane po ataku hakerskim
4
G. Hilarecki, Atak hakerski na bazę z danymi nauczycieli w Słupsku. Żądają od
miasta okupu w bitcoinach
24.11.2024).
Hakerzy nie wykradli danych z CUW w Słupsku. Plików wciąż nie udało się jednak
odblokować
hakerzy-nie-wykradli-danych-z-cuw-w-slupsku-plikow-wciaz-nie-udalo-sie-jednak-
109
Tymoteusz Peta
of the municipal IT systems to identify any vulnerabilities that might have fa-
regarding unauthorized access to one of the City Hall’s servers. The investiga-
“Article 268a. [Destruction of IT Data]
processing, collection, or transmission of such data, shall be subject to impris-
request.”
As of now, no information about the apprehension of the perpetrators has
been reported.
Encryption of CUW data – perspectives of aected teachers
For the purpose of this article, interviews were conducted with two teach-
-
cident. The interviewees were asked to describe the actions undertaken by the
City Hall, other institutions and themselves to prevent and safeguard against
data theft, both personally and within their professional communities of fel-
low teachers.
Respondent 1 stated that she did not take any additional measures to pro-
tect her personal data. Despite concerns among her preschool department
6
Atak hakerski na słupski magistrat i prywatne rmy
7
110
Analysis of the City of Słupsk’s Readiness for Cybersecurity Threats…
colleagues, she placed her trust in the city’s assurances that the stored data was
-
presented below:
Source: the private archive of respondent.
The respondent noted that aside from exercising additional caution when
-
cations alert individuals if their data is used to apply for loans or credit or sign
contracts.
Actions of this nature were initiated independently by teachers and
She admitted that nearly her entire teaching team, after receiving the letters
-
8
Alerty BIK 24/7
27.11.2024).
111
Tymoteusz Peta
-
was eventually dismissed. It is noteworthy that the suggestion to subscribe
school’s administration. Despite assurances that there was no immediate threat
of data leakage, the administration sought to protect its employees. The respon-
seeking updates on the apprehension of the perpetrators or fearing that loans
might be fraudulently taken out in their names. Even as time passed, the re-
spondent remained critical, believing that the City Hall could have done more
to protect and prevent such incidents.
displayed greater initiative, while others placed more trust in the city authori-
ties. However, it is clear that the perceived level of threat among most teachers
was similar. The data breach was a highly stressful event, raising concerns
New personal data protection policy
-
storage and codify principles and standards for their management.
The directive outlines several key elements of the data protection system.
• conducting risk analyses to assess potential violations of the rights and free-
doms of individuals whose data is processed,
• maintaining a registry of individuals authorized to process personal data,
• ensuring that personal data processing occurs in conditions that prevent ac-
cess by unauthorized persons,
• keeping a data processing register,
• enhancing protection for both digital and non-digital data,
112
Analysis of the City of Słupsk’s Readiness for Cybersecurity Threats…
• -
sonal data processing process,
• implementing a contractor evaluation procedure in cases where data must be
processed by third parties.
These measures aim to enhance the cybersecurity of entities operating under
SWOT analysis
conclusions for the strategic evaluation of entities. It considers both tangible and
intangible factors, as well as internal and external aspects.
form was created to identify strengths, weaknesses, opportunities and threats.
This is outlined below.
Source: own study.
9
10
Analiza SWOT jako podstawowe narzędzie w zarządzaniu śro-
dowiskiem
Tymoteusz Peta
allow encryption of the data, without any leakage. Additionally, thanks to a quick
response, the infected system was almost immediately disconnected upon detect-
ing the breach. The facility was able to continue its operations due to physical
backup copies of data, which also constitutes a strength. Finally, it is worth ap-
also kept up to date with the ongoing actions, without any attempts to conceal
In terms of weaknesses, it is important to mention aspects resulting from the
nature of technological devices and the Internet. The constant development of
technology and the emergence of new solutions means that the security systems
used in the institutions must be constantly updated to keep pace with new meth-
ods of breaching them. Furthermore, the situation revealed problems related
in all dependent entities. These are, however, aspects that can be improved on or
eliminated.
There are also opportunities arising from the resolved situation. The crisis,
among other things, led to the development of security measures used by the City
Hall, as well as the updating of data processing procedures aimed at improving
security and further preventing potential leaks. The new conditions include both
-
ant changes were outlined in the previous subsection. The second category, in
does not mean that digitisation should be abandoned. It is a completely natural
process associated with the inevitable technological progress. However, espe-
cially at the administrative level, security measures should be maintained at an
appropriately high level. The current crisis should serve as a reason for improve-
virtual private networks that provide secure, private environments for individuals
security of stored data.
114
Analysis of the City of Słupsk’s Readiness for Cybersecurity Threats…
However, the fact remains that threats continue to exist. Of course, the serv-
ers of the institutions belonging to the city are still exposed to future attacks
as such risks cannot be fully eliminated, as they are constant threat. The situa-
tion also contributed to a partial loss of trust in the city’s institutions, but this is
a natural consequence that the City Hall had little control over. A crisis occurred,
a response was initiated, and it was resolved, however, certain concerns and
-
Conclusions
readiness for cybersecurity threats can be made. The city seems to be prepared
to counteract cybercriminal attacks, characterised by a quick response time, clear
-
ble, so regardless of public sentiment, the readiness should be assessed positively.
The strengths outweigh the weaknesses and there are more opportunities than
direct threats. However, it should be remembered that cybersecurity involves
dedicated to this issue, the city is capable of preventing future attacks.
The 2022 situation served as a valuable lesson for the City Hall, and it would
be good if this lesson was well-learned. For this to happen, the development
of infrastructure should progress in both the physical and digital management
through proper training and preparing employees for data management, as well
as ensuring the appropriate preparation and storage of physical data backups. In
the digital domain, it would be highly advisable to use modern solutions that can
enhance the security of city administration, such as advanced encryption, AI and
Bibliography
Cyberbezpieczeństwo – zagadnienia denicyjne, “Cyber-
security and Law” 2019, vol. 2.
Tymoteusz Peta
Przejawy agresji i mowy nienawiści w Internecie – analiza komentarzy na wy-
branych stronach portali informacyjnych
vol. 1.
Analiza SWOT jako podstawowe narzędzie w zarządzaniu śro-
dowiskiem
Alerty BIK 24/7
27.11.2024).
Hilarecki G., Atak hakerski na bazę z danymi nauczycieli w Słupsku. Żądają od
miasta okupu w bitcoinach
(accessed 24.11.2024).
Atak hakerski na słupski magistrat i prywatne rmy
Hakerzy nie wykradli danych z CUW w Słupsku. Plików wciąż nie
udało się jednak odblokować
Pracownicy oświaty w Słupsku dostaną wypłaty na czas. CUW odzyskuje
dane po ataku hakerskim
,
Summary
-
-
munication, a swift response and the modernisation of existing security protocols have
are often critical of the City Hall. Regardless of these evaluations, the dual approach
to data storage, both electronic and physical, deserves recognition.
116
