DeepSec 2023 Talk: Oil – But at What Cost: Azerbaijan and the EU’s Murky Partnership – Pavle Bozalo
Since Russia’s invasion of Ukraine, the European Union has rightfully sought to reduce its dependence on Russian oil with the ultimate aim of completely eliminating it. In this quest for trustworthy oil suppliers, Brussels has turned to countries such as Azerbaijan who, although wealthy in oil, have dubious human rights records and who, in many ways, are at the forefront of cyber surveillance and cyberwarfare. This quest has come at a cost, with the EU keeping mum on Azerbaijan’s armed invasion of the Nagorno-Karabakh territories southwards of Armenia – a scenario otherwise eerily similar to Russia’s armed invasion. As it cracks down on spyware within the EU, the European Commission buys Azeri President Aliyev’s oil, apparently unaware of hackers from Baku rolling out spyware and remote access trojans. Not only do Armenian officials find themselves victims of this campaign, but also EU and UN observers in the Nagorno-Karabakh region.
Doing so, the European Union may get its oil; whether it will successfully curb cyberwarfare by tacitly approving, it is unlikely.
We asked Pavle a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- Spyware is increasingly being used by countries of all sizes, it’s no longer the tool of global powers only.
- The Nagorno-Karabakh conflict is the first war where spyware was used as part of the war arsenal.
- Governments that are using spyware have experimented with it long before Pegasus, using iterations of this malware since at least 2008.
- Spyware is being used in war, but also to repress internal dissent and punish dissidents.
- Spyware is being used jointly with disinformation campaigns and bot farms to target adversary states and individuals.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I’ve been following the conflict in Nagorno-Karabakh since 2020 and was surprised at how little coverage it received. Since the war in Ukraine, the European Union began increasingly referring to itself as a community of values, where shared respect for human rights, free enterprise, and freedom brings these countries together in the defence of Kyiv. It was with a great deal of surprise that I learned they were pushing Azerbaijan, a hereditary autocracy known for its human rights abuses, as an alternative and more trusted supplier of oil. Also, Azerbaijan plays a role in the Nagorno-Karabakh war that is analogous to the one played by Russia in Ukraine and it also makes use of spyware and disinformation techniques that rival those deployed by Moscow.
Why do you think this is an important topic?
This topic matters because it’s essentially a use-case of military-grade spyware being deployed. In itself, that has huge implications on the lives of people directly affected by the war, but also with those not necessarily geographically close that are speaking out about it and condemning Baku. Conventional warfare only affects people in one region, whereas spyware can reach anyone anywhere under the right conditions. The questions raised by this are broad and include what approaches will governments take to curb such a powerful weapon? Will we need to change international conventions to be able to do so? Most importantly though, is there an appetite to do so and is it wise to cut deals with countries using these deeply destructive technologies?
Is there something you want everybody to know – some good advice for our readers, maybe?
I’d advise the audience to consider cybersecurity question with a wider lens and acknowledge the deep impact it has on our societies.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
What approaches will governments take to curb such a powerful weapon? Will we need to change international conventions to be able to do so? Most importantly though, is there an appetite to do so and is it wise to cut deals with countries using these deeply destructive technologies?
Pavle Bozalo is a cybersecurity risk analyst with a deep commitment to safeguarding digital environments. Pavle possesses a comprehensive understanding of threat landscapes, vulnerability assessments, and risk management strategies. Pavle also participates in identifying and mitigating potential security breaches, implementing robust controls, and optimizing incident response protocols. With strong analytical skills and a passion for continuous learning, Pavle remains at the forefront of emerging threats, ensuring organizations stay one step ahead in the ever-evolving cybersecurity landscape.