Conducted in terms: 2025L, 2026L

ECTS credits: 3

Language: Polish

Organized by: Faculty of Political Science and International Studies (for: University of Warsaw)

Related to study programmes:

Don’t Get Eavesdropped On or Hacked – Cyber Self-Defense Workshops for Humanists 2100-NDPLZWCH(KC)-OG

1. Introduction to the world of cyber threats
An overview of information security threats. Problems and barriers in understanding cyber threats, including cognitive biases and users’ false intuitions. Threat prevention and basic digital self-defense tools. The significance of the “humanistic factor” in cybersecurity analysis. BigGov, cybercrime, and Big Business as structural threats to the security and freedom of Internet users. The humanist’s cyber arsenal – an overview of concepts, tools, and strategies.

2. Superpanopticon – surveilled societies
The phenomenon of the superpanopticon. Trends in surveillance: escalation, professionalization, institutionalization, and normalization. The shift from exceptional surveillance to permanent surveillance. Social, political, and cultural consequences of ubiquitous observability.

3. Secure communication via the Internet and mobile phones
An overview of communication security threats from a software–hardware–wetware perspective. The role of technical infrastructure in data and metadata leaks. Electronic devices as non-obvious sources of information about the user.

4. Software
Web browsers and user-tracking mechanisms. Safe and unsafe Internet practices. Cyber threats related to Wi-Fi networks. The underestimated “last-mile” problem – DNS. VPNs as a compromise between convenience and security. The myth of secure email and the real limitations of electronic mail.

5. Hardware
Computer hardware as a source of security threats. Chipping, hardware attacks, keyloggers. The often overlooked threat at the hardware–software boundary: BIOS/UEFI as a critical element of the chain of trust.

6. Wetware
Humans as the weakest link in the security system. Social engineering and psychotechnics. Manipulation mechanisms, heuristics, and users’ cognitive biases. Illustrative case stories presenting real attack scenarios.

7. Offline surveillance and countermeasures against eavesdropping
Technical surveillance methods beyond the Internet: electromagnetic emissions, laser microphones, radio emissions, heat analysis, and ultrasound. Eavesdropping on rooms and individuals – operating principles and limitations. Methods of detecting and limiting surveillance. Amateur and professional countermeasures.

8. Mobile phone security
Threat vectors affecting mobile phones: manufacturers, operators, operating systems, and applications. Models of data collection and monetization. Secure messaging applications. Traffic tunneling (Orbot). Procedures following malware detection. Alternatives to Android and iOS.

9. Windows – privacy and trust
Why Windows should be abandoned. A short parable on privacy and trust. The aporias of Windows security. Configuration of system security settings and online service accounts (Google, Facebook).

10. Deep fakes – a crisis of trust in reality
Creation and verification of video, image, and audio materials. Generative adversarial networks. Practical uses: reputational destruction, pornography, information manipulation, “digital wildfires.” Social, cognitive, and political consequences of deepfakes.

11. Secure information storage
Cryptography: historical outline and fundamentals. Introduction to cryptographic protection. Encryption of files, folders, storage media, and systems. VeraCrypt. GNU PGP. Password managers (KeePass). The future of asymmetric cryptography.

12. Digital forensics and data deletion
What digital forensics is and how it is used. Examples of forensic applications. Forensic software and hardware. Loss assessment and incident identification. Effective data deletion and the limits of data recovery.

13. Self-defense for ambitious humanists
GNU/Linux systems as alternatives to commercial operating systems. Distributions: Mint, Ubuntu, Zorin. Installation and configuration. Virtualization. Whonix, Tails, and Qubes OS as tools of advanced cyber hygiene. Network security. Running Windows applications on Linux (Wine).

Term 2025L:

Term 2026L:

Main fields of studies for MISMaP

computer science
psychology

Course coordinators

Daniel Mider

Type of course

elective monographs
supplementary
elective courses
optional courses
general courses

Prerequisites (description)

Classes require participants to have their own laptop running GNU/Linux or Windows; macOS is also permitted. The course has a lecture-based, workshop-oriented, and problem-focused format, combining a structured introductory lecture with work on concrete problems, threat scenarios, and practical solutions. The course is intended for non-technical participants, in particular students of the humanities and social sciences, and does not require prior IT training. The aim of the course is to enable participants to independently build a basic, realistically functioning level of cybersecurity, using free tools and solutions, without the need for advanced computer science studies or specialized commercial training. The minimum number of registered participants required to launch a group is 12. In the event of a lower number of registered participants, the decision to launch the group is made by the coordinator.

Learning outcomes

Knowledge – the student knows and understands:

– the nature of cybersecurity from humanistic, technological, and social perspectives, including the role of the humanistic factor and the relationships between BigGov, Big Business, and cybercrime (K_W01)

– the typologies and mechanisms of cyber threats affecting information, communication, and digital infrastructure, encompassing software, hardware, and wetware (K_W02)

– online and offline surveillance methods and their consequences for privacy, individual freedom, and social security (K_W03)

– basic methods of analysis, diagnosis, and risk assessment of cyber threats, including communication, mobile, and system-level threats (K_W05)

– principles of secure information storage, fundamentals of cryptography, digital forensics, and data deletion and recovery (K_W06)

Skills – the student is able to:

– identify and analyze real cybersecurity threats in the everyday use of the Internet and information systems (K_U01)

– select and apply basic cyber hygiene tools and practices to reduce cyber risk (K_U02)

– assess the security of personal communication, devices, and data, and implement appropriate protective measures (K_U03)

– interpret case studies of cybercrime, surveillance, and information security breaches (K_U04)

Social competences – the student is ready to:

– use cyberspace critically and responsibly, taking into account ethical, legal, and social dimensions (K_K01)

– disseminate knowledge about cyber threats and basic principles of digital self-defense within their social environment (K_K03)

– consciously shape attitudes that support the protection of privacy, information, and security in digital society (K_K04)_

Assessment criteria

As part of the university-wide courses offered under the ZIP 2.0 Programme, the mandatory method for verifying the intended learning outcomes is a pre-test and a post-test, prepared by the instructor in accordance with the specific nature of the course, enabling the assessment of gains in knowledge and skills. The instructor may also define additional methods of verification and assessment criteria. The pre-test and post-test templates must be attached to the syllabus for the purposes of substantive reporting within the ZIP 2.0 Programme.

Practical placement

To be determined in consultation with the instructor

Bibliography

Ekman P., Kłamstwo i jego wykrywanie, Media Rodzina, Poznań 2006.

Ekman P., Hadnagy C., Socjotechnika. Metody manipulacji i ludzki aspekt bezpieczeństwa, Helion, Gliwice 2021.

Hadnagy C., Socjotechnika. Sztuka zdobywania władzy nad umysłami, Helion, Gliwice 2012.

Hadnagy C., Human Hacking. Poznaj ludzki umysł i naucz się skutecznej komunikacji, Helion, Gliwice 2022.

Kaiser B., Dyktatura danych (oryg. Targeted: The Cambridge Analytica Whistleblower’s Inside Story of How Big Data, Trump, and Facebook Broke Democracy and How It Can Happen Again), HarperCollins Polska, Warszawa 2020, ISBN 978-83-276-4788-7.

Mitnick K., Simon W. L., Duch w sieci. Moje przygody jako najbardziej poszukiwanego hakera wszech czasów, Helion, Gliwice 2003.

Mitnick K., Simon W. L., Sztuka podstępu. Łamałem ludzi, nie hasła, Helion, Gliwice 2003.

Schneier B., Dane i Goliat. Ukryte bitwy o twoje dane i kontrolę nad światem, Helion, Gliwice 2016.

Snowden E., Pamięć nieulotna (Permanent Record), Insignis Media, Kraków 2021, ISBN 978-83-66360-15-0.

Wylie C., Mindf*ck. Cambridge Analytica, czyli jak popsuć demokrację, Insignis Media, Kraków 2020, ISBN 978-83-66575-27-1.

Notes

Term 2025L:

Zajęcia wymagają posiadania własnego laptopa z systemem GNU/Linux lub Windows; dopuszcza się również korzystanie z systemu macOS.
Zajęcia mają charakter wykładowo-warsztatowy oraz problemowy – obejmują zarówno uporządkowany wykład wprowadzający, jak i pracę z konkretnymi problemami, scenariuszami zagrożeń oraz praktycznymi rozwiązaniami.
Przedmiot jest przeznaczony dla osób nietechnicznych, w szczególności studentów nauk humanistycznych i społecznych, i nie wymaga wcześniejszego przygotowania informatycznego.
Celem zajęć jest umożliwienie uczestnikom samodzielnego zbudowania podstawowego, realnie funkcjonującego poziomu bezpieczeństwa w cyberprzestrzeni, z wykorzystaniem bezpłatnych narzędzi i rozwiązań, bez konieczności podejmowania pogłębionych studiów informatycznych lub specjalistycznych szkoleń komercyjnych.

Term 2026L:

Additional information

Information on level of this course, year of study and semester when the course unit is delivered, types and amount of class hours - can be found in course structure diagrams of apropriate study programmes. This course is related to the following study programmes: