Search


Tagged with Cybercrime x Data leaks x

Incident notice

For the purposes of this toolkit, we will define “incident” as any event that has a negative impact on the security of network and information systems. This can range from complex and sophisticated technical attacks to system malfunctioning caused by human error.

However, when it comes to ICT systems of special importance  , such as those which are part of a country’s critical infrastructure (power supply, telecommunications, etc.) or used for banking services, they have an obligation to report incidents in their systems to competent state bodies and authorities. For example, if the incident occured in the banking sector, the operator of the ICT system needs to notify the country’s central bank.

When there are more serious incidents and attacks, which can strongly affect national defence or national security, relevant intelligence and security services and agencies (military or civilian) should be notified as well. In addition, when an incident involves and affects personal data, the national data protection authority (Commissioner, Agency, Commission, etc.) is also to be notified.

Sometimes it is very difficult to distinguish between types of incidents, as they can occur simultaneously. Below is a list of some of the types of incidents which usually require sending an incident notice to the competent state authorities:

  • Breaking into the ICT system: an attack on a computer network and server infrastructure which, by violating protection measures, enabled access to the ICT system and unauthorised influence on its operation; 
  • Data leakage: availability of protected data outside the circle of persons authorised to access data; 
  • Unauthorised modification of data
  • Data loss
  • Interruption in the functioning of the system or part of the system; 
  • Denial of service attacks [DDoS] ; 
  • Installation of malware  within the ICT system; 
  • Unauthorised data collection through unauthorised surveillance of communications or social engineering; 
  • Constant attack on certain resources; 
  • Abuse of authority to access ICT system resources; 
  • Other incidents
DDos Damage Data leaks CERT Cybercrime

Report to the platform

In case someone is impersonating you through a fake email or social media account, or if you are a subject of online harassment such as smear campaigns, threats, spreading hate speech or stalking, you should use the “Report” option to inform the platform about this issue. When you report the profile or message in question, you usually get an option to mark the appropriate violation of your rights and platform Terms of Service (impersonation, harassment, etc.). You can find more details on the American PEN Center website.

To prevent further harassment, it is also highly advisable to block the user(s) in question .

Digital evidence Report to platform Block user Data leaks Cybercrime

Report to the police

In cases of online harassment or other forms of violations of personal rights (e.g. endangering security with threats) it is possible to report these incidents to the police or other state authority in charge of investigating or prosecuting cybercrime , as they can present criminal acts which are punishable by law. 

To see best practices for gathering digital evidence before filing a complaint, see the “File a complaint” section.

Digital evidence Data leaks Cybercrime Criminal charges Police

File a complaint

When you are filing a complaint to the police, it is important for you to gather all the necessary digital evidence  and not only to copy the content of the message in question. It is often not simple, as it requires technical knowledge and patience, for which few people upset by the attack can have nerves. If you can't deal with it, call a friend, colleague or family member for help. They can also record evidence of an attack, but also deal with your account on the platform on which the attack is taking place. The documentation should contain material evidence of the attack and be classified so as to facilitate the search. Using a spreadsheet can be convenient, as attacks can be sorted by time, location, cause, duration and type of attack, reports filed on the platform, and response. This is all important information for lawyers, police, further investigation and court proceedings. Try to identify the type of attack, because some forms of online threats are still unknown to the general public, and sometimes even to the police. This will help the investigators to better understand what happened and how to look for the perpetrators.

First, you should provide relevant links or URL addresses in their integral form, i.e. if the attack occurs on social media, then you should provide an integral link of the account which sent you a threat. Then, you should save a copy of the message in an integral form containing metadata, i.e. email headers

Furthermore, it would be good to make a screenshot/print-screen of the message, image or a video included in the incident. On the other hand, if there are several segments of the incidents - you are facing-multiple SMS-s, messages received via an application on a computer or phone, etc. - you should make a screenshot of each one or possibly make a video of the entire process. 

In addition, if the harassment occurs through phone communication, then the report should contain call logs issued by the phone operator because they contain the time of the call and the number from which the call was made, which may make further investigation easier. Also, you can turn to a Computer Emergency Response Team in your country, which may provide technical support and mitigate the damage, or state bodies in charge of investigating cybercrime

Digital evidence Data leaks CERT Cybercrime Criminal charges Police