Search


Tagged with Krimi kibernetik x Blloko përdoruesin x ���������������������� x

List of server errors

When your website is not working or certain pages are unavailable, you may encounter various types of error messages. Error codes display a certain number and their type can be determined based on the first digit: 1xx: Informational, 2xx: Success, 3xx: Redirection, 4xx: Client Error, 5xx: Server Error.

Client (400-499) and server errors (500-599) are quite common and when dealing with them, be sure to refresh the page in your browser after making changes on the server  and check server logs for more details if the issue persists.

DigitalOcean has provided a list of common client and server type errors, what causes them and detailed explanations how each one can be resolved.

Error Server Digital evidence Site

Password reset

In case you have trouble accessing your account and you have checked that you are entering the right password  (mind the CAPS LOCK and keyboard language), you can try resetting your account password. On most platforms and online services this can be done by clicking on the link named “Forgot your password?” or something similar, which is located on the login page.

Follow the instructions on the “Forgot your password” page and make sure that you have access to the email address/phone number you used to create your account. If you don’t have access to this email or phone, you will need to use the recovery (backup) account  if the provider supports that option. Otherwise, you might be left permanently locked out of the account.

Most likely, the service provider will send you a password reset link or code via email or other means of communication, which will enable you to create a new password for your account. From then on, you will use the newly created password to access your account.

Password Recovery account Digital hygiene User account Access recovery

Recovery account

Most platforms and online service providers provide you with an option to set up a recovery or backup contact, usually an email address, a phone number or a set of expendable backup codes. It is very important to set up this option so you don’t get locked out of your account.

In case you can’t access your account and you are not logged in on any other device, use your backup email address or phone to gain access to the original account. Make sure you have access to your backup communication method/account - otherwise you might never be able to access the lost account.

Password Recovery account Digital hygiene User account Account recovery

Security Questions

Another method to gain access to your account is to provide answers to the security questions, in case you enabled that option in your account security settings. However, some providers are leaving the option to implement security questions due to their inefficiency (they can easily be guessed, etc.). Also, people often don’t change the answers to these questions for years or simply forget them because they don’t have a frequent need for them.

However, if you still have a security question as your account backup solution , make sure the answer is kept in a safe place, that it is not some publicly available information or something easy to guess (“What’s your favourite food?” for example).

Password Digital hygiene User account Access recovery

Check browser for saved passwords

Modern browsers '> (Firefox, Chrome, Edge) have the option to save your passwords, so you don’t have to enter them every time you log in. However, this is not recommended and you should use a separate password management  software such as KeePass, KeePassXC or Bitwarden.

In cases where you cannot log in by typing your password, you should check if your browser saved a password at some point and use it to access your account. It is always advisable to copy and paste the password instead of typing it to avoid errors.

Password Digital hygiene Browser Access recovery

Malware

Malware (malicious software) is a general term for software used to interfere with a computer, gather sensitive information, or gain access to a protected information system. This type of software is created and used by cybercriminals and other malicious actors, even governments, to intentionally harm an information system. 

The most recognizable types of malware are computer viruses , but there are other types such as ransomware , trojans , adware, spyware and worms . Each type of malware has its own way of functioning, so the damage caused by each of them is of different degree. 

Despite the fact that there are certain definitions and divisions of malware, the categories cannot be definitively distinguished, so it often happens that one malware performs activities that are characteristic of other types of malware. 

Malware is distributed in a variety of ways. Most users download malware themselves, but as installed programs and devices communicate on the internet in different ways due to their activity, they sometimes have different vulnerabilities that attackers can take advantage of. In most cases, these vulnerabilities are addressed by software and hardware vendors, so it is important to regularly install software and device updates. 

Malware can perform a variety of operations, ranging from redirecting users to fake websites to destabilising the entire system. A special type of malware are keyloggers, which record keyboard strokes and send the records to third parties. Also, there is a type of malware that has the ability to send several thousand emails from an infected computer. Here are some other common types of malware:

  • A virus is a type of malware that replicates itself in existing files, programs, and even the operating system  itself. It usually modifies the contents of files or deletes them, which can cause the system to crash if a virus deletes a system file;
  • A trojan is a type of malware that, when installed, performs operations that are defined by the attacker, most often deleting or modifying data, but it can often damage the entire system. They usually look like regular and useful installation files, so that is how they got their name;
  • Adware (advertising software) is a type of malware that automatically displays advertisements when searching the internet when it infects the system, which brings revenue to the person who created it;
  • Spyware (spying software) is a type of malware that collects data from an infected system and passes it on to a third party, usually the one which created it. With this malware, unauthorised persons can gain access to passwords  , personal data, correspondence, etc;
  • A worm is a type of malware that replicates itself. This means that if one computer within the system is infected, it is very likely that all computers connected to it will be infected after a certain time. It most often damages the network and the system by slowing down the flow of data in the network. Worms are independent malware, i.e. unlike viruses, they do not have to be linked to an existing program to be transmitted.

Organisations nowadays face one of the biggest security problems and forms of cybercrime, a form of malicious software called ransomware. This form of malware encrypts  files on anything from a single computer all the way up to an entire network, including servers , so that the files cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

Some ransomware infections start with clicking on what looks like an innocent attachment that, when opened, downloads the malicious files and begins the encryption process. Larger ransomware campaigns use software exploits and flaws, cracked passwords and other vulnerabilities to gain access to organisational systems using weak points such as internet-facing servers or remote-desktop logins to gain access. The attackers will secretly hunt through the network until they control as much as possible – before encrypting all they can.

Victims of ransomware attack can often be left with few choices; they can either regain access to their encrypted files by paying a ransom to the criminals behind the ransomware, restore files from backups or hope that there is a decryption method freely available.

Small and medium-sized businesses are commonly targeted by ransomware because they tend to have poorer security standards and practices compared to larger corporations.

It is not always easy to recognise malware, as it often happens that users are initially unaware that their device/system is infected. Sometimes malware activity can be noticed due to spontaneous deterioration of system performance. The average user certainly cannot completely remove malware on their own without the use of specific anti-malware software. These programs monitor the system, scan the files downloaded from the internet and email, and if they find any malware, they quarantine it or delete it, depending on the settings. 

However, it is not enough to just install a specific application  that will scan and remove malware - it is also important that users do not install untrusted applications, click on suspicious links, open suspicious emails or visit unreliable websites.

Data backup Digital hygiene Malware Damage Cybercrime Device reset System restore

Change your password

In case your website is down or has other unusual performance issues, the first thing you should try is changing your account password  for the website in the content management system (CMS) interface, such as for example WordPress

When heavy cyber incidents occur, it is also advised to change the server password. This can be achieved in different ways depending on the type of the server ,such as Windows Server or Linux

Use SHA key authentication

For additional security, it is highly recommended to use SHA key authentication, i.e. setting up SSH (Secure Shell) [SHH] on your server. SSH is a popular software package which enables secure system administration and file transfers over insecure networks, meaning that it uses encryption to secure the connection between a client and a server. All user authentication, [AUTENTIFICATION] commands, output and file transfers are therefore protected from attacks in the network.

All details about implementation and configuration can be found on the SSH official website.   

Error Server Site Password

Use SHA key authentication

For additional security, it is highly recommended to use SHA key authentication, i.e. setting up SSH (Secure Shell) on your server. SSH is a popular software package which enables secure system administration and file transfers over insecure networks, meaning that it uses encryption to secure the connection between a client and a server. All user authentication, commands, output and file transfers are therefore protected from attacks in the network.


All details about implementation and configuration can be found on the SSH official website.  

Server Site Authentication Encryption

Contact your hosting provider

In case you are unable to fix issues yourself or through your system administrator, e.g. by troubleshooting server errors, your next course of action would be to contact your hosting provider.  However, depending on whether your server is located in your country or abroad, your experience with the hosting provider may differ. 

Even though foreign hosting providers may provide a better service than those in your country, you should also be aware that their support might not be up to the standards in resolving the issue with your website quickly. 

Hosting providers with 24/7 support are the best option nonetheless, as well as those who provide additional support channels (live chat, call) in addition to opening a support ticket or sending an email.

Activate DDoS protection

Distributed Denial of Service (DDoS) attacks , which aim to “flood” the server with a large number of automated access requests, usually coming from thousands of IP addresses  , in order to make the site unavailable. To prevent your site from being disabled due to a DDoS attack, you should activate DDoS protection

The most common DDoS protection service provider is Cloudflare, which offers free plans but with limited options, but there are others such as Deflect, whose services are used by many media, environmental and human rights organisations. Google also offers free DDoS protection through Project Shield, which is intended for news, human rights and election monitoring sites. 

Error Server Site Hosting

Making a strong password

When making a password , you should make sure that it is unique, i.e. that it is only used for one account or device, long and complex. 

Using the same password for multiple resources is a risk - if one of your accounts is compromised, others using the same password might be as well. 

Having a long password - 10+ or even 20+ characters, the longer the better - makes it harder to crack with brute force attacks. Use of different types of characters and symbols, such as numbers, small and capital letters and special characters (!, ~, *) is strongly encouraged.  

Avoid using online password generators and “how strong is my password” tools - you can’t know who is behind them and where your passwords might end up.

It is also highly recommended to set up multi-factor authentication  on your accounts, if the online service or platform has that option. This creates an additional layer of protection, as an additional step is required to login, usually a one-time code received via SMS or an app such as Google Authenticator.

However, multi-factor authentication (MFA) is not a “silver bullet” solution - people are still susceptible to social engineering attacks, such as phishing scams, and can be persuaded or fatigued to provide the second authentication factor, a one-time code for example. This is why it is important to consider a phishing resistant solution for MFA, such as the use of physical hardware keys.

Multi-factor authentication by default is unfortunately still not an industry standard - there are services which don’t offer it, and for those that do, users still have to navigate through complex security settings in their accounts in order to set it up.

Although any kind of MFA is better than having none, some forms are safer than others. For example, receiving codes via SMS is not reliable due to security flaws in mobile networks and so called “SIM swapping”, i.e. when an attacker gains access to a person’s phone number by tricking their mobile provider’s staff.

However, it should be noted that MFA is not a substitute for regular security training and awareness of threats such as ransomware. It is very important to build a positive, proactive security culture within your organisation with motivating and engaging training - you can improve the digital security on both personal and organisational level if you focus on all three domains of cybersecurity: people, processes, and technology.

Password Authentication Digital hygiene Apps

Password management

With so many accounts an average internet user has today, it has become impossible to memorise all passwords and have them be unique, long and complex at the same time. 

That is why you should use applications  called password managers , which securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols.  

Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Storing login credentials in browsers '> should be avoided, together with online password managers which are not open source and end-to-end encrypted .

Password Authentication Digital hygiene Apps

Activate DDoS protection

Distributed Denial of Service (DDoS) attacks, which aims to “flood” the server with a large number of automated access requests, usually coming from thousands of IP addresses, in order to make the site unavailable. To prevent your site from being disabled due to a DDoS attack, you should activate DDoS protection

The most common DDoS protection service provider is Cloudflare, which offers free plans but with limited options, but there are others such as Deflect, whose services are used by many media, environmental and human rights organisations. Google also offers free DDoS protection through Project Shield, which is intended for news, human rights and election monitoring sites. 

Error Server DDos IP Address

Browsing Add-ons

There are ways to improve your internet browsing experience and make you safer while you use your favourite online services. Modern internet browsers '> , such as Mozilla Firefox, Brave or Google Chrome, have software widgets (add-ons/extensions) which provide additional options and benefits for your browser. Here are some of the best:

HTTPS Everywhere: this addon forces encrypted communication (HTTPS) when you visit a website if it supports HTTPS  , therefore making your browsing more secure.

Privacy Badger: an extension which enables you to block advertising trackers from third parties on websites you visit.

Facebook Container (Firefox only): it isolates your Facebook identity in a container tab, making it harder for Facebook to track your visits to other websites with third-party cookies.

uBlock Origin: a resource-friendly multi-purpose blocking extension designed to block ads, tracking and malware domains .

Digital hygiene Browser Encryption

TOR and VPN

The internet commonly provides a false sense of anonymity, whereas there is only pseudo-anonymity for most users. Pretty much everyone is identifiable online by their IP address , a unique identifier assigned to you by your internet service provider (ISP).

However, there are tools which can help you mask your actual IP address and provide an additional layer of protection for your online identity. This can be achieved with the use of Tor Browser or Virtual Private Network (VPN)  services.

Tor Browser is a free and open source software customised to work with the Tor network, based upon Mozilla Firefox, which encrypts  your browsing traffic and gives you a new identity, i.e. a new IP address. It is also particularly useful for accessing blocked websites on your network. There are some drawbacks however, as the Tor network provides generally slow internet speeds and users’ identity can be exposed if they do not use Tor Browser properly.

Virtual Private Network (VPN) is a service which enables users to connect to the public internet through a private network, providing an additional encrypted layer of privacy and masking the users’ actual IP address. There are many VPN providers, but users should still take note and be aware of possible security aspects such as:

  • Jurisdiction, i.e. in which country is the company providing VPN services based. Countries which are members of the “Five Eyes” mass surveillance alliance (USA, UK, Canada, New Zealand, Australia) should generally be avoided;
  • No logs policy, meaning that the VPN provider doesn’t log your internet traffic made through their network;
  • Regularly performed independent security audits, which are usually documented on the VPN provider’s website;
  • Price - some VPN services are quite expensive, but you should be vary of “completely free” VPN apps , as their business model is almost certainly based on tracking users. However, some paid-service providers  offer free plans with limited possibilities, such as lower speeds and a smaller number of servers .
IP Address Digital hygiene Browser Apps Encryption Data leaks Safety

Good security practices

No matter what you do online, you should always try to follow general good security practices:

  • Be very careful with your personal data;
  • Respect the privacy of others on the internet;
  • Only download files and install software from known and trusted sources;
  • Regularly update all software and operating system  of your devices to reduce the risk of attacks;
  • Create unique and complex passwords and securely store them in password managers  ;
  • Enable multi-level authentication  for your online accounts wherever possible;
  • Use an anti-virus/anti-malware software;
  • Encrypt everything you can encrypt;
  • If you use a public computer, try not to leave any traces  behind;
  • If your USB flash drive was in a public or unprotected computer, be sure to scan it with anti-virus/anti-malware software before using it again. It is generally recommended that portable devices, e.g. USB flash drives or external hard drives, are scanned each time they are connected to a computer;
  • Take into account the risks that your every action on the internet implies, privacy does not mean less responsibility;
  • At least quickly read through the Terms of Use/Service before clicking "I accept".
Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Bad security practices

Habits are hard to change, but you should try your best to avoid these bad security practices:

  • Never send passwords , personal data or financial information via plain text email;
  • Do not access networks or other systems for which you do not have authorisation, even if you have somehow obtained certain login credentials (username, password). This does not mean that you have been authorised to use them;
  • Do not install suspicious add-ons and software updates;
  • Don't click on suspicious links you received via email, no matter how interesting the message may seem;
  • Avoid using public or unprotected computers;
  • Avoid using other people's mobile devices;
  • Don’t write your passwords on a post-it. Seriously, don't!
  • Don’t put the names or dates of birth of people close to you as passwords;
  • Don’t leave your devices unattended and unlocked;
  • Don’t ignore suspicious activities - sometimes it’s better to be paranoid;
  • Do not use pirated software. If you do not want to pay for software, look for a free and open source  alternative;
  • Don't live in your comfort zone. Sometimes it is worth investing a little time and effort and learning the basics of how to be safe on the internet.
Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Disc encryption

Encryption is the process of protecting data with a complex cipher, scrambling it so that it can only be accessed (decrypted) with a password or key, sometimes requiring an additional authentication factor, e.g. a digital certificate  . Encrypting hard drives and removable devices, such as USB drives, is especially recommended for people working with confidential information, primarily journalists and human rights activists.

VeraCrypt is a multi-platform (Windows, Linux, MacOS X) free and open source  disk encryption software with advanced capabilities. It can be used to encrypt only specific files, whole hard disk partitions, removable drives, as well as a partition or drive where Windows is installed (pre-boot authentication).

Cryptomator enables you to encrypt your cloud storage files for services such as Dropbox or Google Drive. Files are encrypted within a secure vault which is then stored with cloud service providers, which cannot access the data. Cryptomator is open source and available for Windows, Linux, MacOS X and mobile platforms (iOS, Android).

Digital hygiene Apps Encryption Data leaks Cloud

Email and Chat Encryption

Similar to hard drives and removable disks, communication channels can also be encrypted by protecting data with a complex cipher so that communication can only be accessed (decrypted) with a password or key. Of course, for journalists and human rights activists encryption is a key component of ensuring secure communication with confidential sources. This can be done in a variety of ways. 

Emails can be encrypted using PGP (Pretty Good Privacy), which is based on public key cryptography. You need to generate a key pair - a public key which you share with others and a private key which you keep secret - in order to exchange encrypted emails with correspondents. 

If you use an email provider like Gmail or Outlook, you can encrypt your communication using Thunderbird, an open source email client with built-in OpenPGP capabilities, or by using the Mailvelope browser extension  which works with popular webmail services. 

However, there are email providers, such as ProtonMail or Tutanota, which encrypt your messages automatically when they are sent between their users, and also provide ways to send encrypted emails to those using other providers. 

A free and open source chat app that provides end-to-end encryption  by default is Signal. It is available for iOS and Android, as well as a desktop app. It provides a wide range of security options, such as self-destructing messages, PIN protection or encrypted video calls. Another app with a variety of options you can also use is Telegram, where Secret Chats need to be enabled for end-to-end encryption.

Digital hygiene Apps Encryption

Data center and cloud

Decentralisation of the system, as a measure of physical protection, is set as a key condition for its security. It is recommended that the data is not stored on the same machine from which it is sent to the network or on which it is processed. There are several ways to store large amounts of data. The simplest way is to store data on an external hard drive. External hard drives with relatively good performance are affordable, but this type of computer hardware does not have a built-in duplication mechanism. This means that in the event of a failure, most of the data on that disk would be lost forever. On the other hand, external drives do not have direct access to the internet and are active only when connected to a computer, so they can be said to be relatively secure. Storing data on an external hard drive means that the data remains in the organisation's physical headquarters.

From a data loss risk perspective, renting storage space on a cloud server is a much better way to store important data. Cloud computing is an internet technology based on the remote use of resources (data flow, storage space, working memory, etc) and their exchange between multiple applications and users. The cloud can be private, public or hybrid. Cloud services use RAID technology (Redundant Array of Independent Disks) based on the model of comparative use of multiple disks for data storage, where each data is located in at least two locations, which significantly reduces the risk in case of failure. Some cloud storage solutions are Google Drive, Dropbox, OneDrive, SpiderOak, Tresorit, etc. However, if it is sensitive data, storage on other people's devices is not recommended, despite the fact that all cloud services include encryption .

The third way of storing data is to form your own mini data center  in which all data of importance to the organisation will be stored. Equipment for this purpose depends on the needs. There are a number of ready-made solutions that are cheaper and can permanently solve this issue. Thus, the data will remain within the physical space of the organisation, and the application of RAID technology will reduce the risk of data loss and theft. One of the ready-made data center solutions is Drobo.

Server Apps Cloud

Internal network

In one system (company, newsroom) all computers, printers, storage devices (storage servers or mini data centers ), mail servers, routers [ROUTERS] and other components are connected to the internal, local network, physically (by cable) or wirelessly (wi-fi). These networks are usually based on the so-called client-server architecture. A client or user is a computer or other hardware component in everyday use, while a server is a special computer that allows clients to use the resources stored on it. These can be applications, web pages, files, emails, databases, etc. There are different types of servers: web server, file server, mail server, database server, etc. Due to the high concentration of sensitive data in this network, special protection measures are applied to it.

A wireless network may have different physical bands depending on the strength of the transmitted signal. Indoors, this range averages about twenty meters around the router, which often means that this network is available outside the room. Routers that emit a wireless signal have several layers of protection, the configuration of which is the task of the administrator, including setting up adequate protection measurers. 

Below are the most common protection measures for wireless networks:

  • Wireless security mode: It is recommended to use WPA2 (Wifi Protected Access 2) protection which has two possible applications. PSK (Pre-Shared-Key) is set easily, by setting a password [PASWWORD] , while Enterprise requires a slightly more complicated setup and an additional RADIUS (Remote Authentication Dial In User Server) server. In most cases, the PSK method is good enough as a protection mechanism for small and medium organisations, if the password meets the standards. Many routers [ROUTERS] also support WPS (Wi-Fi Protected Setup), a system that allows you to log in to a wireless network using a button on the router, without entering a password. This system has serious security flaws, so it is recommended that it be turned off on the router;
  • MAC filtering: MAC address is the physical address of the device that connects to the network. The router can be configured to allow access only to addresses that are on its list. This method will not stop advanced attackers, who can detect the list of MAC addresses from the router and download some of the associated addresses for their device;
  • Hiding SSID (service set identifier): SSID is the name of a network that is usually public. Similar to the MAC filter, hiding the SSID will not stop advanced hackers, but it will prevent some less capable attackers from playing with someone else's network;
  • Using multiple wireless networks is recommended when there are at least two categories of people for whom the network is intended, for example employees and guests. Given the characteristics of wireless networks, the only way to physically separate the network used by employees from the network to which other visitors are connected is to maintain separate routers, where everyone will have their own cable that connects directly to the internet.
Server Password Apps

Ask for server logs

To determine the potential source of issues with your website, taking a look at server logs  can be of great importance. Server logs are text documents which provide you with various information about all activities on the server. For example, you can see the IP addresses [IP-ADDRESS] and identity of the devices making a request to the server , time and date of the request, etc, which can all be crucial when mitigating a cyber incident.

You can request server logs for a certain time frame from your system administrator or through technical support.  

File a criminal complaint

Once you have the log files from your server from which it could be seen that your website was targeted with a cyber incident, e.g. unauthorised access, you can file a criminal complaint to the police or competent prosecutor. 

When preparing a complaint, make sure you mapped and described the events during the incident as they happened (what behaviour with the site did you notice, at what time, were there any changes you weren’t aware of), prepared the server logs and other useful information, such as screenshots  of suspicious activities. 

Error Server Digital evidence Site IP Address Hosting

File a criminal complaint

Once you have the log files from your server from which it could be seen that your website was targeted with a cyber incident, e.g. unauthorised access, you can file a criminal complaint to the police or competent prosecutor. 

When preparing a complaint, make sure you mapped and described the events during the incident as they happened (what behaviour with the site did you notice, at what time, were there any changes you weren’t aware of), prepared the server logs and other useful information, such as screenshots of suspicious activities.

Server Digital evidence Site Cybercrime Criminal charges

Data backup

Backing up does not affect the level of security of the system itself, but backup is crucial when, after a security crisis, there is a need to recover  lost data. Sometimes, based on a backup, it is possible to determine the cause of the system crash by reconstructing security vulnerabilities or errors in the system. It is recommended to use an open source  backup system, such as UrBackup. When choosing, care should be taken that the backup system provides the ability to quickly and accurately restore data, and that it is optimal, i.e. does not overload the server or storage resources.

Data backup System restore

Remote working

Access to applications and data that are physically located in the system (organisation, editorial office) is possible, with appropriate permissions, from any computer in the world. In this way, work is significantly facilitated, shortens the time required for data processing and enables participation in the field work process. 

From a security point of view, teleworking has serious drawbacks. Establishing a connection between the network or server in the system and the external computer opens the possibility for MitM (Man in the Middle) attacks. MitM [MitM] is a type of technical attack in which the client and server are not necessarily at risk, but the attacker uses connection flaws to access their communication and commit data theft. 

A secure way to work remotely is to connect via VPN (Virtual Private Network). It is a service of creating a separate tunnel between two computers on the public network, which is specially encrypted for protection. Of the several types of virtual private networks, the safest is to use the so-called TSL (Transport Layer Security Protocol). One of the best VPN implementation software at the organisational level is OpenVPN

Alternatively, non-profit organisations can opt to use G Suite, i.e. Google’s productivity package which includes several popular tools and products (Gmail, Google Drive, Google Calendar, etc.). However, it should be noted that Google’s business model is based on user profiling and analysis of personal data collected from its users.

IP Address Digital hygiene Encryption

Mail server

Emails are considered sensitive data in any organisation. For security reasons, each organisation should have a dedicated email server . In this way, it protects itself from attacks and other malicious activities. 

In addition to the content of email, the importance of data from everyday communication is the so-called metadata - information that is generated and exchanged by software and devices used for sending and receiving emails. For attackers, metadata is often more important than the content of the letter itself, because it carries accurate information about the digital context of communication. Metadata is stored on the mail server, so its protection is specific. The basic step in this direction is to block all protocols (for example, FTP or HTTP) that the server does not need to perform its primary function, i.e. receiving and sending emails. A dedicated server can be rented as part of a hosting  package or other services, or an organisation can purchase a server with special software. An example of such software is iRedMail.

Alternatively, non-profit organisations can opt to use G Suite, i.e. Google’s productivity package which includes several popular tools and products (Gmail, Google Drive, Google Calendar, etc.). However, it should be noted that Google’s business model is based on user profiling and analysis of personal data collected from its users.  

Server Data leaks Cloud

General infrastructure protection

Here are some general recommendations on infrastructure protection:

  • Routers  can be configured to refuse automated collection of information about the system via the so-called footprinting method. This method involves creating a sketch of the network based on the fingerprints generated by sending digital signals. It should also be noted that the routing of data takes place according to different protocols, because they can be the main source of information for attackers. Mapping of routes through which data is transmitted (tracerouting), detection of active devices on the network  (ping) and similar methods can reveal to the attacker the entire infrastructure, i.e. the number and type of routers, computers and the way they are connected. Good practice dictates that ICMP requests be enabled for the web server, while the configuration for other servers and the internal network is set so that these requests are rejected;
  • Unnecessary server protocols should also be disabled. For example, everything can be blocked on the mail server except the protocols used for email (IMAP, POP, etc.) while web servers can be structurally configured so that access is provided only to public resources. Access to other folders and files, as well as the administrator part of the portal, should be disabled to avoid unauthorized access and data leakage;
  • Close unnecessary ports that no application on the server uses, with the appropriate configuration of network barriers (firewall).
  • By using intrusion detection systems, suspicious traffic is identified and rejected and footprinting attempts are registered;
  • Using anonymous registration services, information about the domain registrant can be hidden. However, it should be borne in mind that the reputation of a credible organisation is built through transparency, and this technique is not recommended in every situation.
Server Data leaks Hosting Cloud

Domain and hosting

Very important aspects of organisational infrastructure management are domain name and hosting , i.e. on which server are the organisational websites hosted and which registrar they registered the domain name with.

There are numerous choices when registering a domain name (e.g. organisation.org) and it can be done relatively cheaply and easily online, depending on the needs of the organisation. Domain names are usually registered on a yearly basis and registration must be regularly renewed. 

Organisations can opt for different types of top level domains, i.e. the ending part of the URL, and most common are: 

  • Country code (ccTLD), which are associated with a specific country, region or territory: .de, .br, .ca;
  • Generic (gTLD), related to general notions: .com, .net, .org;
  • Sponsored (sTLD), reserved for specific types of registrants, such as government bodies or international organisations: .gov, .int, .aero.

When registering a domain, there is also the option of Whois domain protection, so that the registrant’s information (name, address, contacts...) wouldn’t be visible in Whois lookup searches. However, for organisations such as media, domain transparency is recommended.  

Websites can be hosted domestically, i.e. in the country where the organisation operates, or internationally. Both options are equally viable, but have some specifics to them:

  • Domestic hosting
    • You can directly inspect the quality and security of the providers’ server halls;
    • Better availability of technical support that does not depend only on reporting and online communication;
    • Liquidity and reputation of hosting providers can be checked in the local community;
    • There is no application of legal provisions pertaining to international personal data transfers;
    • If a site targeting domestic audiences is under DDoS [DDoS] attack from abroad (which is usually the case) it can remain stable and accessible to domestic users by temporarily blocking foreign IP addresses  .
  • Foreign hosting
    • The server where the site is hosted is outside the jurisdiction of state authorities in the organisation’s country;
    • Domestic legislation does not apply to hosting, so legal and administrative procedures related to the hosted content can be complicated and uncertain.

In terms of technical aspects of hosting, there are four types:

  • Shared hosting is hosting based on the principle of sharing resources. Different sites on a shared server share the processor, bandwidth, disk space, and so on. This means that if one of the sites on shared hosting has an increased number of access requests, the performance of other sites on the same server will be affected;
  • Virtual Private Server (VPS) is hosting where everyone has their own resources. Technically, multiple virtual servers are set up on one physical server and each of them has certain resources that it does not share with others. Also, if one of the virtual servers is attacked, the integrity of others is not compromised;
  • Dedicated server is a type of hosting where the user is assigned the exclusive right to access the machine and use it for any purpose. On the dedicated server, virtual machines can be set up and used for different purposes, such as web hosting, email, data storage;
  • Cloud hosting is hosting on multiple servers connected to function as one, which contributes to the decentralisation of the system, and thus has better integrity. In case of a failure on one of the servers, the others take over its role, so the problem will not affect the operation of the site.

Shared hosting is not recommended in cases when the site consists of active content that changes relatively often and when the number of visitors varies. Dedicated hosting and cloud hosting are better solutions, but their price is a bit higher. Finally, the choice of option depends on the needs of the organisation. 

Technical support is one of the most important segments of the hosting service, because in case something goes wrong, this service is a contact point that must be fully cooperative to solve the problem as soon as possible. It is advisable to choose a company whose technical support service is operational 24/7. 

Although all the content and traffic on the internet is practically virtual, good old machines are still the basis of it all. That is why it is important to check what kind of hardware the hosting company is using. 

Finally, the technical specifications of the hosting package are the most important feature and it is desirable that they are scalable, i.e. that they can be adapted and upgraded in accordance with the changing needs of the organisation. 

Good hosting also implies decentralisation. It is not recommended that the same server is used to host the site and as a mail server or data center. The web server must be accessible from the public internet, while access to the data center from the public internet would be a serious security issue. If there is a need to access the data stored in the data center  remotely, it is best to use VPN  services.

Server Site Hosting Cloud

Permanent data deletion

Conventional deletion of data from a device is not an effective solution for permanent deletion, because there are ways to recover deleted data with the help of special software. The solution to this are programs that use complex algorithms for decomposing data into a digital “mash” that can no longer be returned to its original form. Eraser is a free Windows application [APLICATION] that can completely remove data from hard drives by overwriting it several times with carefully selected patterns.

As for optical disks (CDs, DVDs), the most elegant way to permanently destroy them is to use a special shredder that can destroy disks in addition to paper. Methods for physically destroying hard drives that can be found online, where the drive is acidified or burned, are extremely dangerous. Hard drives contain various types of harmful chemicals, which can cause toxic and flammable fumes.

If old equipment is ready for sale or a hard drive is destined for disposal, it will require deep cleaning, even if it is broken. The software that does this very efficiently is Darik’s Boot and Nuke. Good practice suggests that when disposing of old equipment - after special software has performed deep cleaning of the disks - the equipment is disassembled to destroy the ports and break the pins on the connectors.

Digital hygiene Apps Data leaks

Critical points in the system

Each platform has several points that are the most common targets of attack. If the web developer pays attention to these zones when creating the site, it will significantly reduce the risks to the content and provide unhindered access to the site: 

  • Contact forms, surveys and other segments of the site where readers can enter some parameters are certainly the places of highest risk because they allow direct access to the system. If they are not necessary for the operation of the site, it is wise to give up the contact form, while surveys can be limited to one entry per IP address . An interactive relationship with readers can be developed in a separate space that is not directly related to the site itself;
  • The database is also one of the riskier parts of the site. By sending illogical and complex queries to the database, it can be blocked, which prevents readers from accessing the site. The solution is to strictly validate each entry in the database and prevent illegitimate queries via URL or otherwise;
  • Free third-party software that is installed on a platform to make it more interesting can often be an additional risk. This software usually comes in the form of various themes or other objects that improve the functionality and appearance of the site, but it can also contain code or a security flaw that compromises the integrity of the site. Therefore, it is important to always use software made by credible sources, i.e. software for which there is a sufficient number of positive reviews online.
Site IP Address Hosting

Most common cyber incidents

According to the most general classification, technical attacks can be carried out either without direct access to the server or with the need of access to the server. In the first group are mostly incidents whose most important goal is to prevent access to the content of the site. 

There are several ways to crash a server, and the most commonly used is a DDoS (Distributed Denial of Service) attack. This means that a huge number of devices simultaneously send access requests to the attacked server, which cannot answer all the queries and simply stops working. After the attack stops, in most cases the server and the site work normally. 

Ransomware is a form of malware which encrypts files on anything from a single computer all the way up to an entire network, including servers, so that the files cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

Phishing is focused on exploiting the lack of knowledge or gullibility of the target and is mostly done by email. It is usually used for various scams, such as the famed “Nigerian Prince”, infecting devices with malware or gaining access to sensitive information, such as financial data or login credentials. Potential targets are sent a fraudulent message which is made to look authentic and as if it was coming from someone from the position of authority, such as a bank or police. The recipient is then asked in the email to open the attached file or click on a link in order to do something very important, e.g. to update bank account information or review a received payment. 

Interception of communication (voice, video, text chats, internet traffic) is also a risk, as there are actors such as intelligence agencies and criminals with advanced capabilities and resources to conduct surveillance of unencrypted communications channels. Issues such as government hacking are becoming increasingly dangerous for citizens’ communications privacy due to the growing surveillance industry, which keeps developing and selling one advanced product after the next.

Code injection is a more sophisticated type of attack, when malicious code is inserted through some open form of the site or through a URL. The goal of the attack is to instigate the database or other part of the site to perform operations that have no visible result, but occupy the server's resources until they flood it with activities, thus shutting it down. In some cases, after these attacks, the site becomes unusable, so the content is restored with the last saved copy . Regular backup of the site is rightly considered an elementary security procedure. 

Trojans that enter the system through social engineering are first on the list when it comes to the number of some types of attacks. Users usually pick up the infection on obscure websites where they recklessly accept the warning that they are “infected” and activate a fake antivirus. In this way, millions of hacking attacks are carried out each year, which puts the trojans in an unsurpassed advantage over other hacker attacks. The best protection against this type of attack is education and information about modern forms of threats. In organisations, this problem is somehow solved by filtering sites that can be accessed from a computer in the local network. 

Computer worms are malicious programs that multiply themselves, using computer networks to transmit to other computers, usually without human intervention. They can arrive as an email attachment and their operation is enabled by security vulnerabilities in the operating system. The best protection against worm attacks are antivirus software and quality passwords [PASSWORS]. Other good methods are firewalls, not opening suspicious emails and regular software updates.

Online harassment includes many forms of abuse, such as impersonation (i.e. someone making a fake social media or email account with your personal data), smear campaigns, hate speech, threats, cyberstalking, etc. When such incidents occur, it is best to report and block the accounts in question and gather any digital evidence to be used for potentially filing a criminal complaint: relevant links or URL addresses, screenshots  of profiles and messages, phone/app  call logs and similar. 

Attacks that require access to a server are mostly complex and more serious. They are aimed at stealing data, altering content, placing fake content and disabling access to content. These attacks are complex because the attacker must break through all the security measures set on the server in order to reach certain passwords, access codes and the like. They also require greater expertise of the attacker.

Server DDos Digital hygiene Malware Harassment Cybercrime

What are CERTs

Computer Emergency Response Teams (CERTs) are organisations dedicated to the protection of information security and can be established at the national level, at the sectoral level (such as finance or energy) as well as within a single entity (e.g. company CERTs). Alternatively, these types of organisations are called CSIRT (Computer Security Incident Response Team) or CIRT (Computer Incident Response Team). 

Depending on the legal framework, the role of CERT can be educational, advisory, preventive and investigative, which includes monitoring accidents at the national level, providing early warnings and information on risks and incidents in the field of information security, but also promoting security culture among citizens, in state institutions and the private sector. 

Due to the fact that they are in charge of a limited number of specific information systems, special CERTs usually have an incident management function, which implies a more active role in the process of restoring normal system functioning, incident and malware analysis. 

The first organisation of this kind is the CERT Coordination Center (CERT / CC) of the Software Engineering Institute at Carnegie Mellon University in Pittsburgh, USA. As early as 1990, national organisations founded the international organization FIRST (Forum of Incident Response and Security Teams), which currently has more than 500 members worldwide. FIRST brings together CERT teams at the state level, commercial CERTs and academic CERTs.

CERT

Role of CERTs

The task of each CERT is to monitor and analyse threats to the security of ICT systems  , provide assistance in identifying threats and preventing attacks, empower actors for adequate responses to attacks, provide legal assistance in processing cyber incidents [CYBER-CRIME] , maintain communication with relevant institutions and more. 

In order for a CERT to successfully implement its activities, it is necessary to establish a catalog of services. If the services, vision, mission and goals are clearly and precisely defined, the basic framework of business and development of CERT is established. These are, as a rule, among other things, coordination of information, monitoring of intrusion detection systems, analysis of potential threats and attacks on the security of ICT systems, recovery of the system from the consequences of attacks. The basic services of CERTs include the proposal and implementation of protection measures, reporting, analysis and technical support. They can be described in more detail in the light of their four basic processes: triage, resolution, issuing notices and giving feedback to users.

The triage process is the basic point of contact and involves accepting, collecting, sorting and forwarding the information obtained. When the CERT triage team receives some information or a problem report, a confirmation is sent to the sender that the message has been received, and then the information is sorted, prioritized, a unique identifier is added, and forwarded to other processes within the implemented services.

The incident resolution process involves analysing reported security incidents or threats and responding to them. During the analysis, the cause is determined, the evidence is analysed, it is determined who is involved in the incident, as well as what kind of support and to what extent is needed. What the response will be depends on CERT's missions, goals and definitions of services, but also on the priorities set.

The notification process is a notification in different formats, such as: announcements,  warnings, advice, short notices, guidelines, technical procedures. The primary purpose of issuing a notification is to provide information to users that will help them protect their systems or to find traces of a potential attack by providing information about possible, ongoing, or recent threats. Additionally, methods for preventing, detecting, or recovering from incidents are suggested.

The feedback process is communication with users and entities, either on request or in a regular form (e.g. in the form of a report).

The information management process covers all 4 mentioned phases and is a very important part of the basic process. Information needs to be collected and recorded, then verified, categorised and finally stored. Some information may also be published, to provide guidance or support to stakeholders, but throughout the process the security of all information within the CERT organisation must be at the highest level. 

In addition, the cooperation process involves all types of interactions that CERT has with other entities. It is desirable to regularly maintain existing and establish new contacts with local and regional partners and clients, as well as to create adequate databases. However, information is exchanged during all four basic processes, so it is important to choose partner organisations carefully in order to preserve the integrity, confidentiality and availability of data. 

In addition to national CERTs that comprehensively deal with security incidents in ICT systems at the national level, there are a large number of special CERTs around the world, focused on improving information security within one sector, group of entities, and even within just one company. Given the complexity and specificity of a particular community or group of entities (academic institutions, banks, etc.) or the confidential nature of information managed by companies, special CERTs with their highly specialised experts are certainly the most competent address for protection against cyber incidents and establishing preventive measures.

Digital hygiene CERT

Incident notice

For the purposes of this toolkit, we will define “incident” as any event that has a negative impact on the security of network and information systems. This can range from complex and sophisticated technical attacks to system malfunctioning caused by human error.

However, when it comes to ICT systems of special importance  , such as those which are part of a country’s critical infrastructure (power supply, telecommunications, etc.) or used for banking services, they have an obligation to report incidents in their systems to competent state bodies and authorities. For example, if the incident occured in the banking sector, the operator of the ICT system needs to notify the country’s central bank.

When there are more serious incidents and attacks, which can strongly affect national defence or national security, relevant intelligence and security services and agencies (military or civilian) should be notified as well. In addition, when an incident involves and affects personal data, the national data protection authority (Commissioner, Agency, Commission, etc.) is also to be notified.

Sometimes it is very difficult to distinguish between types of incidents, as they can occur simultaneously. Below is a list of some of the types of incidents which usually require sending an incident notice to the competent state authorities:

  • Breaking into the ICT system: an attack on a computer network and server infrastructure which, by violating protection measures, enabled access to the ICT system and unauthorised influence on its operation; 
  • Data leakage: availability of protected data outside the circle of persons authorised to access data; 
  • Unauthorised modification of data
  • Data loss
  • Interruption in the functioning of the system or part of the system; 
  • Denial of service attacks [DDoS] ; 
  • Installation of malware  within the ICT system; 
  • Unauthorised data collection through unauthorised surveillance of communications or social engineering; 
  • Constant attack on certain resources; 
  • Abuse of authority to access ICT system resources; 
  • Other incidents
DDos Damage Data leaks CERT Cybercrime

Security act

Operators of ICT systems of special importance are usually required to have and implement a security act. The security act regulates protection measures, principles, manner and procedures for achieving an adequate level of system security, as well as authorisations and responsibilities related to the security and resources of the ICT system of special importance  . The operator of the ICT system of special importance has to check the compliance of the applied measures in the ICT system with the security act at least once a year.

Each protection measure, e.g. making regular data backups , should be described in as much detail as possible. In addition to the description, the measure should contain the principles and procedures that will be applied during its implementation.

After describing the measures and referring to the principles and procedures, the security act should determine the responsible person for each measure, which is obliged to make sure that the measures are respected in practice.

Data backup CERT

Request backup restore

When a cyber incident is resolved, a check needs to be performed in order to see if there is anything missing. Malicious actors might be able to delete some of the content from your website, therefore it is important to have regular server and website backups [BACKUP]. 

In case you notice some content is missing after the incident has been handled, it is possible to restore it by requesting the backup from your hosting provider or technical support.

Server Site Data backup Hosting

LIBEL AND HUMILIATION

Bad language, swearing and use of a disrespectful tone that degrade personal dignity, reputation and/or status in society. Pictures, videos, memes and gifs can also be utilised to inflict humiliation/shame. 

Everyone has different tolerance levels and the line between libel and criticism is often blurred.  Public figures, especially politicians who represent the general public,  must  display a higher level of tolerance of criticism. On the other hand, journalists, and human rights’ defenders, have the right to shock, disturb and even offend members of and the public at large, when carrying out their professional duties and in the public’s interest.

Female journalists, activists and women politicians are more likely to be targets of libel and humiliation than their male counterparts.  Offense based on gender identity or presentation is a silencing mechanism, and has been recognized as a form of gender-based violence and, as such, publicly condemned. https://twitter.com/UNESCO/status/1140888153928196096

If you are targeted with any type of digital violence, we urge you to seek support from your support networks that understand you and your feelings. Take time away from spaces where you’re experiencing the harassment, and ask people you trust to check on your accounts, emails and update you about the status of attack, or help you document the abuse.

If you are a  female journalist, there is  an initiative “Female Journalists against violence”, which offers support and help rooted in the empathy, trust and mutual learning.

Digital evidence Reputation Tactic Support Journalists Public official

HARASSMENT

Targeted assaults, lasting any amount of time, at a high intensity, that cause harm, intentionally exploiting vulnerabilities. Harassment is an attack on human dignity, reputation and privacy, with the goal of silencing and/or curtailing the target’s digital participation.

This is an umbrella term that covers different acts: from sexually explicit threats to varying degrees of privacy invasion. 

The structure of the digital ecosystem means that attacks may come from one person and via one platform, but spread via additional perpetrators/platforms as a cyber mob attack. Online harassment, as we see it on one platform, is often much more widely disseminated, and therefore, potentially more impactful.

It is of utmost importance to recognize that a person targeted with online abuse is in no way to blame: there is no excuse for violence. If you are targeted with any type of digital violence, we urge you to seek support from your support networks - primarily friends, family, that can understand you and your feelings. Take time away from spaces where you’re experiencing the harassment, and ask people you trust to check on your accounts, emails and update you about the status of attack, or help you collect digital evidence .

In the case of cyber-mob harassment - potentially a huge volume of messaging, across multiple platforms and channels of communication - emotional support and practical help from friends and family is a key element of regaining a sense of safety.

The most effective prevention mechanisms are those grounded in a holistic approach to safety, including physical, mental and digital (with a crucial focus on consistent digital hygiene). Until digital hygiene and holistic principles of safety do not become a routine, it is crucial to continually undertake processes of risk assessment, such as to evaluate a potential offence - when it happened, why and from whom? If possible, you can request from your employer to connect you with a therapist, legal council or court representation if needed.

There is always the option of abstaining from social media for a certain period of time, but given our reliance on these platforms, this is a strategy that is much easier said than done. Try instead to limit the time you spend on these platforms and interact with people you trust in closed group settings. The most important thing is to take care of yourself, and acknowledge your feelings, even if it means allowing yourself a few days to lie in bed under the blankets, doing nothing.

When you feel ready, you can work on improving your digital security and hygiene. Check DIY online safety guide and ZEN  and the art of making tech work for you. If you are a journalist check also this Totem course on online protection. If you want to learn more OnLine sos  is an excellent place to start as well as Feminist frequency, a detailed overview of different self-help mechanisms. 

Digital evidence Digital hygiene Safety Support Sexual Harassment Pornography Fear Employer

TROLLING

Trolling has previously been described as intentional, but with the intention of being humorous or witty. The term has now come to describe intentional and ill-spirited mockery, shaming, and provocation.  
 

“Troll farms'' are a fairly recent phenomenon, that utilize both human engagement and algorithms to actively influence opinion- and decision-making by distorting online discussions and narratives.  While troll farms may not directly spread misinformation and fake news, they do plant the seeds of mistrust and division. Given the importance of the internet for our everyday lives, trolls can critically impact societal and political processes, such as the election process. 

For some who have been targeted with online violence, instead of moving away from online participation, they chose to respond with more speech and more engagement. Speaking openly about an experience of online abuse (in addition to utilizing institutional or alternative mechanisms of protection), can be helpful for several reasons. Naming and shaming your abuser and exposing them to public scrutiny can also be a mechanism of protection, helping you regain a sense of control and empowerment in helping others in similar experiences, and raises public awareness about digital violence. As the broader public learns the extent and scope of online abuse, they will recognize its negative effects on society and, hopefully, demand a response from State officials. If you chose this path, try to focus on sharing your experience and the personal and community impacts of an assault.

One well-known female journalist established communication with her troll over social media, in order to eventually try and meet them. She later made a series of stories out of these conversations - a creative and courageous way to counter harassment. Here are some useful tips on how to talk to your trolls, if you decide to take this path

It is not impossible to identify the person behind online abuse. Keeping regular track of abuse also helps in documenting  the digital traces left behind by the perpetrators. Using these clues, and with the help of friends, digital security experts, investigative journalists and a little bit of luck, it may be possible to identify individuals or groups responsible for abuse. Take a look at this great example from Latin America’s Center for investigative journalism - when collaboration resulted in the discovery that a group of politicians were responsible for online assaults across the continent.

Tactic Media Pressure Public shaming Innovative strategy Provocation

REVENGE PORN

Revenge porn is defined as posting sexually explicit content without consent, with the intent of humiliation, shame or blackmail. Revenge porn is a violation of  privacy and can result in extreme emotional trauma. 
 

Even if the content was consensually created, consent must also explicitly be given for online posting or distribution. 

Regardless of the medium (video recording, pictures, or gif) - the act of posting non-consensual content alone can be considered revenge porn as a person targeted with online abuse is in no way to blame: there is no excuse for violence. If you are targeted with any type of digital violence, we urge you to seek support from your support networks - primarily friends, family, that can understand you and your feelings. Take time away from spaces where you’re experiencing the harassment, and ask people you trust to check on your accounts, emails and update you about the status of attack, or help you collect digital evidence  .

A journalist from Azerbaijan was secretly filmed engaging in sexual intercouse in her own home. This video was later leaked to the media and widely posted online. The European Court of Human Rights later determined that the journalist’s right to privacy and freedom of expression were violated. It was the first case of its kind that clearly established a link between privacy and freedom of expression.

Digital evidence Digital hygiene Reputation Safety Support Sexual Harassment Pornography Fear

AI VIDEO MANIPULATION (DEEP FAKES)

Hyper-realistic software-manipulated video or audio content, falsely depicting the target’s behavior or speech with the goal of damaging the target’s reputation, degradation of dignity.

Development of Artificial Intelligence (AI) has enabled manipulation that can perfectly mimic reality. This has serious and terrifying implications for the future of fake news and disinformation, as fake content will be more and more difficult to identify.
 

Among other consequences, the spread of fake news has undermined public trust in professional journalism, and it remains to be seen how the media and broader society will cope with  hyper-realistic disinformation. 

https://www.forbes.com/sites/chenxiwang/2019/11/01/deepfakes-revenge-porn-and-the-impact-on-women/?sh=45ed6ff1f53f

Digital hygiene Damage Reputation Tactic

PRESSURES ON FREEDOM OF EXPRESSION

It would be nearly impossible to exhaustively list the ways in which someone can put pressure on and threaten freedom of expression. Those who have been targeted with online pressure or abuse will undoubtedly feel its consequences.

For the broader public, we can see these threats everywhere - from commenting threads, social media platforms, and increasing hate speech and intentional defamation.  It has been nearly impossible to legally qualify perceived ‘pressure’, as it rarely meets legal thresholds, but in targeting journalists and activists, it causes serious distortions in and to public debate and decision-making.

When this type of pressure is top-down - coming directly from public figures, politicians, or others in power (employers, editors), it can have a multiplier effect on the spread and resulting effects on the target. Even if perceived as a form of micro-aggression, long-term consequences are hard and prevent,  not only for the target, but also for the general public and media ecosystem.

For some who have been targeted with online violence, instead of moving away from online participation, they chose to respond with more speech and more engagement. Speaking openly about an experience of online abuse (in addition to utilizing institutional or alternative mechanisms of protection), can be helpful for several reasons. Naming and shaming your abuser and exposing them to public scrutiny can also be a mechanism of protection, helping you regain a sense of control and empowerment in helping others in similar experiences, and raises public awareness about digital violence. As the broader public learns the extent and scope of online abuse, they will recognize its negative effects on society and, hopefully, demand a response from State officials. If you chose this path, try to focus on sharing your experience and the personal and community impacts of an assault.

During the COVID pandemic, critical reporting about our governments’ work and health services has become even more important for the public, and, in many cases, more problematic for governments interested in suppressing information. These methods of suppression have been so egregious, that if not for the real danger they pose to public interest, they could even be deemed laughable. https://balkaninsight.com/2020/07/03/pandemic-worsens-crisis-for-media-in-central-eastern-europe/

All journalists and media workers can report violence to an official Journalists’ Association, even if they aren’t members. These associations can provide information and advice on how to file criminal charges, and other suggestions for dealing with and overcoming online harassment. Even if you decide not to report the crime to the police, consider informing the Journalists Association or relevant CSOs about the incident. This information is valuable for them to learn more about online violence, and to later use this data for advocacy purposes and, ideally, change. Associations often have resources and services, including mental health support or legal counseling that smaller media organizations or freelance journalists can’t easily access. Several CSOs have developed expertise after years of work combating online violence, and can offer valuable information and assistance.

A number of international organizations have specifically addressed the importance of and obstacles to the safety of journalists and human rights defenders: Council of Europe/Platform to promote the protection of journalism and safety of journalists, OSCE Mission to Belgrade, OSCE Representative on Freedom of the Media, UNESCO Safety of journalists programmes. For those cases lacking State support, these organizations can bring attention to the case, advocate for change and put pressure on State authorities.

Some organizations provide financial aid and/or legal services for journalists targeted with violence, including Media Defence in London or Free Press Unlimited, based in Amsterdam (they also offer a rapid response service). In situations where the scope and scale of violence threatens physical safety, these organizations can provide relocation assistance until the situation calms down.

Tactic Support Journalists Media Public official Innovative strategy Associations

STALKING

The process of diligently and continually following someone’s activity online. The designation of stalking can be applied whether or not the stalker or target knows one another in person. 

Digital traces, data and other markers of our participation that show up on social media platforms and other websites have made stalking in the digital space a much easier task. As much as in the physical world, consequences on the targeted individual can vary, but could include an increased sense of insecurity, fear and the perception of an invasion of privacy.

Many women and LGBTQI folks are targeted with this kind of emotional and mental violence online. Even if it never leaves the digital space, stalking can cause feelings of helplessness and the loss of control in one’s private life. More serious cases can result in an overwhelming feeling that the stalker is ever present: everywhere at every moment.

It is of utmost importance to recognize that a person targeted with online abuse is in no way to blame: there is no excuse for violence. If you are targeted with any type of digital violence, we urge you to seek support from your support networks - primarily friends, family, that can understand you and your feelings. Take time away from spaces where you’re experiencing the harassment, and ask people you trust to check on your accounts, emails and update you about the status of attack, or help you collect digital evidence .

The most important thing is to take care of yourself, and acknowledge your feelings, even if it means allowing yourself a few days to lie in bed under the blankets, doing nothing. There is always the option of abstaining from social media for a certain period of time, but given our reliance on these platforms, this is a strategy that is much easier said than done. Try instead to limit the time you spend on these platforms and interact with people you trust in closed group settings.

Also, you can work on advancing your digitlal safety - check for example DIY online safety guide or ZEN complete manual and the art of making tech work for you. 

Digital evidence Digital hygiene Safety Sexual Harassment Fear

IDENTITY MANIPULATION

Identity manipulation or misuse of personal data is a serious threat with potentially far-reaching consequences.

There are different forms of identity manipulation and fraud utilising unlawful collection of data, including data leaking, and database hacks, and information dumps, for example. 

The most common reasons for identity manipulation include theft, misrepresentation and cover-up of criminal activity.

Digital evidence Digital hygiene Damage Reputation Identity

THREATS

Endangering of physical and emotional safety and wellbeing by calling for violence against a particular person or group of people, including threats of rape and other forms of gender-based violence.

 

It happens all too often that online threats result in real-world physical violence against a person, group or damage to material goods or spaces. Moreover these physical attacks may not come from the same person making online threats. Rather online threats can inspire and encourage others to commit physical violence. 
 

Social media users in the Balkans, a significant problem is making threats, hate speech and calls for direct violence against refugees from Africa and the Middle East. During one such incident in Belgrade, live-streamed via Facebook, a young man crashed his car into a migrant center in the suburbs.

There are certain measures you can undertake to decrease the risk, for example you can advance your digital hygiene . See for example DIY online safety guide or ZEN - complete manual and the art of making technology work for you.

Digital evidence Digital hygiene Safety Sexual Harassment Fear

HATE SPEECH

Verbal assaults based on race, religion, ethnicity, sexual orientation and gender identity, or political and union affiliation or other identities or characteristics such as age or economic status can be described as hate speech. 
 

Legally, to qualify as hate speech, speech must be proven to target certain protected groups or identities. Online, however, hate speech goes beyond these protected categories, to target multiple groups or identities simultaneously, compounding the effects on already marginalized groups.  An intersectional approach is therefore crucial, to understand the structural and all-encompassing effects of hate speech.

All journalists and media workers can report violence to an official Journalists’ Association, even if they aren’t members. These associations can provide information and advice on how to file criminal charges, and other suggestions for dealing with and overcoming online harassment. Even if you decide not to report the crime to the police, consider informing the Journalists Association or relevant CSOs about the incident. This information is valuable for them to learn more about online violence, and to later use this data for advocacy purposes and, ideally, change. Associations often have resources and services, including mental health support or legal counseling that smaller media organizations or freelance journalists can’t easily access. Several CSOs have developed expertise after years of work combating online violence, and can offer valuable information and assistance.

For some who have been targeted with online violence, instead of moving away from online participation, they chose to respond with more speech and more engagement. Speaking openly about an experience of online abuse (in addition to utilizing institutional or alternative mechanisms of protection), can be helpful for several reasons. Naming and shaming your abuser and exposing them to public scrutiny can also be a mechanism of protection, helping you regain a sense of control and empowerment in helping others in similar experiences, and raises public awareness about digital violence. As the broader public learns the extent and scope of online abuse, they will recognize its negative effects on society and, hopefully, demand a response from State officials. If you chose this path, try to focus on sharing your experience and the personal and community impacts of an assault.

Reputation Support Journalists Pressure Innovative strategy Associations

FALSE ACCUSATIONS

As a result of structural power inequality, false accusations, even if proven false, have the potential to inflict serious and lasting reputational damage on the accused. 
 

False accusations may be seen as a form of pressure on one’s freedom of expression, but if accusations are intentionally orchestrated and persistent, they can also distort public opinion and debate while stigmatizing and silencing the target of the false accusations.  
 

If you are a female journalist, there is an initiative “Female Journalists against violence”, which offers support and help rooted in the empathy, trust and mutual learning.

Reputation Tactic Journalists Pressure

FLAMING

Usually found on internet forums or reddit-style threads, flaming refers to the use of offensive language, swearing and other methods of provocation for the purpose of eliciting a response from or engagement with the target. The ultimate goal is to inflict humiliation, shame, and ruin the target’s credibility. 
 

Before being recognized as a tool for digital harassment and abuse, flaming was normalized as part and parcel of online communication in closed fora and chat rooms.  

For some who have been targeted with online violence, instead of moving away from online participation, they chose to respond with more speech and more engagement. Speaking openly about an experience of online abuse (in addition to utilizing institutional or alternative mechanisms of protection), can be helpful for several reasons. Naming and shaming your abuser and exposing them to public scrutiny can also be a mechanism of protection, helping you regain a sense of control and empowerment in helping others in similar experiences, and raises public awareness about digital violence. As the broader public learns the extent and scope of online abuse, they will recognize its negative effects on society and, hopefully, demand a response from State officials. If you chose this path, try to focus on sharing your experience and the personal and community impacts of an assault.

Read more about how online discussions nose-dive into dangerous discourse. https://www.lifewire.com/what-is-flaming-2483253 

It might be difficult but it is not impossible to identify the person behind online abuse. Keeping regular track of abuse also helps in documenting the digital traces left behind by the perpetrators. Using these clues, and with the help of friends, digital security experts, investigative journalists and a little bit of luck, it may be possible to identify individuals or groups responsible for abuse. Take a look at this great example from Latin America’s Center for investigative journalism - when collaboration resulted in the discovery that a group of politicians were responsible for online assaults across the continent.

Tactic Support Pressure Innovative strategy

GOOGLE BOMBING

Intentional optimization of inaccurate and malicious information on internet search engines (i.e. Google), with the objective of causing damage to the target’s dignity and reputation.

 

Search result indexing can be manipulated using large-scale, coordinated search requests containing inaccurate or malicious information. These search requests and results are up-ranked so that they are the first visible option when the target is searched.  
 

The wife of a former German President filed charges against Google in 2012, claiming the company’s search algorithm resulted in the broad dissemination of  information about her past as a sex worker.

 

Digital hygiene Browser Damage Reputation

DOXXING

Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

The infraction of doxxing does not require that the published information be utilized with consequence to the target. The simple act of making sensitive information - the spread of which could have repercussions on the person whose information has been published -public, sends a clear message of intimidation and harassment. 

It is important to report online violence to social media platforms as there is  always the chance that the data is removed and/or the perpetrator blocked  . It is important to report abusive content as a method of documentation and evidence for police investigations and court cases - and there is always the chance that the content is removed and/or the perpetrator blocked. If needed, ask family and friends to take over reporting and communication with the platforms.

The most important thing is to take care of yourself, and acknowledge your feelings, even if it means allowing yourself a few days to lie in bed under the blankets, doing nothing.

There is always the option of abstaining from social media for a certain period of time, but given our reliance on these platforms, this is a strategy that is much easier said than done. Try instead to limit the time you spend on these platforms and interact with people you trust in closed group settings.

If you are a female journalist, there is an initiative “Female Journalists against violence”, which offers support and help rooted in the empathy, trust and mutual learning.

Check aslo OnLine SoS to learn more about additional means of protection.

Digital evidence Digital hygiene Harassment Reputation Safety Sexual Harassment Journalists Identity

FALSE REPORTING

The misuse of reporting or flagging mechanisms, or false claims of copyrights infringement or other violations of Terms of Service or Community rules and regulations on social media platforms, for the purpose of blocking, suspension or preventing more extensive digital participation.

Regaining control over your online profiles is often a burdensome process. Suspension appeal procedures on many social media platforms are costly - both in terms of time and resources. Even when appeals are successful, initial false reports will have also succeeded in keeping a target offline for various amounts of time. 

The most well-known case of false reporting (for violations of terms and services on a social media platform) in Serbia is the  suspension of the official profile of an Ombudsperson on YouTube:

https://resursi.sharefoundation.info/sr/resource/kako-mreze-ureduju-javni-prostor-youtube-protiv-ombudsmana/

Digital evidence Report to platform Tactic Identity Pressure

RETALIATION AGAINST SUPPORTERS

Friends, family, partners, colleagues, employers, and even witnesses to the abuse, can be  targeted in the same or similar way as the original target. 

In this way, the perpetrator destroys or attempts to undermine existing networks of support. The result is that the original target is exposed to additional harassment, guilt for the abuse now being levied against friends and family, and further feelings of isolation and anxiety. 

During an assault and in the aftermath, persons suffering violence often turn to their friends and family and spaces where they can talk openly about their experience and find support. As important as the support of family and friends can be, sometimes, even well-meaning advice can place blame for the harassment back onto the target. Remember that the perpetrator alone is responsible for abuse. Your friends and family can also help you to document and monitor  online abuse and to maintain an overview of your social media profile and online communication channels.

Learn more about support, risk assessment and other support mechanisms: here.

It often happens that supporters and bystanders who defend the primary target, in many cases journalists and activists, are involved in an organized attack together or individually.

Digital evidence Digital hygiene Harassment Safety Sexual Harassment Pressure

Access a trusted device

Having 2-step authentication  turned on for all of your accounts is an essential security practice. However, in case the verification method you set up (phone number, app) is not working or has changed, you should try accessing the account from a trusted device . Many service providers offer the option (usually just a checkbox on the 2-step page) to mark a device as trusted so you wouldn’t have to enter 2-step security codes each time you log in on that specific device, such as your home computer. 

Make sure that only personal devices (computers, tablets, phones) you use regularly are marked as trusted and never use this feature on public or someone else’s devices. 

Authentication Digital hygiene Phone/Tablet Apps Computer/Laptop

Request a recovery of a deleted account

In case your account gets deleted, there is a possibility that you could request a recovery , as long as not much time has passed since it was deleted. In case you didn’t use your account for a long time, you probably won’t be able to restore it in full.

The process differs among various service providers. With Google, for instance, a user will be asked a series of questions in order to confirm it is indeed their account. Advice Google gives to users trying to restore their accounts is to answer as many questions as possible without skipping them entirely, use a familiar device and location, be exact with passwords and security questions, use an email connected to your account which you can access (e.g. a recovery email) and add helpful details if you're asked why you can't access your account.  

Password Recovery account User account Account recovery

Restore backup

Depending on which data you cannot access, you should try to restore your files from a backup . Make sure your files are backed up regularly and that you can access the backups in case they are kept on some cloud-based service (e.g. Google Drive, Dropbox, OneDrive).

In case the operating system  of your device suffered serious damage affecting its performance, it is advisable to restore it to the last configuration when it was fully functional. Windows has the System Restore option, MacOS can use the Time Machine, while for Linux systems there are many available restore backup tools

Data backup Access recovery Cloud System restore

Check for available decryption tools

One of the biggest security problems and forms of cybercrime  today is ransomware .This form of malware encrypts files so that they cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

In case you are a target of ransomware, general advice is not to pay, as there is no guarantee you will indeed receive the correct decryption key. Payments also encourage further cybercrime attempts. You can try to find a decryption tool based on the type of ransomware. For example, No More Ransom is an initiative which provides citizens with free decryption tools for many forms of ransomware.

Encryption Malware Damage Access recovery

Data recovery tools

In case your files are lost or you accidentally deleted them and you don’t have a backup , there are data recovery tools which can help you. Unless the data was deleted with an advanced tool such as Eraser, conventional data recovery tools might help you restore files.

Recuva is a data recovery software for Windows which has both free and paid versions. For an average user, the free option should be enough to recover deleted files and it also works with memory cards, external hard drives and USB sticks. Disk Drill, another recovery tool with a free plan, also works for MacOS in addition to Windows.

Apps Access recovery

Remote lock and erase

If you are attending a protest or other high risk event, your devices such as mobile phones might be seized by the police or private security or even stolen in the crowd. In case this happens, your private data becomes exposed to all kinds or risks. 

Android phones, in case they have the “Find My Device” option enabled, provide you with a possibility to remotely lock them with your PIN, pattern or password or even erase all data on the phone. Google provides further instructions on how to secure seized Android devices. Very similar options are provided by Apple for iOS devices such as iPhone or iPad.

Phone/Tablet Location Computer/Laptop

Locate a device

In case you can’t find your device and suspect that it might be stolen, there are ways to determine its possible location . For example, smartphones based on Android and iPhones have the option to remotely locate your device. For further details and requirements (e.g. the device must be turned on, connected to the internet, etc) on how to enable the remote find option visit Google’s instructions for Android devices or Apple’s guide in case the device is an iPhone or other iOS-based device.

Phone/Tablet Location Computer/Laptop

Change all passwords

If you believe that your device might be stolen, as a precautionary measure it is good to change all the passwords  to your accounts which are logged in. It is also advisable to use a trusted device  to logout from all sessions on the lost device.

Changing all of your passwords is much easier and safer with the help of specialised applications called password managers  . These apps [APPLICATION] securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols. Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Password Digital hygiene Phone/Tablet Apps Location Computer/Laptop

Factory reset

Your device may start acting strange and having various performance issues (working too slow, showing too many errors, certain apps or features not working). In case you cannot resolve these issues by restarting the device and/or clearing the cache, running an antivirus or antimalware check or updating your device software, drivers or operating system  , a factory reset  might be a solution.

Be aware that If you run a factory reset on your phone all the data will be lost, so make sure to backup any important data before proceeding. See more information from Google on how to do a factory reset on Android devices or Apple’s support page on how to do the same on iOS based devices.

Phone/Tablet Computer/Laptop Device reset

Repair shop

If resetting your device to factory settings  did not resolve the issues you experienced, it might be best to take the device to a repair shop. Before you do this, it is important to backup  any data on your device and also make sure to protect your device, sensitive files and apps with a password or a PIN.

Before choosing a specific repair shop, do a simple online search and try to find the ones with the best online reviews and positive comments.

Password Data backup Digital hygiene Phone/Tablet Computer/Laptop Device reset

LIBEL AND HUMILIATION

Bad language, swearing and use of a disrespectful tone that degrade personal dignity, reputation and/or status in society. Pictures, videos, memes and gifs can also be utilised to inflict humiliation/shame. 

Criminal charges detailing the assault, and any evidence (hard copy) must be officially filed with the police, referencing the criminal offense - in this case art. 170 of the Criminal Code. Note that the entire procedure as well as identification of the perpetrator is the responsibility of the filing party, given the designation of this criminal charge as a private offence. 

ADVICE: try not to respond to the statements/acts of libel and humiliation, as these responses could ultimately be used against you in court. 

Also, thoroughly assess the situation before initiating a court procedure, to ensure a bad joke or harsh criticism is not being claimed as offence. If the court makes this determination, the outcome can be negative for the filing party. 

If the identity of the perpetrator is known to you, you have the option of claiming damages before a civil court, although police support cannot be relied upon in this type of proceeding. A civil case can be initiated via lawsuit, and if the court finds in your favor, it results in monetary settlement.

Assessment of risk is a useful way to evaluate a potential offence - when it happened, why and from whom? For example, if you post an article on a sensitive societal issue, this tool can help with risk management, to evaluate  which groups or individuals may react negatively. It is important not to internalize  or normalize these types of offences. 

Choose a response that will help you feel safe and decrease the possibility of further harm, document  (or ask family and friends to) all acts of libel/humiliation, and learn more about digital safety, mechanisms for semi-functional protection on social media platforms.

Digital evidence Report to platform Block user Reputation Tactic Criminal charges

INSTITUTIONAL PROTECTION

Because harassment comes in many shapes and forms, it can be reported as a number of different criminal offenses. 

Sexual harassment (art. 182b of the Criminal code) explicitly mentions verbal forms of assaults, but necessitates the filing of a motion to initiate criminal proceedings with the Public prosecutor. In other words, you must inform the police and the Public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against harassment. 

Endangering safety, one of the many consequences of harassment, under art. 138 of the Criminal Code, provides another legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This option is  especially relevant for (female) journalists.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

ALTERNATIVE PROTECTION

There is always an inherent risk that online harassment will transition to the physical world. For this reason, physical safety is a crucial precondition for any other form of meaningful protection. In terms of mental protection, sometimes it is helpful to take a break or minimize time spent on social media platforms, or those platforms of communication where you are targeted with harassment. Talking to friends, family, partners and colleagues about harassment can also be helpful in creating a system of support. 

Blocking  , filtering and reporting options on social media platforms can often serve as a helpful tool for documenting harassment. 

The DeleteMe tool can help find and remove your personal information from some websites. 

Reaching out for support professional associations and support groups is another method for dealing with harassment. 

Several investigative journalists and their networks track down perpetrators of online harassment by analysing their digital footprint. This has been an effective mechanism for not only the identification of perpetrators, but also exposing them and their crimes to public scrutiny. 

In Serbia, female journalists can find support through the initiative “Female Journalists against violence”, and dozens of other feminist organizations that offer services for individuals targeted with violence, including online.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

TROLLING

Trolling has previously been described as intentional, but with the intention of being humorous or witty. The term has now come to describe intentional and ill-spirited mockery, shaming, and provocation.

It has been difficult to prove that trolling alone reaches the legal threshold to be qualified as a criminal act, as trolling has been determined not to constitute an assault on one’s dignity or basis for panic or fear.

ADVICE: Do not respond to trolls with hate or threats, as this type of response could provide them the opportunity to file charges against you (and, in fact, this is often their intent).

There are very few successful mechanisms for preventing or punishing trolling. One remedy is to ignore them and avoid their attempts to bait you into engagement, but whatever remedy you use, you must, first and foremost, feel safe.  

Making use of reporting mechanisms - flagging these profiles, filtering or blocking their posts  , or restricting access to your profile - is always an option.

Block user Tactic Provocation

Use encrypted voice communication

Encryption is a cryptographic concept of encoding messages or information, which ensures that only people who have a way to decrypt it will be able to read it.

Voice communications are very easy to monitor and intercept. However, there are applications that enable encrypted communication through voice calls, as well as text messages, including group communication, photography and video. One of these apps is Signal, which is open source , run by a non-profit organisation and is entirely funded by donations, which allows it to work without monetising the data of its users. Telegram is an application which also has an encrypted audio and video call option and is definitely among the most popular services for secure communication.

Phone/Tablet Apps Encryption Computer/Laptop

Use encrypted messaging

Messages are mainly used for informal and personal communication, and are often the subject of correspondence of confidential information about users that should not be available to third parties. There are applications that enable encrypted  communication through chat services. 

SMS communication is similar to chat communication, the only difference is that the internet is used as a data transmission medium in chat communication, while the standard network of mobile phones (GSM, 2G, 3G, 4G, etc.) is used for SMS messages. It is important to emphasize that both parties must use encryption in order for the system to be secure. A free and open source online chat app that provides end-to-end encryption  by default is Signal. It is available for iOS and Android, as well as a desktop app. It provides a wide range of security options, such as self-destructing messages, PIN protection or encrypted video calls. You can also use Telegram where Secret Chats need to be enabled for end-to-end encryption.

Phone/Tablet Apps Encryption Computer/Laptop

REVENGE PORN

Revenge porn is defined as posting sexually explicit content without consent, with the intent of humiliation, shame or blackmail. Revenge porn is a violation of  privacy and can result in extreme emotional trauma. 

Revenge porn is a serious form of assault, and as such, it is crucial that instances are reported to the police and the public prosecutor. There are several criminal acts that can be used as a legal basis to prosecute the posting of revenge porn. 

Sexual harassment (art. 182b of the Criminal Code):  filing a motion for the initiation of proceedings is a precondition to start the procedure. This means that you must inform the police and the public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against revenge porn.

Unauthorised wiretapping and recording (art.143 of the Criminal Code ), unauthorised taking of photos (art. 144), unauthorised publishing and presentation of another’s texts, portraits, and recordings (art.145 of the Criminal Code ), are other charges that refer to illegal recordings, and could be utilized to prosecute cases in which video was made without consent, even if it was not posted online.  These procedures carry private criminal charges, which means that you, the filing party,  must present the identity of the perpetrator, and as many details and as much evidence as you can (for example, where the recordings are stored, where the camera could have been placed during the recording, etc.). 

Your physical safety is the highest priority when it comes to protection.

If your harasser intentionally positions themself in your physical vicinity, you can request a court issued emergency restraining order. 

Document any and all recordings, comments, threats and other forms of harassment as crucial evidence for initiating protection mechanisms and/or court proceedings.

Seek support from CSOs, women’s support networks, and others who can help you choose the best way to protect yourself. 

Report any and all recordings, comments, threats and other forms of harassment to the platforms where they have been posted, and find out more about take down procedures on  Facebook and other platforms. 

And don’t forget, even if you originally gave your consent to be filmed, this does not imply consent for sharing that content. You are not to blame for being targeted with this type of assault.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Location Report to platform Reputation Safety Support Sexual Harassment Pornography Computer/Laptop Criminal charges

AI VIDEO MANIPULATION (DEEP FAKES)

Hyper-realistic software-manipulated video or audio content, falsely depicting the target’s behavior or speech with the goal of damaging the target’s reputation and/or degradation of dignity.
 

You can claim damages via civil legal procedures if a manipulated video or photo:

causes you harm, has been made for defamatory purposes, or has resulted in financial loss (if your biometric data or voice is manipulated for the purposes of fraud, for example). 

If you have suffered a financial loss because of deep fake or video manipulation, you can utilize civil legal procedures to recover losses. In the case of causing great offense or other form of non-pecuniary damage (to reputation, or psychological harm, for example), you can file a civil law procedure to win compensation. In both cases, you, the filing party, are responsible for providing the identity of the perpetrator.

This type of content is so insidious in that it is difficult to identify (the Director of Facebook is one such example). Some of the clear signs of deep fakes are mechanical/unnatural movements, static eye position (no blinking), and inconsistent movement of the lips while talking. Your risk of being targeted with this type of content decreases the more aware you are of your digital footprint, and by limiting circulation of your biometric data, including photos, video and audio recordings. 


 

Damage Report to platform Reputation

Use encrypted email

Despite the development of more modern ways of communications, email has remained one of most commonly used solutions in official communications through the internet. Therefore, a large amount of important and sensitive information is still transmitted by email. On the other hand, the technology behind e-mail is not completely secure, it has a lot of security flaws, and the users have no control over who can access the metadata and content of their e-mail communication, especially when using email services such as Gmail, Outlook.com, Yahoo Mail, etc. 

Emails can be encrypted  using PGP (Pretty Good Privacy) , which is based on public key cryptography. You need to generate a key pair - a public key which you share with others and a private key which you keep secret - in order to exchange encrypted emails with correspondents. 

If you use an email provider like Gmail or Outlook, you can encrypt your communication using Thunderbird, an open source email client with built-in OpenPGP capabilities, or by using the Mailvelope browser extension which works with popular webmail services. By using these tools you can easily generate a key pair for encrypting your email, or import existing encryption keys.

However, there are email providers, such as ProtonMail or Tutanota, which encrypt your messages automatically when they are sent between their users, and also provide ways to send encrypted emails to those using other providers.

Phone/Tablet Apps Encryption Computer/Laptop

PRESSURES ON FREEDOM OF EXPRESSION

It would be nearly impossible to exhaustively list the ways in which someone can put pressure on and threaten freedom of expression. Those who have been targeted with online pressure or abuse will undoubtedly feel its consequences.

For the broader public, we can see these threats everywhere - from commenting threads, social media platforms, and increasing hate speech and intentional defamation. 

It has been nearly impossible to legally qualify the idea of ‘pressure’ as it is perceived, as it rarely meets legal thresholds for prosecution. However, this type of assault, in targeting journalists and activists, causes serious distortions in and manipulates public debate and decision making. Taken as a threat to freedom of expression as a whole, ‘pressure’ can reach a legal threshold, but the legal system is unable to effectively address the problem as it can provide only individual, and not collective, protections.

Independent State bodies, such as the Ombudsperson for the Protection of Citizens’ Rights can carry out investigations and issue public warnings to government officials or other public figures who put pressure on journalists and/or single them out through targeted assaults.
 

Digital hygiene Encryption Tactic Support Journalists Media

THREATS

Endangering physical and emotional safety and wellbeing by calling for violence against a particular person or group of people, including threats of rape and other forms of gender-based violence.
 

Threat is a serious form of assault and one that should be urgently addressed to best prevent it from being realized in the physical world. Report each and every threat to the police and the public prosecutor. 

As threats often cause fear and insecurity, art. 138 of the Criminal Code - Endangering safety - provides a suitable legal basis for initiating mechanisms of protection. 

 In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge is especially relevant for (female) journalists, as this charge provides for a higher sanction. 

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

In addition to reporting threats to police and digital platforms, inform your employer and document them

If you can, protect your mental health by taking a break from social media platforms, especially those spaces that can cause additional stress or fear for your safety. Create a network of support to help take over some of the work documenting the threats. Again, prioritize your physical safety above all else and If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately! 

Digital evidence Password Authentication Recovery account Phone/Tablet Malware Report to platform Safety Sexual Harassment Journalists Fear Media Computer/Laptop Criminal charges

STALKING

The process of diligently and continually following someone’s activity online. The designation of stalking can be applied whether or not the stalker and target know one another in person.  Digital traces, data and other markers of our participation that show up on social media platforms and other websites have made stalking in the digital age a much easier task. As much as in the physical world, consequences on the targeted individual can vary, but could include an increased sense of insecurity, fear and the perception of an invasion of privacy.

Stalking, in the Criminal Code, is identified as a criminal offence (art. 138a), carrying that sanctions for not only the act of stalking but also for unlawful collection of someone else’s personal data, as a preliminary offence, prior to the instance(s) of stalking. However, the article does stipulate that to constitute stalking, the incident(s) must take place for a specified period of time. The intensity of stalking, and consequences felt by the target are not of critical relevance, but could be taken into account by the court during criminal proceedings.

If the incidence(s) of stalking fail to meet the time stipulates laid out in the Criminal Code art. 138a, then article 138 - Endangering safety - could also offer protections against acts that result in fear for one’s safety, and provides stricter sanctions if the target is a (female) journalist.  

In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. 

It is easier than ever to conduct private surveillance of public digital spaces using a number of different methods. For this reason, it is important to ensure that your tech-devices (phones, computers, smart speakers/doorbells, etc) and check if options (e.g. location, privacy settings) are best protected (turning off location tracking, strict privacy setting) and limited in their ability to share private data. 

As with all types of assault, targets of stalking should inform friends, family, partners and colleagues about the harassment, so you have a bigger network of support. If online stalking moves offline, to the physical world, you should immediately inform police and request protection. 

Check out these resources for improving your digital safety.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Safety Support Identity Computer/Laptop Criminal charges Stalking

HATE SPEECH

Verbal assaults based on race, religion, ethnicity, sexual orientation and gender identity, or political and union affiliation or other identities or characteristics such as age or economic status can be described as hate speech.

Although there is no legally accepted definition of hate speech, the Criminal Code offers several mechanisms of protection. Under art. 317 (Instigating National, Racial and Religious Hatred and Intolerance) of the Criminal Code any and all speech negatively targeting people from certain backgrounds is prohibited. Art. 387 of the Criminal Code prohibts discrimination based, not only on race, but also on skin color, religous, national, or ethnic background, and personal characteristics and affiliations. 

This article also bans the publication of texts and material that propagates discrimiantion, conspiracy, and violence against individuals or groups belonging to these protected categories.  

Hate speech is also forbidden under the media law, and members of the media and media organizations can be penalized for hate speech in civil court proceedings. 

ADVICE: File charges and request the police and prosecutor initiate an investigation.

In addition to documentation , you can also report hate speech to the platform, as all explicitly forbid it in their terms of service. 

If hate speech is published online - on a website or media platform - you can request, via email or directly via the platform, removal of this content. 

Also, the Commissioner for the Protection of Equality can initiate a civil legal procedure investigation into the content. Initiated via written request, the Commissioner has 90 days to investigate and take a decision to respond to posted hate speech. Responses can include an apology, publication of an opinion, or a cease and desist order related to the hate speech.

 

Report to platform Reputation Tactic Safety Criminal charges

IDENTITY MANIPULATION

Identity manipulation or misuse of personal data is a serious threat with potentially far-reaching consequences. Whether the target is a person whose personal data has been misused, or someone else, the damage can be incalculable.

Due to the complexity and different manifestations of this category of assault, it is difficult to determine the legal basis offering the most suitable protection. In the case of fraud committed using the computer belonging to another person, and resulting in material or financial gain for the perpetrator, a criminal complaint may be filed under art. 301 (Computer Fraud).  Another criminal offense, the unauthorized collection of personal data (art. 146), must be initiated via private lawsuit, and therefore the identity of the perpetrator must be known.  

If a case of identity manipulation leads to psychological harm, or damage to reputation or dignity, then compensation may be claimed using civil legal procedures. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

 

Identity manipulation is often tied to financial fraud and online theft. There are different ways you can protect yourself from these crimes: limit the amount of money that can be transferred to another account, or taken out via ATM at one time, use at least a two-factor authentication system for your finance-related logins, and destroy old bank and other identity cards with sensitive data. 

If you are a victim of identity manipulation, inform the police as soon as possible, notify the financial institutions or websites where you have accounts and temporarily block compromised bank accounts and/or cards. 

Timely risk assessment and digital hygiene are important means of  prevention and protection.

Digital evidence Password Authentication Recovery account Phone/Tablet Damage Reputation Identity Cybercrime User account Computer/Laptop Access recovery System restore Criminal charges

FALSE ACCUSATIONS

As the result of structural power inequality, false accusations, even if proven untrue, have the potential to inflict serious and lasting reputational damage on the accused. 
 

This type of attack can also be considered a form of pressure on freedom of expression, and it is difficult to ensure protection in this case. 

In the case that a false accusation results in the endangerment of safety, protection under art. 138 of the Criminal Code is available. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

For harm suffered in the form of damage to reputation and dignity, compensation may be claimed through civil legal proceedings initiated via a lawsuit. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

Document how false accusations have caused you harm. If accusations have been published online, request that the website or platform remove this information. 

If the amount of content posted becomes too much to collect, ask your friends, and family to help you document false accusations and report them to the websites or platforms. 

Publicly commenting on or calling out  accusations is another way to address the attack, but do a preliminary risk assessment to evaluate the potential for negative reactions and amplification of the false accusations. 

 

Damage Report to platform Reputation Tactic Support Media Criminal charges

Report to the platform

In case someone is impersonating you through a fake email or social media account, or if you are a subject of online harassment such as smear campaigns, threats, spreading hate speech or stalking, you should use the “Report” option to inform the platform about this issue. When you report the profile or message in question, you usually get an option to mark the appropriate violation of your rights and platform Terms of Service (impersonation, harassment, etc.). You can find more details on the American PEN Center website.

To prevent further harassment, it is also highly advisable to block the user(s) in question .

Digital evidence Report to platform Block user Data leaks Cybercrime

Report to the police

In cases of online harassment or other forms of violations of personal rights (e.g. endangering security with threats) it is possible to report these incidents to the police or other state authority in charge of investigating or prosecuting cybercrime , as they can present criminal acts which are punishable by law. 

To see best practices for gathering digital evidence before filing a complaint, see the “File a complaint” section.

Digital evidence Data leaks Cybercrime Criminal charges Police

FLAMING

Usually found on internet forums or reddit-style threads, flaming refers to the use of offensive language, swearing and other methods of provocation for the purpose of eliciting a response from or engagement with the target. The ultimate goal is to inflict humiliation, shame, and ruin the target’s credibility. 
 

There are a number of methods this type of  assault can be carried out, so several corresponding criminal acts could be considered as mechanisms for protection.

In the case of flaming that includes threats, in which art. 138 of the Criminal Code- Endangering safety could offer protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

If flaming is offensive and disrespectful in nature, court proceedings can be initiated via private lawsuit, requiring the identity of the perpetrator.  

Flaming is often accompanied by a high volume of anonymous messages and comments, further complicating the process of pursuing legal protection.

Your physical safety is your highest priority! Make sure you are in a safe place.  Turn off the location tracking options on your devices, including Google Maps and other apps. 
In addition to documenting evidence , reach out to your family, friends and partners for support. If the flaming is connected to your work, talk to your colleagues and employer to come up with a response that works best for you. 
Flaming usually comes with a high volume of messaging and can be quite intense, so consider taking a break from the platforms or websites where the abuse is occuring. 

Reputation Tactic Support Journalists Media Criminal charges

File a complaint

When you are filing a complaint to the police, it is important for you to gather all the necessary digital evidence  and not only to copy the content of the message in question. It is often not simple, as it requires technical knowledge and patience, for which few people upset by the attack can have nerves. If you can't deal with it, call a friend, colleague or family member for help. They can also record evidence of an attack, but also deal with your account on the platform on which the attack is taking place. The documentation should contain material evidence of the attack and be classified so as to facilitate the search. Using a spreadsheet can be convenient, as attacks can be sorted by time, location, cause, duration and type of attack, reports filed on the platform, and response. This is all important information for lawyers, police, further investigation and court proceedings. Try to identify the type of attack, because some forms of online threats are still unknown to the general public, and sometimes even to the police. This will help the investigators to better understand what happened and how to look for the perpetrators.

First, you should provide relevant links or URL addresses in their integral form, i.e. if the attack occurs on social media, then you should provide an integral link of the account which sent you a threat. Then, you should save a copy of the message in an integral form containing metadata, i.e. email headers

Furthermore, it would be good to make a screenshot/print-screen of the message, image or a video included in the incident. On the other hand, if there are several segments of the incidents - you are facing-multiple SMS-s, messages received via an application on a computer or phone, etc. - you should make a screenshot of each one or possibly make a video of the entire process. 

In addition, if the harassment occurs through phone communication, then the report should contain call logs issued by the phone operator because they contain the time of the call and the number from which the call was made, which may make further investigation easier. Also, you can turn to a Computer Emergency Response Team in your country, which may provide technical support and mitigate the damage, or state bodies in charge of investigating cybercrime

Digital evidence Data leaks CERT Cybercrime Criminal charges Police

GOOGLE BOMBING

Intentional optimization of inaccurate and malicious information on internet search engines (i.e. Google), with the objective of causing damage to the target’s dignity and reputation.

The criminal justice system does not explicitly prohibit this or identify it as a criminal act. From a technical viewpoint, Google bombing does not imply the misuse or manipulation of personal data. Rather it is seen as a misuse of the (Google) search engine. In certain cases, this type of assault can be prosecuted via Unauthorised Access to Computer, Computer Network or Electronic Data Processing (art.302 of the Criminal Code ). In this case, criminal charges, together with collected evidence  (screenshot  of the search results, analysis of the search optimization,etc), should be filed with the police.

For harm suffered in the form of damage to reputation and dignity, compensation may be claimed through civil legal proceedings initiated via a lawsuit. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

Because tools to modify search engine algorithms are widely available, almost anyone can alter search results. For this reason it is quite difficult to prevent or protect yourself from Google bombing.

Google has developed an extension for their search engine - Google Meet Bomb Guard that allows users to block all uninvited participants and generic gmail accounts from organized Google Meet groups.

Take a look at other available search engine extensions  that can help prevent this type of assault. 

Digital evidence Digital hygiene Browser Damage Report to platform Reputation

DOXXING

Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

Regardless whether or not disclosed data is utilised for harassment, the unauthorized posting of data alone, qualifies as doxxing, and is viewed as a type of online attack. As is often the case, when doxxing creates an imminent danger to safety, art. 138 of the Criminal Code - Endangering safety - could provide legal protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Art. 146 of the Criminal Code, Unauthorised Collection of Personal Data, which prohibits the collection, publication and use of data for purposes “other than those for which they are intended”, could provide the basis for legal protection. 

Document every instance and location in which your personal data was posted, and file this evidence with the police.

Immediately report doxxing and any other unauthorised publication of personal data to the websites or platforms where it was posted, and to the police. 

Follow-up on your report to better ensure they respond.  Immediate action is key to prevent further distribution of your personal information online.

Turn off location tracking options on your phone, Google maps, and other applications that collect your sensitive data (location, key address, etc). 

Put strict privacy controls on your social media profiles, and two-step authentication  systems for all website logins storing your sensitive data. 

Talk to the people you trust - colleagues, friends, employers. Urge the police to alert the platform to remove your personal data, and use website and platform reporting mechanisms. 
Deleteme is a tool that can help find and remove sensitive data online.

If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Digital evidence Password Recovery account Digital hygiene Phone/Tablet Location Report to platform Data leaks Reputation Safety Sexual Harassment Identity User account Computer/Laptop Criminal charges

FALSE REPORTING

The misuse of reporting or flagging mechanisms, or false claims of copyright infringement or other violations of Terms of Service or Community rules and regulations on social media platforms, for the purpose of blocking, suspending or preventing more extensive digital participation.

Similar to trolling, it is difficult to qualify false reporting as a criminal offense. Rather, it is seen as a misuse of social media platforms’  internal reporting mechanisms. Unfortunately, it is very difficult to find a remedy, as the mechanisms for reporting usually employ automated systems that often fail to offer adequate help. 

It is difficult to combat false reporting. Both Facebook and Twitter offer assistance for reactivating accounts that have been shut down due to false reporting. Unfortunately, these platforms are slow to respond to this particular issue, and creating a new account is generally a quicker solution. 
 

Digital evidence Password Authentication Recovery account Damage Tactic User account

RETALIATION AGAINST SUPPORTERS

Friends, family, partners, colleagues, employers, and other witnesses to the abuse, can be  targeted in the same or similar way as the original target. 

Retaliation can take many forms, so it can be linked to different criminal offences. If the assault results in the endangerment of safety, art. 138 of the Criminal Code  could provide a suitable legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Assess as to if the assault could be qualified as offence, threat, harassment, doxxing, false accusation or another form of digital assault. Identifying the type of assault based on charges set out in the Criminal Code can increase your chances of success in accessing legal protections.

In addition to the many mechanisms of protection, a useful strategy for countering an assault is to publicly call out and condemn an attack without directly identifying or naming the perpetrator. If you opt for this tactic, assess the risk and continue to document  problematic responses, especially  if they are defamatory in nature. Surround yourself with friends, family and colleagues:  safety is in numbers.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Report to platform Safety Support Computer/Laptop Criminal charges