Tagged with Data leaks x


The internet commonly provides a false sense of anonymity, whereas there is only pseudo-anonymity for most users. Pretty much everyone is identifiable online by their IP address , a unique identifier assigned to you by your internet service provider (ISP).

However, there are tools which can help you mask your actual IP address and provide an additional layer of protection for your online identity. This can be achieved with the use of Tor Browser or Virtual Private Network (VPN)  services.

Tor Browser is a free and open source software customised to work with the Tor network, based upon Mozilla Firefox, which encrypts  your browsing traffic and gives you a new identity, i.e. a new IP address. It is also particularly useful for accessing blocked websites on your network. There are some drawbacks however, as the Tor network provides generally slow internet speeds and users’ identity can be exposed if they do not use Tor Browser properly.

Virtual Private Network (VPN) is a service which enables users to connect to the public internet through a private network, providing an additional encrypted layer of privacy and masking the users’ actual IP address. There are many VPN providers, but users should still take note and be aware of possible security aspects such as:

  • Jurisdiction, i.e. in which country is the company providing VPN services based. Countries which are members of the “Five Eyes” mass surveillance alliance (USA, UK, Canada, New Zealand, Australia) should generally be avoided;
  • No logs policy, meaning that the VPN provider doesn’t log your internet traffic made through their network;
  • Regularly performed independent security audits, which are usually documented on the VPN provider’s website;
  • Price - some VPN services are quite expensive, but you should be vary of “completely free” VPN apps , as their business model is almost certainly based on tracking users. However, some paid-service providers  offer free plans with limited possibilities, such as lower speeds and a smaller number of servers .
IP Address Digital hygiene Browser Apps Encryption Data leaks Safety

Good security practices

No matter what you do online, you should always try to follow general good security practices:

  • Be very careful with your personal data;
  • Respect the privacy of others on the internet;
  • Only download files and install software from known and trusted sources;
  • Regularly update all software and operating system  of your devices to reduce the risk of attacks;
  • Create unique and complex passwords and securely store them in password managers  ;
  • Enable multi-level authentication  for your online accounts wherever possible;
  • Use an anti-virus/anti-malware software;
  • Encrypt everything you can encrypt;
  • If you use a public computer, try not to leave any traces  behind;
  • If your USB flash drive was in a public or unprotected computer, be sure to scan it with anti-virus/anti-malware software before using it again. It is generally recommended that portable devices, e.g. USB flash drives or external hard drives, are scanned each time they are connected to a computer;
  • Take into account the risks that your every action on the internet implies, privacy does not mean less responsibility;
  • At least quickly read through the Terms of Use/Service before clicking "I accept".
Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Bad security practices

Habits are hard to change, but you should try your best to avoid these bad security practices:

  • Never send passwords , personal data or financial information via plain text email;
  • Do not access networks or other systems for which you do not have authorisation, even if you have somehow obtained certain login credentials (username, password). This does not mean that you have been authorised to use them;
  • Do not install suspicious add-ons and software updates;
  • Don't click on suspicious links you received via email, no matter how interesting the message may seem;
  • Avoid using public or unprotected computers;
  • Avoid using other people's mobile devices;
  • Don’t write your passwords on a post-it. Seriously, don't!
  • Don’t put the names or dates of birth of people close to you as passwords;
  • Don’t leave your devices unattended and unlocked;
  • Don’t ignore suspicious activities - sometimes it’s better to be paranoid;
  • Do not use pirated software. If you do not want to pay for software, look for a free and open source  alternative;
  • Don't live in your comfort zone. Sometimes it is worth investing a little time and effort and learning the basics of how to be safe on the internet.
Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Disc encryption

Encryption is the process of protecting data with a complex cipher, scrambling it so that it can only be accessed (decrypted) with a password or key, sometimes requiring an additional authentication factor, e.g. a digital certificate  . Encrypting hard drives and removable devices, such as USB drives, is especially recommended for people working with confidential information, primarily journalists and human rights activists.

VeraCrypt is a multi-platform (Windows, Linux, MacOS X) free and open source  disk encryption software with advanced capabilities. It can be used to encrypt only specific files, whole hard disk partitions, removable drives, as well as a partition or drive where Windows is installed (pre-boot authentication).

Cryptomator enables you to encrypt your cloud storage files for services such as Dropbox or Google Drive. Files are encrypted within a secure vault which is then stored with cloud service providers, which cannot access the data. Cryptomator is open source and available for Windows, Linux, MacOS X and mobile platforms (iOS, Android).

Digital hygiene Apps Encryption Data leaks Cloud

Mail server

Emails are considered sensitive data in any organisation. For security reasons, each organisation should have a dedicated email server . In this way, it protects itself from attacks and other malicious activities. 

In addition to the content of email, the importance of data from everyday communication is the so-called metadata - information that is generated and exchanged by software and devices used for sending and receiving emails. For attackers, metadata is often more important than the content of the letter itself, because it carries accurate information about the digital context of communication. Metadata is stored on the mail server, so its protection is specific. The basic step in this direction is to block all protocols (for example, FTP or HTTP) that the server does not need to perform its primary function, i.e. receiving and sending emails. A dedicated server can be rented as part of a hosting  package or other services, or an organisation can purchase a server with special software. An example of such software is iRedMail.

Alternatively, non-profit organisations can opt to use G Suite, i.e. Google’s productivity package which includes several popular tools and products (Gmail, Google Drive, Google Calendar, etc.). However, it should be noted that Google’s business model is based on user profiling and analysis of personal data collected from its users.  

Server Data leaks Cloud

General infrastructure protection

Here are some general recommendations on infrastructure protection:

  • Routers  can be configured to refuse automated collection of information about the system via the so-called footprinting method. This method involves creating a sketch of the network based on the fingerprints generated by sending digital signals. It should also be noted that the routing of data takes place according to different protocols, because they can be the main source of information for attackers. Mapping of routes through which data is transmitted (tracerouting), detection of active devices on the network  (ping) and similar methods can reveal to the attacker the entire infrastructure, i.e. the number and type of routers, computers and the way they are connected. Good practice dictates that ICMP requests be enabled for the web server, while the configuration for other servers and the internal network is set so that these requests are rejected;
  • Unnecessary server protocols should also be disabled. For example, everything can be blocked on the mail server except the protocols used for email (IMAP, POP, etc.) while web servers can be structurally configured so that access is provided only to public resources. Access to other folders and files, as well as the administrator part of the portal, should be disabled to avoid unauthorized access and data leakage;
  • Close unnecessary ports that no application on the server uses, with the appropriate configuration of network barriers (firewall).
  • By using intrusion detection systems, suspicious traffic is identified and rejected and footprinting attempts are registered;
  • Using anonymous registration services, information about the domain registrant can be hidden. However, it should be borne in mind that the reputation of a credible organisation is built through transparency, and this technique is not recommended in every situation.
Server Data leaks Hosting Cloud

Permanent data deletion

Conventional deletion of data from a device is not an effective solution for permanent deletion, because there are ways to recover deleted data with the help of special software. The solution to this are programs that use complex algorithms for decomposing data into a digital “mash” that can no longer be returned to its original form. Eraser is a free Windows application [APLICATION] that can completely remove data from hard drives by overwriting it several times with carefully selected patterns.

As for optical disks (CDs, DVDs), the most elegant way to permanently destroy them is to use a special shredder that can destroy disks in addition to paper. Methods for physically destroying hard drives that can be found online, where the drive is acidified or burned, are extremely dangerous. Hard drives contain various types of harmful chemicals, which can cause toxic and flammable fumes.

If old equipment is ready for sale or a hard drive is destined for disposal, it will require deep cleaning, even if it is broken. The software that does this very efficiently is Darik’s Boot and Nuke. Good practice suggests that when disposing of old equipment - after special software has performed deep cleaning of the disks - the equipment is disassembled to destroy the ports and break the pins on the connectors.

Digital hygiene Apps Data leaks

Incident notice

For the purposes of this toolkit, we will define “incident” as any event that has a negative impact on the security of network and information systems. This can range from complex and sophisticated technical attacks to system malfunctioning caused by human error.

However, when it comes to ICT systems of special importance  , such as those which are part of a country’s critical infrastructure (power supply, telecommunications, etc.) or used for banking services, they have an obligation to report incidents in their systems to competent state bodies and authorities. For example, if the incident occured in the banking sector, the operator of the ICT system needs to notify the country’s central bank.

When there are more serious incidents and attacks, which can strongly affect national defence or national security, relevant intelligence and security services and agencies (military or civilian) should be notified as well. In addition, when an incident involves and affects personal data, the national data protection authority (Commissioner, Agency, Commission, etc.) is also to be notified.

Sometimes it is very difficult to distinguish between types of incidents, as they can occur simultaneously. Below is a list of some of the types of incidents which usually require sending an incident notice to the competent state authorities:

  • Breaking into the ICT system: an attack on a computer network and server infrastructure which, by violating protection measures, enabled access to the ICT system and unauthorised influence on its operation; 
  • Data leakage: availability of protected data outside the circle of persons authorised to access data; 
  • Unauthorised modification of data
  • Data loss
  • Interruption in the functioning of the system or part of the system; 
  • Denial of service attacks [DDoS] ; 
  • Installation of malware  within the ICT system; 
  • Unauthorised data collection through unauthorised surveillance of communications or social engineering; 
  • Constant attack on certain resources; 
  • Abuse of authority to access ICT system resources; 
  • Other incidents
DDos Damage Data leaks CERT Cybercrime

Report to the platform

In case someone is impersonating you through a fake email or social media account, or if you are a subject of online harassment such as smear campaigns, threats, spreading hate speech or stalking, you should use the “Report” option to inform the platform about this issue. When you report the profile or message in question, you usually get an option to mark the appropriate violation of your rights and platform Terms of Service (impersonation, harassment, etc.). You can find more details on the American PEN Center website.

To prevent further harassment, it is also highly advisable to block the user(s) in question .

Digital evidence Report to platform Block user Data leaks Cybercrime

Report to the police

In cases of online harassment or other forms of violations of personal rights (e.g. endangering security with threats) it is possible to report these incidents to the police or other state authority in charge of investigating or prosecuting cybercrime , as they can present criminal acts which are punishable by law. 

To see best practices for gathering digital evidence before filing a complaint, see the “File a complaint” section.

Digital evidence Data leaks Cybercrime Criminal charges Police

File a complaint

When you are filing a complaint to the police, it is important for you to gather all the necessary digital evidence  and not only to copy the content of the message in question. It is often not simple, as it requires technical knowledge and patience, for which few people upset by the attack can have nerves. If you can't deal with it, call a friend, colleague or family member for help. They can also record evidence of an attack, but also deal with your account on the platform on which the attack is taking place. The documentation should contain material evidence of the attack and be classified so as to facilitate the search. Using a spreadsheet can be convenient, as attacks can be sorted by time, location, cause, duration and type of attack, reports filed on the platform, and response. This is all important information for lawyers, police, further investigation and court proceedings. Try to identify the type of attack, because some forms of online threats are still unknown to the general public, and sometimes even to the police. This will help the investigators to better understand what happened and how to look for the perpetrators.

First, you should provide relevant links or URL addresses in their integral form, i.e. if the attack occurs on social media, then you should provide an integral link of the account which sent you a threat. Then, you should save a copy of the message in an integral form containing metadata, i.e. email headers

Furthermore, it would be good to make a screenshot/print-screen of the message, image or a video included in the incident. On the other hand, if there are several segments of the incidents - you are facing-multiple SMS-s, messages received via an application on a computer or phone, etc. - you should make a screenshot of each one or possibly make a video of the entire process. 

In addition, if the harassment occurs through phone communication, then the report should contain call logs issued by the phone operator because they contain the time of the call and the number from which the call was made, which may make further investigation easier. Also, you can turn to a Computer Emergency Response Team in your country, which may provide technical support and mitigate the damage, or state bodies in charge of investigating cybercrime

Digital evidence Data leaks CERT Cybercrime Criminal charges Police


Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

Regardless whether or not disclosed data is utilised for harassment, the unauthorized posting of data alone, qualifies as doxxing, and is viewed as a type of online attack. As is often the case, when doxxing creates an imminent danger to safety, art. 138 of the Criminal Code - Endangering safety - could provide legal protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Art. 146 of the Criminal Code, Unauthorised Collection of Personal Data, which prohibits the collection, publication and use of data for purposes “other than those for which they are intended”, could provide the basis for legal protection. 

Document every instance and location in which your personal data was posted, and file this evidence with the police.

Immediately report doxxing and any other unauthorised publication of personal data to the websites or platforms where it was posted, and to the police. 

Follow-up on your report to better ensure they respond.  Immediate action is key to prevent further distribution of your personal information online.

Turn off location tracking options on your phone, Google maps, and other applications that collect your sensitive data (location, key address, etc). 

Put strict privacy controls on your social media profiles, and two-step authentication  systems for all website logins storing your sensitive data. 

Talk to the people you trust - colleagues, friends, employers. Urge the police to alert the platform to remove your personal data, and use website and platform reporting mechanisms. 
Deleteme is a tool that can help find and remove sensitive data online.

If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Digital evidence Password Recovery account Digital hygiene Phone/Tablet Location Report to platform Data leaks Reputation Safety Sexual Harassment Identity User account Computer/Laptop Criminal charges