Search

According to the most general classification, technical attacks can be carried out either without direct access to the server or with the need of access to the server. In the first group are mostly incidents whose most important goal is to prevent access to the content of the site. 

There are several ways to crash a server, and the most commonly used is a DDoS (Distributed Denial of Service) attack. This means that a huge number of devices simultaneously send access requests to the attacked server, which cannot answer all the queries and simply stops working. After the attack stops, in most cases the server and the site work normally. 

Ransomware is a form of malware which encrypts files on anything from a single computer all the way up to an entire network, including servers, so that the files cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

Phishing is focused on exploiting the lack of knowledge or gullibility of the target and is mostly done by email. It is usually used for various scams, such as the famed “Nigerian Prince”, infecting devices with malware or gaining access to sensitive information, such as financial data or login credentials. Potential targets are sent a fraudulent message which is made to look authentic and as if it was coming from someone from the position of authority, such as a bank or police. The recipient is then asked in the email to open the attached file or click on a link in order to do something very important, e.g. to update bank account information or review a received payment. 

Interception of communication (voice, video, text chats, internet traffic) is also a risk, as there are actors such as intelligence agencies and criminals with advanced capabilities and resources to conduct surveillance of unencrypted communications channels. Issues such as government hacking are becoming increasingly dangerous for citizens’ communications privacy due to the growing surveillance industry, which keeps developing and selling one advanced product after the next.

Code injection is a more sophisticated type of attack, when malicious code is inserted through some open form of the site or through a URL. The goal of the attack is to instigate the database or other part of the site to perform operations that have no visible result, but occupy the server's resources until they flood it with activities, thus shutting it down. In some cases, after these attacks, the site becomes unusable, so the content is restored with the last saved copy . Regular backup of the site is rightly considered an elementary security procedure. 

Trojans that enter the system through social engineering are first on the list when it comes to the number of some types of attacks. Users usually pick up the infection on obscure websites where they recklessly accept the warning that they are “infected” and activate a fake antivirus. In this way, millions of hacking attacks are carried out each year, which puts the trojans in an unsurpassed advantage over other hacker attacks. The best protection against this type of attack is education and information about modern forms of threats. In organisations, this problem is somehow solved by filtering sites that can be accessed from a computer in the local network. 

Computer worms are malicious programs that multiply themselves, using computer networks to transmit to other computers, usually without human intervention. They can arrive as an email attachment and their operation is enabled by security vulnerabilities in the operating system. The best protection against worm attacks are antivirus software and quality passwords [PASSWORS]. Other good methods are firewalls, not opening suspicious emails and regular software updates.

Online harassment includes many forms of abuse, such as impersonation (i.e. someone making a fake social media or email account with your personal data), smear campaigns, hate speech, threats, cyberstalking, etc. When such incidents occur, it is best to report and block the accounts in question and gather any digital evidence to be used for potentially filing a criminal complaint: relevant links or URL addresses, screenshots  of profiles and messages, phone/app  call logs and similar. 

Attacks that require access to a server are mostly complex and more serious. They are aimed at stealing data, altering content, placing fake content and disabling access to content. These attacks are complex because the attacker must break through all the security measures set on the server in order to reach certain passwords, access codes and the like. They also require greater expertise of the attacker.

Server DDos Digital hygiene Malware Harassment Cybercrime

Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

The infraction of doxxing does not require that the published information be utilized with consequence to the target. The simple act of making sensitive information - the spread of which could have repercussions on the person whose information has been published -public, sends a clear message of intimidation and harassment. 

It is important to report online violence to social media platforms as there is  always the chance that the data is removed and/or the perpetrator blocked  . It is important to report abusive content as a method of documentation and evidence for police investigations and court cases - and there is always the chance that the content is removed and/or the perpetrator blocked. If needed, ask family and friends to take over reporting and communication with the platforms.

The most important thing is to take care of yourself, and acknowledge your feelings, even if it means allowing yourself a few days to lie in bed under the blankets, doing nothing.

There is always the option of abstaining from social media for a certain period of time, but given our reliance on these platforms, this is a strategy that is much easier said than done. Try instead to limit the time you spend on these platforms and interact with people you trust in closed group settings.

If you are a female journalist, there is an initiative “Female Journalists against violence”, which offers support and help rooted in the empathy, trust and mutual learning.

Check aslo OnLine SoS to learn more about additional means of protection.

Digital evidence Digital hygiene Harassment Reputation Safety Sexual Harassment Journalists Identity

Friends, family, partners, colleagues, employers, and even witnesses to the abuse, can be  targeted in the same or similar way as the original target. 

In this way, the perpetrator destroys or attempts to undermine existing networks of support. The result is that the original target is exposed to additional harassment, guilt for the abuse now being levied against friends and family, and further feelings of isolation and anxiety. 

During an assault and in the aftermath, persons suffering violence often turn to their friends and family and spaces where they can talk openly about their experience and find support. As important as the support of family and friends can be, sometimes, even well-meaning advice can place blame for the harassment back onto the target. Remember that the perpetrator alone is responsible for abuse. Your friends and family can also help you to document and monitor  online abuse and to maintain an overview of your social media profile and online communication channels.

Learn more about support, risk assessment and other support mechanisms: here.

It often happens that supporters and bystanders who defend the primary target, in many cases journalists and activists, are involved in an organized attack together or individually.

Digital evidence Digital hygiene Harassment Safety Sexual Harassment Pressure