DDP’s Mission is to coordinate emergency support and build emergency response capacity for the internet’s critical users, such as bloggers, cyber activists, journalists, human rights defenders, and other civil society activists, whenever and wherever they are under threat through grant making, Rapid Response and the Digital Integrity Fellowship.
1) Increased safety for critical internet users under attack
2) Increased capacity of the digital emergency response ecosystem
- At this moment it is not possible anymore to apply for Capacity Building Grants or Sustainable Emergency Grants. The call for proposals for Incidental Emergency Grants is still open.
- The DDP is looking for a capable Mid Term Evaluator. If you are interested, please send you SoI before 30 September to Frerieke van Bree: firstname.lastname@example.org. Find our Terms of Reference here.
OPEN: Incidental Emergency Grants | For mitigating digital emergencies | For Journalists, bloggers, human rights activists, small organisations | Up to 10,000 Euro
CLOSED: Sustainable Emergency Grants | For longer-term emergency support | NGO’s, media organisations, human rights organisations | 10,000 – 50,000 Euro
CLOSED: Capacity Building Grants | For strategic investments in the emergency sector | organisations or larger groups of human rights defenders | 50,000 – 100,000 EuroRead more
‘The Web does not just connect machines, it connects people.’
The Digital Defenders Partnership (DDP) started late 2012 by the Freedom Online Coalition (FOC) to advance Internet freedom and to keep the internet open and free from emerging threats, specifically in internet repressive and transitional environments. The program increases and better coordinates emergency support for the internet’s critical users, such as bloggers, cyber activists, journalists, human rights defenders, and other civil society activists, through Grant making and Linking & Learning activities.
The DDP believes that an integrated, holistic response mechanism is needed, including physical, legal, infrastructural and emotional safety in order to respond adequately to Internet emergencies. We call the combination of all the different players in this integrated mechanism of response the Digital Emergency Response Ecosystem. To increase the capacity of the digital emergency response ecosystem we invest in the capacity of individual responders (individuals and organizations) and in the capacity of responders networks. We do this by granting (providing funds) and linking & learning activities (providing services). This has proven very effective the past 3 years. Below is an overview of the players within in the Digital Emergency Response Ecosystem.
The DDP’s approach can be recognised by the following core values:
- Human rights & Internet freedom
We work with donors, partners, consultants and grantees committed to the universal human rights instruments and stand for Internet freedom.
- Trust & Confidentiality
Trust is essential in emergency situations. Establishing and maintaining trust with partners is highly important to us. Many of our grantees could be endangered if we do not deal with their information in a confidential way.
- Mentorship & Partnership
The emergency response field is emerging. We provide a mentorship role. We strive to create a partnership with our grantees on equal footing, looking to best to serve the needs of organizations with advice and connections to our vast network of trusted partners.
- Quality & Expertise
There are hardly any quick fixes that have real impact – not even in fast emergency response. To have critical internet users be safe and secure on the long run, qualitative and trusted response that increases resilience is vital. We provide and share the expertise on qualitative emergency responses.
- Not claiming, but facilitating
We do not try to stamp our activities with a DDP or Hivos logo. Our aim is to facilitate an emergency response field that works. We want individuals and organizations to have and take ownership of their own interventions, activities and support them to create sustainable activities that stand the test of time.
As from 2016, DDP has started a strategic partnership with 3 organisations, to know Media Legal Defence Initiative, Front Line Defenders and VirtualRoad, as they each fulfil a specific need (legal defence, regional/physical safety and infrastructural responses) for critical Internet users. Together, we will be able to provide quick, holistic emergency response.
The added value of this DDP – FLD – MLDI – VR partnership is created by:
a) More intensive contact and trust relation
b) Referral/sharing of cases
c) Situational analysis from 4 perspectives
d) Shared outreach strategy
e) Fund security/project sustainability
The DDP is currently funded by 6 donors (US state department, Ministries of Foreign Affairs of the Netherlands, Finland, Estonia, Latvia, and the Swedish International Development Cooperation Agency (SIDA). DDP is a neutral and independent entity from its donor countries, managed by the INGO Hivos.
‘Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.’
Quick readsThis section gives an overview of the latest publications by the Digital Defenders Partnership.
Digital First Aid KitThis Kit offers a set of self-diagnostic tools for human rights defenders, activists and journalists facing attacks themselves, and provides guidelines to assist a person under threat.
OrganizationsClick here to find a list of useful organizations in the field of digital security.
ToolsClick here to find a list of practical tools, such as links to programs that provide secure messaging, password managers, circumvent censorship and anti-virus software.
GuidesClick here to find a referral list to guides created by specialized organizations which can take you step by step how to deal when under digital threat.
ResearchThe latest researches on technology, censorship and surveillance can be found by clicking here. If there is anything missing, let us know at email@example.com
Here you can find DDP’s latest articles and blogs:
02/09/2014: From Digital Threat to Digital Emergency
10/07/2014: Digital First Aid Kit for online activists
11/04/2014: Heartbleed, what you can do about it
Digital First Aid Kit
The Digital First Aid Kit
The Digital First Aid Kit is a collaborative effort of EFF, Global Voices, Hivos & the Digital Defenders Partnership, Front Line Defenders, Internews, Freedom House, Access, Qurium, CIRCL, IWPR, Open Technology Fund and individual security experts who are working in the field of digital security and rapid response. It is a work in progress and if there are things that need to be added, comments or questions regarding any of the sections please go to Github.
It aims to provide preliminary support for people facing the most common types of digital threats. The Kit offers a set of self-diagnostic tools for human rights defenders, bloggers, activists and journalists facing attacks themselves, as well as providing guidelines for digital first responders to assist a person under threat.
The Kit begins with ways to establish secure communication when you or a contact are facing a digital threat and want to reach out for support. The Kit then moves on to sections on account hijacking, seizure of devices, malware infections and DDoS attacks. Each section begins with a series of questions about you, your devices and your situation. These questions will guide you through a self-assessment or help a first responder better understand the challenges you are facing. It then lays out initial steps to understand and potentially fix the problems. The steps should also help you or a first responder to recognize when to request help from a specialist.
The Digital First Aid Kit it is a work in progress and if there are things that need to be added, comments or questions regarding any of the sections please go to Github.
Find a printable version of the Digital First Aid Kit here.
Here you can find a list of several organizations active in the field of digital security.
Computer software and online browsing:
Alkasir is a computer program that works with proxy servers to allow users to circumvent censorship of URLs in countries where there is censorship of political content.
Amber is an open source tool for websites to provide their visitors persistent routes to information. It automatically preserves a snapshot of every page linked to on a website, giving visitors a fallback option if links become inaccessible.
Avast! is a free, full-featured anti-virus program that detects and removes malware and viruses from a home or personal computer.
CCleaner is a tool that can permanently delete browser history, cookies, other temporary files, as well as free disk space, limiting the ways in which hostile or malicious parties can monitor or infect a personal computer.
Prey Anti-Theft is a useful cross-platform and open source device tracking tool.
Psiphon is a circumvention tool from Psiphon Inc. that utilizes VPN, SSH and HTTP Proxy technology to provide you with uncensored access to Internet content.
Prism-break is a website that offers many safer open-source alternatives to commonly used proprietary software to enable users to mitigate the NSA surveillance and PRISM program.
Tor is a program for serving Tor and related files over SMTP
CSipSimple is a tool to make secure calls with.
Open Whisper Systems: free, worldwide, encrypted phonecalls for iPhone
RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
Signal provides end-to-end encrypted instant messaging. Signal is free and open source, enabling anyone to verify its security by auditing the code.
SilentCircle is a secure mobile communication solution for iOS and Android that includes voice, text, video, file transfers and more.
Surespot: a secure mobile messaging app that uses exceptional end-to-end encryption for every text, image and voice message returning your right to privacy.
HTTPS Everywhere is a secure browser application that automatically changes the communications protocol to encrypted http secure for any website that supports it. It was developed by the Electronic Frontier Foundation. Available for Firefox and Chrome.
Jitsi is a cross-platform, free and open-source program which supports Instant Messaging (IM), voice and video chat over the Internet.
PGP is a data encryption and decryption tool that provides privacy and authentication for data communication such as texts, e-mails and files sent by e-mail.
Riseup is a secure e-mail client for people and groups working on liberatory social change, providing a relatively safe means of e-mail communication for them.
Thunderbird is a free and open source email client for receiving, sending and storing emails
Password and storage managers:
Keepass is a handy password manager that enables users to keep all their passwords in one securely encrypted database, which is locked with one master key.
Keysync is a software that syncs your trusted programs
Truecrypt is a file encryption tool that may encrypt sensitive data into entire partions, storage devices (such as a USB drive) or virtual disks that look like ordinary files.
Find below a list of guides that can help you mitigating digital emergencies:
Digital First Aid Kit
Provides preliminary support for people facing the most common types of digital threats. The Kit offers a set of self-diagnostic tools for human rights defenders, bloggers, activists and journalists facing attacks themselves, as well as providing guidelines for digital first responders to assist a person under threat.
Security in a Box
Tools and Tactics for Your Digital Security is a useful guide developed by Tactical Technology Collective and Frontline Defenders specifically for the digital security of bloggers, online journalists and human rights defenders working under repressive regimes. The guide is available in twelve languages, including Arabic, Farsi, Vietnamese, Burmese and Tibetan.
Columbia Visuals checklist
This checklist may serve as a good starting point for bloggers and online journalists to think about their digital security.
Everyone’s Guide to By-passing Internet Censorship
This is a comprehensive guide on internet censorship circumvention technologies, providers and users, developed by University of Toronto’s Citizen Lab.
The guide on Basic Internet Security
This booklet by Floss Manuals provides a good overview of the different aspects of digital security such as safe browsing, e-mail encryption and mobile security.
Find below a short list of interesting researches if you want to know more about digital threats, censorship and surveillance.
Ben Wagner, 2012, Exporting Censorship and Surveillance Technology
European Parliament, 2014: Risks and opportunities raised by the current generation of network services and applications.
Freedom House, 2014: Freedom on the Net
Giswatch, 2014: Communication surveillance in the digital age
European Parliament, 2014: Risks and opportunities raised by the current generation of network services and applications.
Nada Akl, 2014, Mapping Digital Threats in the Middle East and North Africa
‘It is not possible to cling to a belief in universal values but maintain the majority of the world in information poverty.’’
Turbulent start of 2015 for Digital Security Developments
The first quarter of 2015 has been turbulent in terms of digital security developments worldwide, with different governments taking stronger measures against a free and open Internet.
Riseup published an article about a Spanish police operation against anarchist activists, in which 11 of the arrested activists, seven were jailed pending trial. The reasons given by the judge for their continued detention included the possession of certain books, “the production of publications and forms of communication”, and the fact that the defendants “used emails with extreme security measures, such as the RISE UP server.”
In February, Russia announced that it intends to ban Tor, VPN’s and any service which provides access to anonymizing facilities, Belarusian authorities decide to already implement a prohibition of these services. ISP’s are obliged to check the blacklist which these services are added to daily and block services accordingly. Tor has a Belarusian user-base of between 6-8000 users. Blocking ToR however, is not a straightforward operation. The Russian-announced ban has been criticized by many as unworkable. But it seems likely that Belarus will adopt at least some of the same techniques that China has employed in recent years to limit or ban anonymised traffic. This method employed the establishment of a popular Tor exit node, and the use of known de-obfuscation techniques to unmask and subsequently block the IP addresses of identified nodes, effectively isolating the network. Since Tor specifically relies on non-local routing, the effect of such en masse node-blocking has proved to be very effective at a national level. More about this methods in this 2012 report.
Consequences of Sanctions
Another pressing case in 2015 was the consequence of US sanctions on Crimea; Google and other tech companies complied with orders to block the import and export of tech products and services, such as AdSense and AdWords. The move comes after Apple expanded its own implementations of sanctions, and Paypal added its name to the list as well. The consequence is that Crimea, a peninsula with less than 2 million residents, is effectively a pawn in a chess game between much bigger powers, the U.S. and Russia.
The ‘Great Cannon’
The most important development in 2015 so far was that China was intensifying its censorship activities tremendously. There was a crackdown of the use of VPN’s by the Chinese government, including the blocking of Avast.com, a free anti-virus and anti-spyware protection software. It is said that the block is linked to the site’s SecureLine VPN service. In addition, Chinese companies including Alibaba, Tencent, Baidu and Weibo deleted more than 60,000 accounts for being ‘misleading’ or for other violations. To stay updated about censorship in China, there is a great resource of non-profit newsroom: Propublica. They have used data from GreatFire to track blocked sites.
Which brings us to the huge DDoS attack on sites of the Chinese anti-censorship initiative GreatFire. China took control of millions of web browsers and used them to send a flood of traffic to GreatFire. Meanwhile, CitizenLab and other researchers have coined the term ‘GreatCannon’ for this method of attack, which they say can have more implications for the future.
Insights into Internet freedom in Central Asia: Uzbekistan
This is the first of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Uzbekistan, one of the most repressive countries in former Soviet Union, characterized by a pervasive regime of control and censorship.
Whereas Uzbekistan is not a front-runner with regard to economic growth or technological development in Central Asia, it is one of the most striking examples of illegal cyber-censorship and pressure on the informational community. Partial or full Internet content filtration, substitution of original websites with fake ones, blocking of access to Internet pages, surveillance and even complete Internet shutdown is not a full list of the instruments, applied to enable control over users and their activities.
Nowadays, human rights organisations of Uzbekistan are separated geographically, since part of the activists remain in political emigration outside
of the country. There are not many active human rights activists and civil groups in the country. Most of them are old people with a low level of computer literacy, who have little (if so) understanding about the digital security tools. All local activists of non-governmental organisations are exerted to pressure from the side of authorities to extent of arrest. A part of them has only episodic Internet access or spread their information via
other more computer literate colleagues. Websites publishing critical information about the Uzbek government are being blocked by the local ISPs. This complicates informational flow between the actors and its export to international community.
There are no independent journalists in Uzbekistan, and most foreign organisations (mass media, HR NGOs etc.) who have a correspondent in
Uzbekistan, try to stay in the shadow and do undercover work on human rights violations, torture, and child labour cases. One of the major problems is communication with them, as the current Internet situation in Uzbekistan – high-costs, low connection speed and bad service quality, as well as surveillance and low level of computer literacy in general – it is a big problem to establish a secure and surveillance-free connection between the people inside of the country and the outer world.
Apart from Internet threads, there is a common practice of inspection of computers, data storages and mobile phones. All active human rights activists and journalist are being constantly inspected when crossing the border of the Republic, the contents of digital storages are being checked (USB, CD, DVD), most of them are requested to open computers and show the contents of their drives. In some cases more sorrow inspection is being conducted in a separate room and in the absence of the owner. There are facts of confiscation of electronic storages from journalists, crossing the border. Umida Niyazova, journalist and human rights advocate was convicted for her professional activities. In her case the materials confiscated while she was crossing the border (DVD and files stored on her PC) played the central role. There are cases of unreasonable inspections and confiscations of computers from human rights advocates and activists. Those who received their devices back complain, that “they work in a strange way”.
Internet infrastructure and use
Uzbekistan has a common border with 5 states: Afghanistan, Kyrgyzstan, Turkmenistan, Tajikistan and Kazakhstan. There are fiber-optic connections with 4 of these countries. According to the reports, the connection with Afghanistan will be established in the nearest future. As of January 2012 there were over 900 communication operators registered, whereas the cumulative capacity of the external Internet channel was 8 Gigabit.
In November 2006 a special resolution № PP-513 was implemented by President Islam Karimov on ‘measures to increase the efficiency of investigative activities in communication networks of the Republic of Uzbekistan’ which led to the fact that all communication operators without exceptions are obliged to install special SORM (System for Operative-Investigative Activities) equipment for surveillance on all communications (IP-addresses, http requests, etc) at their own costs, leaving aside that the possibility exist that DPI technology is already being used on Uzbek communicational networks. The SORM system-analysis allows the National Security Agency (NSA) of Uzbekistan to view all individual user’s activity for any period of time and to gain information on the communicational partners, including e-mails, instant messages and VoIP calls, as well as requested websites (including the names of the encrypted websites she or he attempted to access).
An example of SORM usage in Uzbekistan is described in the RSF report: in January 2010 a large number of people were arrested for participation in religious extremists organisations. They were identified due to the fact that their communications in Mail.ru Agent, which is not featured with encryption, were monitored. This is true not only for the Internet, but also for voice communications (mobile, landline and VoIP). The entire external traffic from the secondary ISPs is routed through UZPACK (daughter of UZBEKTELECOM). According to the law, UZBEKTELECOM has the exclusive right for providing local operators with external Internet channel and based on this fact, the local operators always use UZBEKTELECOM’s services and do not have own satellite or alternative connection channels. Thus, a secondary ISP has no control over the traffic, which leaves their network to the outer world (traffic is being tracked, recorded, blocked and might potentially be modified by the primary operator).
Uzbekistan is a pioneer in implementation of surveillance technologies against its citizens among CIS-countries. The history of surveillance technologies application is one of the most unique. First computer appliances for filtration and limitation of Internet access were installed and applied on the educational network called UzSciNet (NREN project of NATO, the network was established and launched approximately in 2002-2003), directed by Vadim Navotniy. System initially designed for saving external traffic (caching proxy server) was used as user activity control and content filtering tool (blocking of porno, games and entertainment) for content not related to education and science. Later this technology was used as basis for filtering at state ISP’s level (UZPACK), improved and implemented for a certain period of time, until specialized appliances were purchased.
Nowadays, there are three main levels of censorship in Uzbekistan:
- National ISP’s level (national gateway);
- Local licensed ISPs’ level;
- Resellers’, non-ISPs’ level.
At the national level politically unwanted content is being filtered. The lists of prohibited resources are being updated on the everyday basis. The filtering is implemented based on IP-addresses and URLs. Moreover, traffic is being redirected with substitution of an original resource (located for example in Russian Federation) with a fake one, located inside of UZPACK network and being a copy of the original resource, but containing modified contents. This method was for instance episodically used to control access to certain parts of centrasia.ru website in 2009-2010.
The filtering at the level of local ISPs is not being implemented centralized. Normally it is initiated by the operators themselves, which can block porno resources and entertaining websites. At the operators’ level the physical connection of a subscriber is controlled, thus the companies might intentionally created difficulties with Internet access, supposedly motivated by “the defects of communicational networks”.
Resellers are basically Internet cafes. Based on the location and owners’ statement porno resources, gaming websites, dating sites, as well as the major oppositional and human rights organizations’ websites are being filtered. At the same time there are no legal acts directly regulating the filtering in the Internet clubs. In some Internet clubs, which are located near the expensive hotels and are usually visited by the foreigners, the filtering is concealed as failures of the network. Some usually blocked websites are easily accessible. For example, in TRANSNET (Internet Café, located near the Radisson Hotel), in 2010 the website of BBC blocked elsewhere in Uzbekistan was accessible without any limitations.
Usually almost all Internet cafes are being maintained by non-professionals, use unlicensed copies of software, which are never updated, and as a result become a perfect environment for viruses and harmful software. In some Internet cafes there are announcements prohibiting the access to certain resources, which stimulates self-censorship.
Other types of potential attacks and threads
There many examples of attacks on independent Internet media dedicated to Uzbekistan. Most recently in February and March of the last year (2012) there were attacks on http://www.fergananews.com and www.uznews.net.
On the 28th of February 2012, about 11 PM an attack on www.uznews.net media resource started. On the 29th the attack became more intense and as a result hosting provider switched off UZNEWS’s server in order to avoid its complete failure. After a company specialized on defense against DDoS attacks was engaged, the website was restored and worked properly. At this point the numbers characterizing the attack became available: 1.5 Gigabit bandwidth, type of attack – SYN flood. Chief editor of UZNEWS Galima Bukharbaeva claimed: “We don’t know what provoked the attack, try to conjecture. One of the guesses is the series of publications about assassination attempt against Uzbek imam Obid-kori Nazarov in Sweden.”
On the 28th of March 2012 another famous independent news resource www.fergananews.com got attacked. The website previously used services of Deflect (financed by Internews), but later rejected their services, leaving only mobile version enabled. According to the Chief editor Daniil Kislov, Deflect had way to aggressive caching which lead to interferences with the display of ads. Mr. Kislov claims there were no clear reasons for attack (no negative events currently covered by Ferghana.ru). However during the DDoS attack on Ferghana.ru another website (www.vesti.kg, actively publishing news from Ferghana.ru) was affected. Previously Ferghana.ru was under DDoS attacks in 2008 and 2009.
Based on the researchers’ claims, SORM equipment developed in Russian Federation is being actively implemented in Uzbekistan. The equipment was exported by MFI-Soft through an intermediary, ALOE Systems, to Uzbekistan’s state-owned UZBEKTELECOM.
One of Oxygen’s resellers, Softline, has offices in all Central Asian countries, including four offices in Kazakhstan alone. Softline directly markets forensics packages on Allsoft.uz, the Uzbek version of one of its subsidiaries’ websites.
Speech Technology Center (STC), the audio forensics company based in St. Petersburg has conducted business in Uzbekistan.
As reported by AccessNow.org Tech Fellow, Peter Bourgelais: “The Uzbek state security services are capable of interception of landline telephone communications, internet traffic, semi-structured data such as SMS, MMS, and forum posts, and automated voice and facial recognition. They also possess some mobile forensics capability.”
There is one single case of hard drive theft from an office of the human rights organization EZGULIK in Tashkent. An unknown person broke into the office and removed the hard drive from the server, which contained organization’s database and the entire office documentation.
Potential threats, possible ways of their escalation and suggested mitigation measures
It is important to understand that our beneficiaries can be divided into two main categories: those living inside of the country and those who left its borders. Taking this factor into consideration the major problem identified is the communication between these two groups and often files transfer. IWPR, Frontline, NewEurasia Foundation, TacticalTech, CIIP, and TransitionOnline conducted multiple trainings on digital security. However most of them were ineffective due to mixed groups (different age groups, various levels of computer literacy), large amount of materials covered, difficulty of individual subjects and short timeframe for training. People involved in technical self-education, considering all human rights advocates, activists and independent journalists inside as well as outside of Uzbekistan are a handful. The rest of them require thorough work, mentoring and individual training.
The majority of the activists and human rights advocates are not able to effectively use instruments of personal cyber security, barely use encryption and other instruments. Any escalation of cyber threads from the side of the government or cybercriminals will cause grievous consequences. The majority of the NGOs in Uzbekistan are not capable to protect themselves and their digital resources.
Almost all potential grantees use unlicensed software. This creates a huge risk of infection with viruses and hacking of victims’ computers. Raids of state agencies aimed at identification of use of unlicensed software in NGOs and civil organisations represent a perfect influence tool allowing to legally and effectively exerting pressure on the NGOs. Such method is applied in Russia, Kazakhstan and Kyrgyzstan for a long time. In Uzbekistan the users of the pirated software are punished with large fines and confiscation of equipment. An analogue of the initiative conducted by the American NGO TECHSOUP in Russia (INFODONOR program) is necessary for Uzbekistan in order to ensure free availability of basic office software for Uzbek NGOs.
The purposeful transition of all websites dedicated to Uzbekistan or blocked in Uzbekistan to operation via SSL connection is necessary. Introduction of SSL will allow avoiding tracing of users’ activity and substitution of the websites with fakes.
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.
Insights into Internet freedom in Central Asia: Belarus
This is the fourth of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Belarus, a country that is tightening its Internet control, especially after 2011, out of fear for activists facilitating protests over the Internet, as could be seen elsewhere in the world.
Belarus is a country closely connected to Russia, depending mainly on the its natural resources and financial inflows. Belarus’ government tries to preserve the “Soviet Union culture” through its national economy and policies. However, it struggles to prevent the ‘Western influence’ from its European neighbors. After the election in December 2010, when people went to the streets to protest against the rigged election results which kept Lukashenko in power for a third term, clashes happened with police, which resulted in the persecution of many activists, and NGO’s got restricted in their activities. All these events increased the level of cyber threats for the civil society organisations.
The techniques of cyber attacks on websites and methods of surveillance on activists used by the government were implemented with particular ingenuity and guile. There are three major competing intelligence services: OAZ (Operative Analytical Centre at the President’s administration), MVD (Ministry of Internal Affairs) and KGB (Committee for State Security) were responsible for almost all attacks on civil society, online and offline. Belarus is also considered an ‘Enemy of the Internet’ by Reporters Without Borders, since 2012.
Almost 50% of the population has access to Internet in Belarus. As a result of the high level of censorship and surveillance in the country, many people are forced to be educated in cyber security technologies. There is a dedicated NGO located outside of Belarus, which provides deliberate support to the Belarusian NGOs aiming at enhancing their digital security. The organisation among others provides consulting services on cyber security issues, organises trainings for NGO employees and trainings of trainers.
Data acquisition by Belarusian intelligence services is omnipresent. Already in 2010 were operators obliged to provide free and round the clock remote access to the databases of subscribers. Alexander Lukashenko signed a decree on the introduction of SORM (System for Operative-Investigative Activities), which meant that all websites had to get officially registered, which became a responsibility of the providers.
Besides SORM, the intelligence services of Belarus occasionally attempt to use viruses and spying software for cyber surveillance over users and organisations. On the 13th of July 2011 a journalism student from Belarusian State University, Maxim Chernyavskiy, was summoned to local department of the KGB and interrogated for 5 hours. Maxim is the administrator of a community called “We are fed up with Lukashenko” (original Russian name “Надоел нам этот Лукашенко”), created in the Russian Vkontakte social network. After a standard ideological brainwash Maxim was forced to cooperate with the agency. During one of the meetings that followed, a KGB employee handed him a CD, containing spying software which Maxim had to install on the computers of a team of activists residing in Poland. Instead of fulfilling the received “instructions” Maxim simply left the country and gave the CD to specialists.
Analysis of the surveillance program on the CD shows that the tool looks a lot like Skype. The program is a self-extracting 7zip archive, which contains an installer of a commercially available program known as “Remote Manipulator System”. The developer of the software is a Russia based company called TEKNOTIT. The system tray icon of the program was replaced with a logo of Skype software, whereas the rest of the information about the file of the application reveals its actual producer as well as the name. Installation runs in a “passive” mode, especially featured by the developer for administrators of computer networks, who often need to massively distribute/install this software. Due to this fact, the program does not indicate installation process and does not ask users for any permission. After launch the program checks the Internet connection by opening the following link: http://rmansys.ru/utils/inet_id_notify.php?test=1. Later on the program starts to send information about the system, where it runs, to a server. This request contains an ID of the user, who registered the program. The following e-mail address is used as the user’s ID: firstname.lastname@example.org. The program allows to remotely control a computer, spy on the screen, access web camera, microphone etc. Subsequently the team managed to investigate further facts about the presence of this virus on the computers of Belarusian activists.
This ‘data theft’ program has been operative at least from July 2011. This is when the first documented infection of a computer occurred. During this attack the passwords from Skype (the software allows to start Skype on a remote computer and spy on the user’s communications), social networks, e-mail addresses and even from the account at ISP were stolen; the screen of the desktop, indicating all user’s activities, copies to the clipboard, text typing in text processors and messengers were recorded. The hackers implemented three types of viruses: the previously described KGB virus known as RMS, developed by TEKNOTIT; UFR Stealer, a virus infecting computer by using external flash drives and Keylogger Detective. These are the so-called “Trojans for schoolboys”. They can be easily purchased in RuNet for 20-30 USD. The reason for human rights activists to become such an easy victim of the intelligence services is the use of unlicensed software and the lack of attention to digital security at their working places.
The content filtering is widely implemented in Belarus. The first web resource blocking event occurred on the 9th of September 2001, when charter97.org website was blocked. Later the access to this Internet resource (organised and supported by opponents of current Belarusian government) was filtered/blocked for the users in Belarus in several ways. For example, there are claims, that users from Belarus when trying to access charter97.org were redirected to a website with a similar name, but in .IN zone. The fake website had an interface similar to the original, but contained false information. In January 2008 the blocking was conducted by limiting the connection speed to this particular website, thus the website could be accessed, but the connection was significantly slow.
On the 19th of December 2010 the encrypted SSL protocol (transmission control protocol, or TCP, port: 443) was blocked in Belarus. In 2011 LiveJournal was blocked due to the fact, that the popular blogging platform contained articles written by Evgeniy Lipkovich and directed to the Writers Union of Belarus. According to the official information, the reason for the blocking supposedly is “dissemination of information of destructive nature and violation of the State’s symbols”. Moreover, occasional blocking of Vkontakte social network continues. The network is being blocked every Wednesday during the so-called “Silent protest actions”. The websites goes back into operation after the action is completed. A community “Revolution via social network” as a virtual group located in Vkontakte initiated the silent evenings of applause – actions promoting economic and political changes in the country. The blocking was implemented based on the IP address of Vkontakte server and thus limited access not only to the community page, but also to the other information, blogs and pages.
In the middle of August 2012 the Operative Analytical Centre at the President’s administration (OAC) in cooperation with BELTELECOM blocked DNS-servers of DNS Made Easy LLC and by doing so disabled Belarusian Internet users to access many websites, including the world’s petition platform change.org. This website, for example, was used for campaigning in support of release of journalist Anton Suryapin and real estate broker Sergey Basharimov. Both of them were arrested by KGB on charges of abetment in crossing the border to Swedes, who disseminated teddy bears and posters in the support of freedom of speech in Belarus.
Other types of potential attacks and threats
DDoS attacks are frequently utilised to temporarily “jam” web resources of Belarusian NGOs, activists and opposition. There are several major websites (www.belaruspartisan.orgg, www.charter97.org and www.electroname.com), which are supported by opponents of the existing government, and are often under DDoS attacks of various types and strengths.
Besides DDoS attacks there are cases of hacking, interception and phishing attacks against groups/communities in social networks. After the election in December 2010 a number of social networks accounts (mainly in Vkontakte and Facebook) belonging to citizens of Belarus were hacked. The victims of trespassers were Internet users, who were spotted by the intelligence services during the demonstrations in Minks on the 19th of December, on the day of President’s elections. Users of these social networks reported their contacts from the network were on-line while being held by the police and kept in the police stations. The same day HTTPS protocol was blocked in Belarus, which led to blocking of Gmail and Facebook. The authorities simply blocked TCP port 443, which according to the claims of “Belarusian partisan” indicates their will to intercept passwords of the Internet users’ personal accounts.
Potential threats, possible ways of their escalation and suggested mitigation measures.
The digital security situation of NGOs in Belarus is heterogeneous today and depends on such factors as location and specifics of a certain organisation. In general one can say that understanding of the problem and necessity of protection is inherent for the majority of NGOs and media organisations located in the capital city. At the same time the situation is less promising for less urban NGOs. In more rural areas awareness level of the available protection toolset as well as detailed understanding of the issue is characteristic to only several NGOs and organisations. For those the key factors listed below are true:
– The employees have taken part in digital security training for NGOs;
– There is a hired competent technician;
– There are financial resources to follow the security protocol.
Nowadays many NGO employees in Belarus are over 40 years old, and have little knowledge on digital security. Many of those, who became victims of search and mass seizures after the elections in 2010, were within this category. According to interviews there was only one organisation, which managed to effectively move their equipment prior to the confiscation, leaving behind only a note showing a fig sign on the table.
Furthermore, as in the other CIS countries there is a problem of illegal software copies, used for paper work. Almost all of the NGOs use illegal copies of software in their work, which undermines digital security of users. The costs of even basic software packages (operational system + office software) are too high. Low level of competence of the majority of technical specialists engaged in NGOs does not allow using FLOSS to re-educate the employees.
The next Presidential elections in Belarus are scheduled for 2015. It is assumed that all types of threats for civil society, opposing the current government (not only opposition, but also other organisations and individuals, supporting fair and transparent elections), will escalate. This is also true for digital threats. Unfortunately, the opinion poll indicates, that the experience of repressive measures of 2010 and the their consequences (a large amount of information was retrieved from computers seized from NGOs and opposition organisations) was a strong motivation for digital security tools application only for a short period of time. In this connection it is recommended to support initiatives aimed at strengthening the level of protection of the main risk groups (NGOs, civil activists, human rights activists, and elections monitoring organisations).
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.
Insights into Internet freedom in Central Asia: Azerbaijan
This is the fifth of a series of reports on Internet freedom in Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Azerbaijan. When it comes to internet freedom, Azerbaijan is one of the countries in the world which is under threat. With several journalists in jail, president Ilham Aliyev is desperately trying to cling to power, thereby taking the 160’s place out of 180 countries in Reporters’ Without Borders Pres Freedom Index 2014.
After its independence from the Soviet Union in 1991, the first Internet infrastructure developments in Azerbaijan appeared in 1994, and in 1996 Internet became available for users, but only after 2000 it became widely used. At this moment, almost 60% of the population has access to Internet. Many reports agree that Azerbaijan’s authorities control the Internet, through mass surveillance, filtering and blocking the Internet, as well as large fines for online content, as well as physical intimidations and jail time.
When it comes to Internet policy, there are no clear regulations in Azerbaijan legislation, which makes it easy for authorities to intercept Internet data and execute electronic surveillance at all times, which is proven in different reports. These shown that the Ministry of National Security (MNS) of Azerbaijan received support in various time periods from intelligence services of Turkey, USA and Russia. The USA was for example interested in gaining information about contacts between Azerbaijany citizens and Iranians, whereas Russia was keen on getting control over network activity and communications of immigrants from Northern Caucasus living in the republic, inter alia representatives of Chechen diaspora.
The MNS furthermore engaged in profiling people who voted for Armenia during the music contest Eurovision organized by Azerbaijan in 2012. After the event, different people were arrested and interrogated, and learned that the interrogators had a list of those people who voted for Armenia. The list included the persons’ addresses and phone numbers, which means that mobile operators provided information to the MNS. According to a documentary broadcasted on Swedish TV, mobile operator AZERCELL allowed surveillance equipment to be installed in their network, which enabled intelligence services of Azerbaijan to gain access to all available communications, including phone calls, SMS and mobile Internet services without due process.
Anotherof the most striking examples is the case of a well-known oppositional journalist, Khadija Ismayilova. A video of her having sex was published on the Internet in 2011 after she ignored several threats to stop her journalistic activities, and wires for video and audio surveillance were installed in her apartment in July 2011 on the order of the MNS. Multiple other journalists and activists faced the same treatment, some of them even shown on local TV channels.
Control on the Internet has only been growing since these incidents, and in September 2012, president Ilham Aliyev signed a decree on measures to enhance the activities in the sphere of informational security. As of the 1st of May 2013, an IMEI database is in operation, which registers mobile phone numbers and communication, and gives authorities an additional opportunity to track communications even of those subscribers using anonymous SIM cards.
Next to surveillance is censorship widely present, including regulation of Internet channels, control of publications on the net, limited Internet usage for children, and control of social networks, especially Facebook, since protests were organised using this social network. Also a law was implemented in May 2013 making punishments on ‘crimes’ committing on the Internet as high as those in the real world. Already some victims were prosecuted under this law. Blogger Mikhail Talybov was sentenced to 1 year of correctional labour with 20% of wage withdrawal for publishing critical statements on social media.
In 2009, a group of youth activists uploaded a satirical video about president Ilham Aliyev which resulted in jail sentences of various lengths. In August 2012, journalist Faramaz Allahverdiev was sentenced to 4.5 years of imprisonment, being accused of organizing mass riots and illegal border crossing. The journalist himself considers it as a persecution for the articles he published to social networks, in which he investigated cases of corruption among the political circles.
Azerbaijan authorities deliberately aimed to suppress dissidents during the two major events conducted in Baku in 2012: Eurovision songfestival 2012 and global Internet Governance Forum (IGF) in the same year. At least 9 journalists were thrown into prison on various charges. The Committee to Protect Journalists thinks that charges of drugs possession and blackmail were fabricated, in order to punish journalists for their professional activities. Video journalists Vugar Ganagov and Zaur Guliev, were jailed for over a year based on charges of organisation of activities aimed at distorting public order. In March 2013 they received 3 years suspended sentence. Apart from these arrests, several other critical journalist were arrested based on various charges.
Other types of potential attacks and threats
Online hacktivism is not a popular way to express protest against the government and the power in general. Neither is it often that hacking attacks against oppositional websites occur. Nevertheless during the last three years several oppositional organisations, e.g. Yeni Musavat and Radio Azadliq claimed that their websites were under attack.
Most frequent cyber attacks are associated with bilateral issues, in particular between Azerbaijan and Armenia, as well as between Azerbaijan and Iran. Depending on the on-going events, sluggish cyberwar may transform into active “combat operations”. For instance, on the 1st of September 2012 the websites of leading news agencies of Azerbaijan were attacked. Apart from the attacks on news agencies, the websites of the Ministry of Justice and the official website of president Ilham Aliyev were hacked. The attacks occurred right after president Ilham Aliyev pardoned an Azerbaijani officer, who killed an Armenian military man and was sentenced for life imprisonment in Hungary without a right for amnesty. The man was returned to Azerbaijan on the 31st of August 2012 and released the exact same day. The hacked website of president Ilham Aliyev contained a large photo of the killed Armenian military man, bearing an inscription “Always with us”. Hackers’ group “Armenian Cyber Army” took the responsibility for the attacks. As a response to these attacks the hackers’ group “Azerbaijan Defacers” conducted a DDoS attack against the official website of the President of Armenia and major national news websites.
In January 2013, the Anonymous group provided free access to over 1.7 Gb of documents, assumed to be stolen from dmx.gov.az website, which belongs to the Special State Protection Service (SSPS) of Azerbaijan. The documents contain confidential data about various major commercial companies, occupied in oil mining industry in Azerbaijan. The Imgur website, on which they posted the documents, remains ever since inaccessible.
Moreover in February 2013, the information resource www.minval.az, known to be opposition friendly, was hacked. As a result of the attack the main page of the website was replaced with pictures of oppositional leaders and unprintable writings in English. At the same time a group of Iranian hackers, called White Hat Hackers, announced that they hacked computer system of eight Azerbaijan banks and gained access to the bank accounts of 53,634 clients, who’s money was transferred to the clients of Azerbaijan Royal Bank, which was closed a year before. The reason for the closure of the bank seems to be the imputation of Iranian money laundering, bypassing the international financial sanctions.
Another event with a great response was the statement of the spokesman of European Commissioner Neelie Kroes, Ryan Heath, who claimed that there was an attempt to hack his laptop at the Internet forum in Baku in November 2012. Later on he stated that the investigation of the accident confirmed the fact of several hacking attempts and traces of possibly compromised passwords, but no information was stolen.
In October 2013 as a result of president elections in Azerbaijan Ilham Aliyev was re-elected for the third term. International observers (apart from the commission from CIS) reported flaws and violations. The opposition did not accept the results of elections as valid. In the beginning of 2013 the leaders of one of the most active youth movements in Azerbaijan called NIDA were arrested based on fabricated criminal cases. The movement organised protest actions via Facebook, where they were openly discussed in a group. According to the statements from the group members, MNS agents were introduced to the group on Facebook. Moreover during interrogations and inquiry processes hardcopies of communication logs were presented to the group participants as evidence. Eight members of the group have received sentences in 2014 ranging from 6 to 8 years.
There are various opinions regarding digital security situation development in the long run. Some experts suggest the pressure on the civil society from the side of Azerbaijan authorities will weaken under the influence from European Union and due to Aliyev’s intention to close in with Europe (and his interests in oil and gas industry). Others are sure that the violence and pressure escalation against the active opposition and those who struggle for freedom and human rights will continue to rise. Corruption and arbitrariness in power is widespread. Consequently, pressure to block freedom of information and communication is growing. Censorship and control of authorities over the Internet space will be strengthened, leading to an even bigger monopoly of the Internet, owned by the authorities.
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.
Insights into Internet freedom in Central Asia: Kazakhstan
This is the sixth and last blog of a series of reports on Internet freedom in Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Kazakhstan. Kazakhstan is the country with the greatest potential for IT development in the region.
Kazakhstan has a well-developed infrastructure, high investments in communication sector, considerable amount of costumers and Internet penetration rate of about 62%. There is no state monopoly on interurban and international communications (this was cancelled in 2004).
In terms of Internet censorship and limitation of freedom of expression Kazakhstan is still very restricted. On July the 11th of 2009, president Nazarbayev approved the amendments to the legislation concerning the information and communication networks. According to these amendments, all Internet resources, including websites, chats, blogs and even on-line shops and electronic libraries are set to the same administrative, civic and criminal proceedings as are applied to mass communication media. By decision of the court, information websites, blogging platforms and social networks are being blocked. Networks are equipped with the most recent surveillance techniques, among others DPI, the most ultimate tool for surveillance and control over Internet access.
The content filtering includes blocking access to many popular blogging platforms, Google services and individual websites, which are inconvenient for the existing regime.
KAZAKHTELECOM, the major communication operator in the country, has installed software on their network servers, which allows them to cache the most popular Internet resources and when a user sends a request to some photo or video content, the data is being transmitted not from a European or American server, but from an internal server, installed within KAZAKHTELECOM network. This infrastructure allows for additional opportunities of content filtering and end user content modification.
Based on the research of Peter Bourgelais, a tech fellow at AccessNow, the Kazakh state security services are capable of intercepting landline telephone communications, Internet traffic, semi-structured data such as SMS, MMS, and forum posts, as well as automated voice and facial recognition. They also possess some mobile forensics capabilities as well as sophisticated data analysis software.
As in other CIS countries, the Kazakh state obliged communication operators to buy, certify, install and maintain special SORM (System for Operative-Investigative Activities) equipment. Intelligence services force the operators to overtake the costs although the law does not define clearly whether or not the operators are obliged to cover these costs. The licensed SORM package alone costs about 30,000 USD, whereas the price does not include the delivery and installation expenditures. Talgat Doskenov, the President of the Kazakhstan Association of Entrepreneurs, has submitted a number of claims regarding this issue to the Head Public Prosecutor and Prime Minister of Kazakhstan.
According to a statement of the Tor Project team, Deep Packet Inspection (or DPI for short) is being implemented on the territory of Kazakhstan. The clear signs of DPI utilisation are at the moment only evident when access to the specific resources is being blocked and on specific protocols.
Cyber censorship practices in Kazakhstan are quite actively implemented and have a long-term history. Over the years, news websites as well as websites of radio stations got blocked. Among the websites blocked in 2011 there were several popular anonymous proxy-servers, e.g. Hidemyass (http://www.hidemyass.com) and Ninjacloak (http://www.ninjacloak.com).
The blocking of various Internet resources was implemented roughly. For example, the scandalous blocking of the popular blogging platform livejournal.com by KAZAKHTELECOM was entirely implemented by the IP address of the respective server. Thus, all blogs located on the server were affected. At the same time the real reason for the blocking was the blog of disgraced Rakhat Aliev hosted on this platform. The same happened with http://www.wordpress.com, http://www.blogspot.com, http://www.blogger.com as well as with some elements of Google infrastructure (applications.google.com, Google Ads, etc.). Moreover, by blocking access to the listed websites for its subscribers KAZAKHTELECOM, being transit operator for Kyrgyzstan, Uzbekistan and Tajikistan, blocked traffic to these resources for all these countries as well. In Kyrgyzstan there were a lot of discussions on this matter during several years.
Furthermore, during the riots in Zhanaozen (oil mining location in Kazakhstan) in December 2011 Twitter was actively blocked.
According to the available information in December 2011 KAZAKHTELECOM launched DPI equipment and by doing so temporarily blocked key exchange mechanism necessary during the establishment of SSL sessions and thus disabled the normal function of the Tor network, as well as SSL featured PPTP and VPN tools. In April 2012 KAZAKHTELECOM blocked the entire traffic, generated by Opera search engine, which is able to use its own proxy-servers.
Another striking example was on January 1, 2014, when the website Ratel.kz posted a presentation by the ministry of communication and information regarding the government’s brutal suppression of an oil worker strike in Western Kazakhstan that turned into mass riots and became known as the Zhanaozen crisis. The presentation suggests that the government then disrupted all communications in the town (it was officially stated that the telecom lines were hit by fire).
Other types of potential attacks and threads
In the last several years DDoS attacks against various Internet resources of Kazakhstan became very frequent. Websites of banks, independent Internet resources, Internet mass communication media and forums were exerted to DDoS attacks.
Also journalists and activists are under threat. On March 14, 2013, human rights activist and journalist Alexander Kharlamov was arrested for allegedly “spreading atheist ideas” and “inciting hatred” online, but observers believe his anti-corruption activism was the real reason for his arrest. He was sentenced to six months pre-trial detention (some of which was forcibly spent in a psychiatric ward) and now faces a prison sentence of up to seven years.
Furthermore, there is a fact of criminal prosecution of a small entrepreneur for using illegal copy of software. According to a rumour, sets of equipment were confiscated from several private printing offices in the regions due to use of supposedly illegal software copies during the pre-election campaign prior to elections for Kazakhstan Parliament (Mazhilis). Taking into consideration the amount of illegal copies of software used in Kazakhstan, one can affirm with confidence that almost all vulnerable strata of the civil society (non-governmental and non-commercial organisations, mass media, printing offices, human rights organisations, etc.) use unlicensed software copies to a certain extent. This situation creates a high level of risk for cyber security and might lead to criminal prosecution and pressure from the side of the local authorities.
Potential threads, possible ways of their escalation and suggested mitigation measures
The broad application of illegal software copies along the obvious cyber threads (infection with viruses, instability of software operation, unavailability of support from the software producer) creates a certain risk of property confiscation and criminal prosecution used as a tool to control and exert pressure on NGOs in case of conflicts with local and central authorities. It is necessary to implement massive financial aid to initiatives, which are involved in solving this problem.
DDoS attacks are becoming more and more frequently used as a suppression tool against independent Internet resources dedicated to Kazakhstan. One can affirm with confidence that the clients requesting such attacks understand the financial and technical weakness of their victims in the face of the threads. It is necessary to support initiatives assisting in protection of civil society organisations, NGOs, independent media and other relevant organisations against DDoS.
The biggest problem of NGOs is the computer illiteracy of their employees, which is the reason for their low level of competence and motivation to understand the threads and proactively promote own digital security and find the best suitable solutions for the respective issues. This is especially true for remotely located, rural NGOs. The majority of the organisations are not able to provide necessary reasoning for the additional costs of protection against potential digital security threads in their budgets (e.g. hosting on a secure webserver, IT specialist’s services to ensure digital security during the development of a website, procurement of licensed software products and so on). Donors, on the other hand, are not able to efficiently identify the threads and usually do not pay necessary attention to the issues of cyber security when evaluating the projects and do not motivate the potential recipients to consider these issues.
The availability of cyber surveillance technologies and techniques of user activity analysis is an additional thread for privacy and security of civil society members. Support of initiatives aimed at enhanced security of communications and increase of users’ anonymity level is required. Provision of tools and solutions enabling digital security at personal and especially at organisational level are required.
Taking into consideration the overall situation with cyber security of NGOs in Kazakhstan and relationships of the last with the authorities, it is highly recommended to provide solutions aimed at support of NGOs and other relevant actors in terms of digital security, privacy and protection. It is necessary to create service capable of development of customised solutions, provide on-site consultations for people requiring assistance, organise targeted seminars and when necessary provide small grants in form of licensed software, equipment and secure remote support for NGOs. This initiative should operate not only on the country (Kazakhstan) level, but also have regional mission including at least all Central Asian countries.
Insight into Internet freedom in Central Asia: Ukraine
This is the second of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Ukraine. Since December 2013 a lot of things have changed and are still changing rapidly in the Ukraine, and this report is a reflection of the country prior to the protest, the instalment of a new government and the current security situation.
Ukraine has an important geostrategic location between the countries of Western and Eastern Europe and Russian Federation. Back in the Soviet Union times, Ukraine, and Kiev in particular, was one of the information communications development centres. Currently when compared to other Commonwealth of Independent States (CIS) countries, Ukraine is the runner up after Russia in terms of IT development. Being a country with a well-developed infrastructure and high online activity, Ukraine was one of the first countries where political events, e.g. the Orange revolution 2004-2005, were mainly caused by the development of Information Communication Technology (or ICT) branch.
Ukraine is a relatively free country in terms of Internet access, however the authorities are trying to find ways to regulate and limit this field on various pretexts, including protection of copyrights, and struggle against terrorists and cybercrime. The cases of physical assaults against online activists with the aim of intimidation occur quite often. Despite frequent attempts to amend the legislative basis in favor of increased limitation and strong regulation of the Internet, Ukrainian legislation remains relatively liberal. According to the data from the Ukrainian Internet Association, there were about 19.7 million regular Internet users in Ukraine at the end of 2012, with an Internet penetration level of 43.5%.
Ukrainian authorities tried to legalise control over the Internet several times over the past years. The first attempt was undertaken in 1999. The President of Ukraine introduced a draft bill, which implied telecom operators’ liability to install special equipment enabling information interception from communicational channels by means of licensing procedure for a respective type of entrepreneurial activity (equivalent of Russian SORM-2 requirements). The majority of votes rejected this bill in the Supreme Council of Ukraine, due to active public involvement.
In the beginning of 2012 the National Security Service of Ukraine was reformed, introducing a new department for protection of State’s informational security interests. According to an explanatory note of the respective legal document, such departments are aimed at management facilitation in order to protect legal interests of the country and its citizens in the sphere of communication and information from foreign intelligence services, illegal activities of corporations and groups of people. In reality this department was probably created to strengthen the human and technical capacity in order to monitor the blogosphere and social media. An example of such activity was reported during the pre-election campaign in front of the Supreme Council in October 2012. Back then the administrators of Vkontakte group “We are Patriots of Ukraine”, which counted some 170,000 members, were blackmailed. They were requested to provide administrative rights under the threat of institution of criminal proceedings for “revolutionary activities”.
In the meantime in July 2012, the National Commission of Ukraine was responsible for regulation of communication and information adopted the terms of engagement for telecom operators. One of the terms is that ISPs should provide access for installation of the Commission’s equipment at the connection points between operators in order to enable monitoring and/or technical control over the settings of communicational networks according to the requirements of normative documents in the communication sphere. Thus, this term obliges the communication companies to provide state authorities with access to their networks.
In May 2013, the Ministry of Internal Affairs of Ukraine initiated a draft bill, obliging ISPs to install on their networks systems for operative-investigative activities in order to enable control over users’ activity. The necessary equipment as suggested by law enforcement agencies shall be bought on the expenses of telecom service providers. Thanks to the mass communication media and critics from the side of general public, the draft bill did not pass.
In August 2013, the State Service of Special Communications and Information Protection issued a draft of listing procedure for technical means, which are allowed for use on telecom networks of Ukraine. One of the prerequisites for the equipment will be approval of their surveillance systems support, which means the authorised equipment will be fully compatible with surveillance systems.
Over the past years, different activities have been undertaken to increase censorship in Ukraine. One way to limit the access to Internet resources apart from protection of public morality is accusation in violation of copyrights. In November 2009, the employees of the National Security Service of Ukraine confiscated all servers of hosting provider FREGAT, including those hosted gorod.dp.ua website, the biggest online news media in Kiev. Simultaneously servers of oppositional website vlasti.net, hosted by colocall.net hosting service provider, were shut down and confiscated. The reason for this action was institution of criminal case on illegal distribution of classified information. Based on the results of examination, the press service of the law enforcement agency claimed:
“During the inspection data bases of governmental authorities containing classified information and being the property of the State were found. Furthermore, over one million copies of computer programs, audio and video records were discovered. These were distributed with violation of copyrights”.
It’s important to mention that this operation was implemented during the presidential pre-election campaign. On the 31st of January 2012, the biggest file hosting service in Ukraine (ex.ua) was shot down due to the accusation of copyrights and related rights violation. The servers owned by the service were confiscated. Two days later after the protest actions in front of the Ministry of Internal Affairs in Kiev and DDoS attacks on the websites of governmental authorities, the requisition to block the domain was withdrawn, the resource was unlocked and partly resumed operation. Not until June the operation of the resource was fully recovered. Currently another bill “On introduction of changes to various legal documents of Ukraine concerning the regulation of copyrights and related rights” is being reviewed in its second reading. In case of violation of copyrights the bill gives the respective authorities the right to shot down websites without any legal proceedings.
Moreover, the actions of the law-enforcement authorities against statements made by users online are to be mentioned. In July 2010, the press service of the National Security Service of Ukraine announced: “In course of investigation measures information about the materials containing threats towards the President of Ukraine hosted on the website singing-foot.livejournal.com was gained”. The author of the materials, Ukraine’s citizen Oleg Shinkarenko subsequently informed that he was conveyed to the public prosecution body and released only after submitting a written obligation not to criticize the government in a harsh form in his blog. In December 2011, the Head department on cybercrime and human trafficking of the Ministry of International Affairs of Ukraine in Kiev in its letter addressed to the company hosting news website lb.ua, demanded from the latter full information about the natural person or legal entity owing the website LB.ua. The reason for this request was a complaint regarding the publication of unprintable expressions on the LB.ua platform, submitted to the police by a certain citizen. After this case the owners of lb.ua in order to prevent such incidents were forced to disable the anonymous comments and provided commenting rights to the registered users only.
Another case against lb.ua occurred in June 2012, when a deputy made a claim against the editorial board of lb.ua, demanding to institute legal proceedings according to the Article 163 of the Criminal Code of Ukraine (violation of privacy of mail, telephone conversations, telegraph and other correspondence conveyed by means of communication or via computers). This article stipulates prison sentence from three to seven years. The reason for the claim was lb.ua publication from November 2011 containing sms-exchange photographed by lb.ua journalist, in which the deputy writes about the future of his son, being at that point prosecuted for assault and battery against a female. It was clear from this communication that the deputy engages political technologists and journalists to write positive comments in the news and articles about the trial on his son. The initiated criminal case was widely discussed and subsequently was closed as reported by the public prosecutor’s office, even though the closure was never supported by any written document.
Being the most popular social network in Ukraine in terms of the number of users the social network “Vkontakte” long ago gained special interest of the law-enforcement authorities. The Ministry of Internal Affairs of Ukraine claimed that photo and video materials uploaded to the social network become more and more alarming. Due to difficulties with blocking of this network, the Ministry is cooperating with the department “K”. According to the Head of the Department on cybercrime of the Ministry of Internal Affairs of Ukraine: “All materials are forwarded directly to the department “K” of the Russian Federation. The webpages are getting closed and respective users punished”. Earlier in 2008, the National Expert Commission of Ukraine for protection of public morality directed a letter to the Minister of International Affairs of Ukraine Vladimir Ogryzko, asking to consider the possibility of contacting the Embassy of the Russian Federation concerning the discussed fact in order to prevent dissemination of pornographic content.
Other types of potential attacks and threats
One of the biggest DDoS attacks in Ukraine occurred in August 2009. Infrastructure of the company Imena.UA / MicroHost.net, domain name registration and hosting service provider, was under attack. At peaks the load on the company’s servers reached values over 2Gb/sec. Two IP-addresses revealing the control centre of the botnet were identified in cooperation between several Ukrainian companies. The IP-addresses were traced back to the spamming company Real Host Ltd, a shareholder of the biggest botnet called Zeus. Experts assumed that this attack was the first trial before the election campaign, and it allowed estimating the capacity of the communicational infrastructure of the major Ukrainian providers.
In 2009, the National Security Service of Ukraine in cooperation with their US colleagues revealed the activity of an international malware production and distribution company in Ukraine. The company ran by US citizens employed over 400 highly qualified specialists in their office in Kiev. The employed programmers had no idea they were working on the development of components for computer viruses, which were later used in order to infect computers all over the globe and create botnets. Furthermore, cases of involvement of Ukrainian citizens in illegal activities, associated with larcenies from foreign bank accounts under the cover of legal entities and money laundering amounting tens of millions of dollars, were reported.
According to a research conducted by the Kaspersky Lab, almost every second Internet user in Ukraine underwent at least one cyber attack in 2012. Results of a joint survey of the Kaspersky Lab and the O+K Research think tank, conducted among the Internet users on all continents in 2012, stated that 62% of Ukrainian users experienced the situation when pop-up windows alarmed about would-be viruses or recommended to set up fake antivirus software. It was found out that 50% of respondents came across malicious links in search result and 24% of the Ukrainian users when shopping online were redirected to dubious websites that requested them to provide their bank account numbers.
Potential threats, possible ways of their escalation and suggested mitigation
When comparing Internet freedom situation in Ukraine with any other country of concern for the series of reports in the framework of this research, one can state with confidence that Ukraine is more democratic. The absence of the censorship from the side of the state, presence of computer literate NGO community, well developed IT branch and availability of IT specialists, all these factors create good conditions not only for business development, but also for development of civil and non-commercial sector.
The experience of trainings conduction in Ukraine indicates positive results. The trainees usually have solid basic computer skills and are able to learn new information, including materials on use of digital security tools. It is advisable to conduct more trainings on the application of technologies of information protection, protection of online resources and offline data for both regular users and technicians. In combination with the above-mentioned technical trainings, educational seminars on organisational security policy and on planning of measures to maintain security are recommended.
The mobile communication services become more and more popular along with the price reduction for smart phones and tablet PCs. Everybody with no exception actively use mobile communications (both voice and data transfer) at work. In general, users do have a basic understanding about mobile communication threats (for instance that one needs to remove the battery when avoiding a potential shadowing), but they tend to ignore the necessity to secure their communications.
Taking into account that the majority of people use various social networks and there are tensions between different activists groups (for example, potential threat from nationalists and other radical groups) the escalation of online threats in social networks, provocative actions, vandalism, hacking threats and data leakages are probable. It is therefore recommended to support initiatives aimed at promotion of digital security and confidentiality protection measures in social networks.
The next Presidential elections in Ukraine are to be conducted in 2015. For that reason starting in 2014 escalation of tensions both in media sphere and in the realm of NGOs is expected towards the current authorities and the influence of neighbouring countries (first of all Russia) on the internal political situation in the country. This will definitely be reflected on the digital environment, security of web resources as well as on security of individual organisations and socially active persons.
One can claim that the civil society in Ukraine is able to rapidly mobilise itself in case of a threat (sometimes even in case of personal conflicts between NGOs and those in power), there is an intensive information exchange in case of opposition against any sort of threat. For that reason the promotion of the tools and dissemination of knowledge for digital security should work effectively in Ukraine.
This blog is made with cooperation of security experts in the region, and is entirely based on their findings.
Insights into Internet freedom in Central Asia: Turkmenistan
This is the third of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Turkmenistan, one of the world’s most hostile countries for internet users, with its monopoly state-run provider offering only a highly censored version of the internet.
Turkmenistan is one of the most repressive and isolated countries in the world. Dictatorship was established after its independence in 1991 by the first president, Saparmurat Niyazov, and his oppressive authority. The regime is now lead by the second president, Gurbanguly Berdimuhamedow, who came into power in 2007 after the death of Niyazov. He kept all the means of repression established by his predecessor. As a result the country is one of the most closed and very underdeveloped when it comes to access to online communication services and freedom of information dissemination.
Under the Niyazov’s rule, Internet in Turkmenistan was a gloomy picture. Starting in 1990, when Siemens and Alkatel were invited to build and develop telecommunication network in Turkmenistan, and during the entire time of his rule, Internet was only available for the government, scientific community, foreign diplomatic missions and foreigners. Ordinary people had a very limited access to the Internet. In 2000 Niyazov paced communication sector under control of monopolist Turkmen Telecom, removing 4 independent ISPs from the market. In 2002 the last few Internet cafes in the capital Ashkhabad were shut down. Barely 7% of the population had access to Internet in 2012, and in 2014 an estimated broadband penetration of less than 0.04% make a pessimistic outlook. Mobile phones used by 63% of the population, are an important tool for Internet access.
In 2007 after Gurbanguly Berdimuhamedow came to power, it seemed that Internet situation for the regular citizens has improved. In Ashkhabad 2 Internet cafes re-opened and over 12000 new computers were purchased for the local schools. Moreover the governmental website titled ‘The Golden Age’ (www.turkmenistan.gov.tm) was featured with a commenting tool, allowing users to add comments about the quality of government’s work. However the price for using public Internet (approximately 4USD/hour) was too high for an average user, the commenting tool was deactivated soon after the appearance of the first critical comments and the newly purchased computers were partly plundered (1500 netbooks with Turkmen flag on the lid were smuggled to Kyrgyzstan and sold at significantly reduced price).
Data interception and monitoring
All unencrypted online communications in Turkmenistan, including e-mail and web traffic are intercepted and analysed by the Ministry of State Security. Based on the readings of Human Rights Watch, Internet became available for the private individuals in 2008 only after a system of comprehensive interception and monitoring was installed. The system is able to recognise who sent a specific message and analyse its contents by searching for key words. Voice communications can also be intercepted. Technologically speaking the interception and monitoring are centralised, since Turkmen Telecom controls all communication channels.
Because of the total monitoring and the associated fears, Internet users in Turkmenistan have a high level of self-censorship. People are afraid to write critical comments about the current government on the Internet and those who do this are accepted as provokers from Ministry of State Security. Critics and offence towards the authorities are illegal due to current legal system and are punished with a fine, forced labour or detention up to 1 year. Offence towards president can lead to detention up to 5 years. Intelligence services analyse websites visited by the Turkmen population and can take measures against those, who criticise the authorities online. Turkmenistan is seen as one of the most censored countries worldwide.
The most noted case resulted from the systematic surveillance occurred in 2011 after an explosion on the ammunition depot in Abadan, suburb of Ashkhabad. About 200 people perished and Abadan’s population was evacuated. The authorities wanted to hide the the incident, but the Internet became flooded with photo and video materials showing the aftermath of the explosion. Consequently, the authorities arrested dozens of people, who had photos and videos related to the explosion on their mobile phones. Later, Dovletmurat Yazkuliev, blogger and the Radio Liberty correspondent, independently covering the incident and its consequences, was sentenced to five years detention on fabricated charges. However, under pressure of a number of human rights organizations he was granted a pardon.
Another example is the president’s fall from a horse during the horse race in Ashkhabad in April 2013. According to a witness, the public was not allowed to leave the racetrack area until all electronic devices with video recording function were examined. Also, intelligence services look through the passengers’ belongings at the airport. Still the video of Berdimuhamedov’s fall leaked to the Internet.
Since Turkmen Telecom is a monopolist on the country’s Internet communication market, the state implements a centralised Internet censorship. The only non-Turkmen communication operator is MTS, which recently re-started its operation in Turkmenistan. However it also gets Internet connection from Turkmen Telecom.
Filtering is exerted on the node, which precedes the frontier router of Turkmen Telecom. Analysing the current research papers one can conclude that blocking is implemented by technology similar to that implemented in China. Special equipment sends a faulty connection error signal when connecting to blacklisted IP-addresses, which does not allow establishment of a session with the blocked server.
- A user is trying to open youtube.com website and specifies its address in a browser;
- It’s IP-address is identified (184.108.40.206) and the browser sends a signal to establish a connection;
- The website responses and browser sends a signal, indicating that it is ready to receive the data;
- This entire process is analysed by special equipment installed on the operators network. In case the attempt to connect to a blacklisted website is identified, the transmitted data is replaced and the connection breaks (user gets an error message: “The connection was reset”).
The websites blocked in Turkmenistan mainly include news sources specifically covering the situation in Turkmenistan, international news and analytics websites, the websites of international organisations, some donor organisations, video hosting platforms, as well as some proxy-servers and popular blogging platforms.
There are also offline-monitoring attempts in the country. For instance, in August 2011 by the instructions of the country’s president, the authorities removed many satellite dishes owned by private persons. Official explanation is that the large number of dishes deteriorates the country’s appearance. Unofficial explanation is an attempt to control the TV content consumed by the population. In exchange the Ministry of Communications was obliged to provide cable TV services for the population. Moreover according to the witnesses’ statements during the explosions in Abadan telephone communications were completely shut down in the town. These were later reactivated for local calls within Turkmenistan only, international calls and Internet remained disabled.
Other types of existing threats and attacks
The intelligence services of Turkmenistan are not able to independently conduct DDoS attacks and hacking, however it is expected that they hire respective experts from other countries, in particular from Ukraine. Websites publishing critical content about Turkmenistan are quite often targeted by hackers’ attacks. For the last three years, the website Turkmenistan Chronicles (www.chrono-tm.org) was several times targeted by DDoS attacks, leading to its complete unavailability to users. Not only the website was hacked, also information about its subscribers list and forum leaked to the hackers.
Quite a serious threat is caused by the low computer literacy level of users, which allows malefactors to exert even elementary fishing attacks, cheating users and infecting their computers with viruses. In 2008, hackers spread a link to a slide show supposedly depicting a shooting in Ashkhabad among Turkmen internet-users. As a result, 500 users downloaded this content, which turned out to be malware and destroyed their Windows.
Potential threats, possible ways of their escalation and suggested solutions for their prevention
Taking into account the available information, the following measures to strengthen the control over users can be assumed: improving mechanism of content blocking (selected blocking of particular posts and services) by using DPI, modernising the surveillance system by introduction of long-term profiling and collecting information on users activity. Since attacks on websites, covering situation in Turkmenistan, have been registered and the majority of these websites use some form of protection technologies, the more powerful application layer DDoS attacks are to be expected. In case the level of security of the websites’ code will not improve, the number and scale of attacks and violations will most likely increase. Reportedly, the intelligence services of Turkmenistan have special instruments of voice and facial recognition(produced by Russian company “Speech Technology Centre”) as well as the FinSpy Mobile software package for spying on users, produced by the British-German company Gamma International.
A big threat is potential technical ignorance of the majority of Internet-users, unawareness of the threats and their inadequate assessment. Technologies are getting more sophisticated every year, new services and devices are coming to the market, which results in new threats as well. For reliable protection from these new threats it is necessary to obtain particular knowledge, have basic computer skills. Awareness is key, but it is very important to follow the elementary rules of “cyber-hygiene”: don’t use pirated software, regularly update all software products installed on the PC, use a reliable anti-virus software and have strong passwords. Currently the majority of users do not follow these simple rules. Ignorance and carelessness provide an ideal environment for malicious software utilisation and spread of virtual infection among computers.
Technical support for information services and resources providers covering Turkmenistan issues is required. The mission here is very specific: technical assistance in auditing websites’ code and consulting service holders on on-going issues (for example, users anonymity in comments, server activity and load monitoring etc.). Services for protection from DDoS attacks and traffic clean-up from hacking attempts and discrediting as well as solutions for users protection from traffic interception and spying by the website are necessary.
Security tools you need to use in 2015
Everything shows that 2015 is becoming a year where topics like surveillance, censorship, freedom of speech, and privacy are becoming important topics in daily life. Whether you are a journalist or a critical internet user, below are the 8 tools you should use in order to protect yourself online:
#1. Tor: a program for serving Tor and related files over SMTP. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
#2: OpenWhisperSystems: offers different open source mobile applications for secure communication. The apps offer end-to-end encryption over the air and on your phone, securing your conversations and texts.
#3: PGP (Pretty Good Privacy): a data encryption and decryption tool that provides privacy and authentication for data communication such as texts, e-mails and files sent by e-mail. By using PGP, you can protect your email communications from being read by anyone except their intended recipients. It can protect against companies, governments, or criminals spying on your Internet connection, and, to a lesser extent, it can save your email from being read if the computer on which they are stored is stolen or broken into.
#4: Jitsi: a cross-platform, free and open-source program which supports Instant Messaging (IM), voice and video chat over the Internet. It supports many of the most popular and widely used IM and telephony protocols. It offers additional independent encryption for text chats through the OTR (Off-the-Record) protocol, and voice and video sessions. Jitsi runs on Microsoft Windows, Mac OS and Linux. The Android version is forthcoming.
#5: Avast! Anti-virus: a free, full-featured anti-virus program that detects and removes malware and viruses from a home or personal computer.
#6: Riseup: a secure e-mail client for people and groups working on liberatory social change, providing a relatively safe means of e-mail communication for them. Riseup provides online communication tools for people and groups working on liberatory social change.
#7: Tails: a live operating system that can started on almost any computer from a DVD, USB stick, or SD card. Tails provides a platform to solve many surveillance problems by “doing the right thing” out of the box by default, protecting even less tech-savvy users from the most likely and highest impact risks. Journalists can use Tails to write articles, books and create movies. Journalists use Tails to chat off-the-record, browse the web anonymously and share sensitive documents. Many human rights defenders and journalists overseas depend on Tails to do their daily work, if not simply to stay alive.
#8: VPN. encrypts and sends all Internet data between your computer and another computer. This computer could belong to a commercial or nonprofit VPN service, your company, or a trusted contact. Once a VPN service is correctly configured, you can use it to access webpages, e-mail, instant messaging, and any other Internet service. A VPN protects your traffic from being intercepted locally, but your VPN provider can keep logs of your traffic (websites you access, and when you access them) or even provide a third party with the ability to snoop directly on your web browsing. Disclaimer: not all VPNs are evenly secure, and it is advised to only use a VPN which you trust!
For more tips, guidelines and self-diagnostic tools to remain digitally secure, check our Digital First Aid Kit: https://www.digitaldefenders.org/digitalfirstaid/
Digital emergencies during the summer of 2014
The summer and early fall of 2014 was sparked with different digital emergencies worldwide. In the Middle East, human rights defenders in Bahrain keep being the target of government repression. Past months were a very hard period for human rights defenders with one arrest following the other. Surveillance of online platforms of mobile messaging apps has become a hallmark of the Bahraini government’s repressive measures against pro-democracy activists.
Furthermore, Russia keeps tightening its grip on online traffic through an extensive series of stringent regulations. According to government decree users will soon be asked to show their IDs or passports when logging on to public WiFi networks. Besides blacklisted websites, censorship of social media accounts have been reported in several instances. VKontakte accounts pledging for more autonomy of Siberia have been suspended, and Twitter removed access for Russian users to @b0ltai, the account of a hacker collective that leaked a number of internal Kremlin documents online.
Then, The House News, a popular pro-democracy news site in Hong Kong modeled after the Huffington Post, had to shut its doors on July 26, under significant political pressure and the withdrawal of advertisers. Seeing the developments of the last months the picture for Hong Kong media looks grim.
On news about circumvention and security technology, there was a remarkable security advisory by Tor in July, in which it notified users of an attack on their service. The attack started in January, and appeared to have been targeting people who operate or access Tor hidden services. Tor explains that it cannot entirely know what that means for users who were infected and clarified the technical details of the attack in their security advisory.
Mitigating digital threats
This summer, the DDP supported projects worldwide to mitigate digital emergencies. The DDP financially supported a total of 30 organisations to mitigate digital threats, of which 6 organisations in this quarter. Furthermore, DDP frequently steps in with support through brokering. The DDP has engaged in various brokering activities for over 86 different human rights defenders- and media organisations that suffered a digital emergency. The DDP is a trusted port of call for at risk communities on the frontlines, which are reaching out to the DDP for advice on a digital emergency response – either directly or through intermediary organisations.
The grants and DDP brokering provided 835 users with direct emergency response, such as DDoS mitigation for websites under attack, legal support, the replacement of equipment and retrieval of hijacked accounts or extensive digital security audits and policy creation.
Are you based in a repressive country, and do you face a digital emergency? Contact the DDP at ddp[at]hivos.org or fill in our grant application form for support.
Internet Governance Forum 2014 – Istanbul, Turkey
From 2-5 September 2014, the ninth Internet Governance Forum (IGF) took place in Istanbul, Turkey. This UN-initiated body is a multi-stakeholder, non-decision making forum of global importance for forward-looking discussions on Internet issues.
Throughout IGF, digital rights advocates — including activists, civil society actors, and NGOs — focused on the state of digital rights in Turkey by publishing reports and assessments, raising public awareness of the issues through social media, and supporting the Internet Ungovernance Forum (IUF), organized by Turkish civil society.
The Digital Defenders Partnership (DDP) was present at the IGF this year, actively participating in a number of coordinating initiatives of civil society and highlighting crucial issues during different sessions during the forum – ranging from threats to (online) freedom of expression and privacy to the circumventiontools present at the moment and the challenges they face.
Jointly with partners APC, Tactical Tech and the Web Foundation, DDP contributed to a so-called disco-tech which was organized on the pre-evening of the IGF. To ensure meaningful exchanges between techies, activists and policy advocates, informal discussions in a comfortable setting were sparked by stimulating short presentations, with surveillance and circumvention tools as a theme. With Fieke Jansen from DDP contributing as one of the featured speakers, organic conversations and short lightening talks centred around censorship and circumvention, problems and solutions for internet rights.
GISWatch Report: Communications surveillance in the digital age
One of the highlights of the IGF was the launch of the Global Information Society Watch report on mass surveillance, which is co-produced by the DDP. In this chapter, author Fieke Jansen states the specific challenges which go hand-in-hand with mass surveillance, and how to mitigate these threats: ‘Prevention is key: try to increase the overall digital security awareness and practices of your organisations, establish a relationship with a technical person you trust and can turn to for immediate advice, make a thorough threat analysis, and establish some protocols and procedures in case you are targeted. If you think you are suffering a digital attack, turn to a trusted technical expert or international organisation or make a self-assessment.’
The Internet Ungovernance Forum: An Alternate Sphere
In the spirit of raising awareness and facilitating discussion on critical digital rights issues that were not included in the IGF agenda, the Internet Ungovernance Forum (IUF) was convened in parallel to the IGF on September 4–5, 2014. The event was organized by Alternatif Bilisim, a Turkish civil society organization, and brought together a range of interesting and noteworthy speakers (including Julian Assange who made a surprise appearance as the closing speaker) to present on issues such as net neutrality, citizen journalism, and the use of online resources to support democratic protest movements. DDP was present to engage with the participants of the alternative IUF that further deepened debate strategies to ensure and protect an Internet that is open, free and secure.
From Digital Threat to Digital Emergency
The 2014 edition of GISWatch focusses on Human Rights and Communications Surveillance. The annual publication includes 53 country reports on the local state of surveillance and eight thematic reports. Fieke Jansen, Programme Manager of the Digital Defenders Partnership has contributed with a thematic report that looks at the digital threats and digital emergencies human rights defenders face. In this article Fieke goes into the Challenges, threats and digital emergency on the level of infrastructure, censoring of content and profiling of people. Find the article here
Call for Proposals: Strategic Digital Emergency Response
The Digital Defenders Partnership is pleased to announce its first call for the submission of proposals for Strategic Digital Emergency Response.
The Digital Defenders Partnership is a competitive grant making mechanism providing support to organisations and individuals working in the digital emergency field. The Partnership invests in organisations and individuals working on solutions to digital threats faced by journalists, bloggers and human rights defenders. Our aim is to stimulate a robust digital emergency sector which can respond to threats in a timely and comprehensive manner.
Call for Proposals
This call for proposals is limited to Strategic Grants and will be open from 1st August until 24 August, 2014 at 18.00 o’clock CEST. Proposals can be submitted to the DDP secretariat through email to grantsddp @ hivos.org. Selected grantees are expected to be announced by the end of September. Information on the Strategic Grants, Process of Submission, Grant Requirements and Guidelines for Proposal can be found here.
If you are suffering from a digital emergency or facing a digital threat and are looking for direct support, please check out our emergency grants or direct support grant. Request for Emergency Grants or Direct Support Grants can be submitted through our website at any time.
For Strategic grants the Digital Defenders Partnership is looking to support projects that address gaps in the digital emergency response.
These gaps can relate to the mitigation of digital threats to bloggers, journalists and human rights defenders directly, gaps in safe and secure communications (including mobile) for these groups at risk, gaps in expertise, and emergency response and direct support networks. The support can only be awarded if it concerns a project in or directed at internet repressive and transitional countries.
For more information on the Call for Proposal Strategic Grants see here
Spring 2014 marked by an increase of digital attacks
The technology, censorship and surveillance landscape is changing rapidly. Over the past months, we have seen an increasing need for support on digital attacks on human rights defenders, journalists and activists globally: while China is intensifying its censorship and blocking search engines like Google and social media websites, the military coup in Thailand in May of this year led to increased measures of repression and censorship throughout the country. Furthermore, Russia passed new laws to tighten its grip on blogging and social media, and is fast to acquire more powers to block Internet services originating abroad. Worldwide, bloggers and activists are being attacked and arrested such as the six bloggers of the Zone Nine blogging Collective in Ethiopia, Global Voices author and analyst in Tajikistan, as well as multiple bloggers and journalists in the Middle East.
Getting access to data, preferably personal data, is becoming more and more popular. It is used to profile individuals and organisations, track their activities and map networks. Fortunately, the counter-movement is also increasing. Digital Defenders Partnership (DDP) was able to support more organisations in repressive countries than in previous quarters, offering direct support, and advice to mitigate digital emergencies of at risk communities to a total of 473 users and 24 organisations. Furthermore, DDP collaborated with Virtual Road in their immediate response after the Heartbleed vulnerability was discovered, scanning over 3000 websites covering topics on freedom of expression. The requests for support – either direct advise, or grants – in situation of political upheaval, repression or conflict have led to several new connections in our continuously expanding network, for example in Thailand, Brazil and Zimbabwe.
An increasing way of support happened through brokering. The DDP is a trusted port of call for 49 human rights defenders and media- organisations at risk, who reached out to the DDP for advice on a digital emergency response – either directly or through intermediary organisations. In these cases the DDP often functions as a node in digital threat mitigation efforts. This way, it can broker third party intervention from an extensive network of lawyers, technical specialists and training organisations with specific experience in this area.
Overall, there is a clear sign that governments around the world intend to censor information and use more complex surveillance systems to track individuals as well as organizations. DDP sees that the need for support and training as well as brokering is therefore increasing. In the coming time, not only grants and advice will continue, but the program will also look into a more structural way of securing organizations and human right defenders.
Digital First Aid Kit for online activists
On Wednesday 9 July, a collaborative effort from different digital security organizations launched world’s very first Digital First Aid Kit: a self-assessment tool for journalists, bloggers and online activists who face digital threats. The Kit helps you determine whether you can mitigate the issue on your own or whether you should seek professional help.
Everyone knows the feeling of losing a phone, or having an email-account hijacked, and the overwhelming powerlessness that consequently ambushes. Remember this feeling, and put it in an environment where it’s actually dangerous for your personal information to be out in the open, captured by your adversary, and you can’t get hold of it. The Digital First Aid Kit is established to provide preliminary support for anyone facing the most common types of digital threats, such as malware, account hijacking and DDoS mitigation. The Kit offers guidelines and a set of self-diagnostic tools for journalists, bloggers, activists and human rights defenders facing digital attacks. First Aid, because the Kit gives you quick tools that guide you to make a first assessment to take preventive measures when being digitally targeted.
A turbulent period in history The last months have been a turbulent period in the history of internet freedom and digital security. The battle over and on the internet has intensified, individuals and groups who are the watchdogs of society: activists, journalists, human rights defenders and bloggers, are increasingly under digital attack. At this moment, 351 journalists and netizens are imprisoned, writes Reporters Without Borders, and according to Reuters, ‘21 of the world 25 top news-organizations have been the target of likely state-sponsored hacking attacks’, not to mention the countless critical internet users facing digital threats every day. Usually, he or she does not know what to do when in danger. This led to the idea that everyone should be able to take preventive measures and take responsive steps when they are in danger, to avoid emergencies.
A collective action With global partners in the field of internet security, EFF, Global Voices, Front Line Defenders, Internews, Freedom House, Access, Virtual Road, CIRCL, IWPR, Open Technology Fund and independent security experts, Hivos & the Digital Defenders Partnership put their heads together and came up with the Digital First Aid Kit. As an open source, the Digital First Aid Kit is a work in progress and will be continuously updated by experts on the digital frontline, and anyone who wants to contribute.
For more info on the Digital First Aid Kit: https://www.digitaldefenders.org/digitalfirstaid/
For inquiries or comments, please send an e-mail to: ddp[at]hivos.org
Report: Mapping Digital Threats in Egypt, Bahrein and Tunisia
Ever since Mubarak pulled the internet kill switch in Egypt during the 2011 protests, digital emergencies have become more visible to the public. Yet, much digital targeting of human rights defenders, journalists, activists and bloggers goes unnoticed. They are being targeted by attacks that range from DDoS (Distributed Denial of Service) attacks on their websites, spying on their phone calls and email traffic, to the stealing of their laptops or mobile phones.
In more repressive countries, these attacks go hand in hand with physical harassment and arbitrary arrests. DDP is committed to assisting local groups in specific regions to mitigate their digital emergencies. It supports initiatives that are relevant to bloggers, journalists, human rights defenders and digital activists on the ground and seeks better understanding of the circumstances that they are operating in.
Therefore, at the beginning of 2013, the DDP commissioned a number of scouting missions by local experts in several regions to garner views from the street, map digital threats against bloggers, human rights defenders, journalists and activists, identify key actors and assess what the opportunities for cooperation and support are. The scouting missions focused on the Middle East and North Africa (MENA) region and incorporated Egypt, Bahrain and Tunisia.
The scouting missions resulted in a series of reports containing information on each country. Each report comprises general information about the political and technological situation in the region and the specific country; a needs assessment of critical internet users; and reflection on the emerging threats to internet freedom and personal safety experienced by the target group. In addition, the reports include a description of the national context, local activism to protect rights online and recommendations.
It should be noted that the scouting missions were executed in 2013 and, therefore, the content of the reports reflects conditions in that period.
These reports are based on interviews with journalists, human rights defenders, activists and bloggers in the Middle East and North Africa. The content describes their reflections and personal opinions and cannot, therefore, be considered as factual information.
VirtualRoad.org – a digital bodyguard for suppressed voices
One of the most common forms of online censorship is instigation of cyber attacks that aim to take websites offline, or to make them inaccessible to their readership. Independent government-critical media outlets are common targets, as well as human rights organisations. To support organisations to mitigate these vile attacks, the DDP has a strategic partnership with the organisation Qurium Media Foundation (aka VirtualRoad.org), which is specialised in Secure Hosting.
VirtualRoad.org works as a digital bodyguard for online news media and human rights organizations primarily in oppressed countries and in many of the world’s dictatorships. VirtualRoad.org defends information on the Internet that other hosting providers do not want to, or can not, deal with. They host independent media from countries with repressive regimes, where public and open opinions are a crime in itself. Their clients constantly suffer from all known forms of cyber attacks. An unfair war, where governments and cyber armies attack small independent news outlets with scares resources to defend themselves.
The mission of VirtualRoad.org is to protect the freedom of information of exile media by offering the technical infrastructure and expertise to fight denial of service attacks and other types of cyber attacks. Since the start in 2009 VirtualRoad.org is now hosting media sites from more than 20 countries, such as Azerbaijan, Burma, Iran, Nigeria, Rwanda, Sudan, Sri Lanka and Zambia.
The activities of VirtualRoad.org do not only ensure that news and information of critical media is available at crucial times, it also makes sure that sensitive data is properly protected, and allows sites to grow as a result of their online presence.
With the DDP support, VirtualRoad.org has invested in hardware to keep the mitigation platform updated and resilient against the ever-changing cyber attacks that are being launched against its clients. The support will also allow VirtualRoad.org to develop tools for monitoring and prevention of attacks, that will improve the services offered to current and future clients.
For more information, see www.qurium.org
Contact Qurium: https://www.qurium.org/contact/
Reading tip: The Guardian on the digital arms race.
Yesterday The Guardian published a great article about the big players in surveillance technology and how their technologies are used to spy and control users in repressive countries. Such as the Italian company Hacking Team, who sold its malicious software to the UAE and Morocco, where it was used to target at least one activist and a media organisation.
The article also delves into the many efforts to protect critical users from this surveillance technology and digital attacks. Like the great work of Citizen Lab, researching the origin of malware, or the ways in which Privacy International and politician Marietje Schaake try to hold companies accountable for trading in digital arms with repressive regimes. The Digital Defenders partnership is mentioned as well. A small correction there – the DDP does not have its own DDos mitigation service, but has a strategic partnership with the great folks from Virtual Road in their continuous hard work to keep websites under attack in the air.
Read the article ‘The digital arms race – and what is being done to fight it’ here.
Heartbleed; What you can do about it
Are you a Human Rights or Media organisation and running a website? This could be important information for you! You might have heard in the media that security researchers have found a huge security vulnerability in the Internet that has been named Heartbleed. In short, Heartbleed is a critical flaw in OpenSSL, a software which is used to secure hundreds of thousands of websites, including major sites like Instagram, Yahoo, and Google. This security exploit can give attackers access to sensitive information like logins and passwords, as well as session cookies and possibly SSL keys that encrypt all traffic to a site.
The solution is not difficult to implement, but it is important that it is done as soon as possible! Below you find the steps that are recommended by VirtualRoad.org on how you can patch your broken OpenSSL library:
Step 1: CHECK IF YOUR WEBSITE IS RUNNING THE VULNERABLE VERSION OF OPEN SSL
You can do this here:
Step 2: UPGRADE YOUR SSL LIBRARIES IN YOUR HOSTING PROVIDER
Upgrading the website to the patched version of the library will require you to inform your hosting provider or web administrator immediately and ask them to upgrade the software (SSL library). They will need to reboot the server for the changes to take effect. Redo step 1 to see if the problem is solved.
Step 3: CHANGE PASSWORDS
Please note that an attacker could have been able to retrieve your passwords. In all cases it is advisable to change all passwords to the website, but especially if you have logged into you website in the last week.
Step 4: RE-KEY YOUR SSL CERTIFICATE
If you run your website under HTTPS where confidentiality is key for your work, we strongly advice you to Re-key your SSL certificate immediately. The process of re-keying a certificate needs to be done with the same Certification Authority that you purchased your SSL certificate to. Renewing the existing certificate will not fix the problem, you need to create a new certificate and revoke the current one.
For more information on Heartbleed please look here
The Digital Defenders Partnership would like to thank VirtualRoad.org for their timely assistance in detecting Heartbleed among our partners and providing clear instructions on how to deal with the problem.
Digital Defenders Partnership; short overview of results in 2013
In 2013 DDP support contributed to safe internet access for critical internet users in countries in Central Asia, Middle East, South East Asia and Central America.
A short selection of our results in 2013.
Grant making: Through grant making the DDP supported several organisations to mitigate digital threats. For example by establishing safe internet access for approximately 1900 users through VPNs and other circumvention technology. The grants provided 108 users with emergency response, such as DDoS mitigation for websites under attack, legal support, the replacement of equipment and retrieval of hijacked accounts or temporary digital security helpdesks. On top op that, 162 people were trained on digital security, to make them more aware of risks and less vulnerable for attacks.
Strategic Partnerships: The DDP supported strategic partners who provided legal support, regional digital security consultants, secure hosting for very high-risk websites. Furthermore, 1500-2000 users a day are supported to circumvent censorship by browsing anonymously by increasing the architecture behind Tor.
Brokering: The DDP has engaged in various brokering activities for 17 different human rights defenders- and media organisations that suffered a digital emergency. By either providing direct assistance to mitigate the digital threat or by brokering third party intervention from an extensive network of lawyers, technical specialists and training organisations with specific experience in this area.
Research: The DDP commissioned two regional studies (MENA and Central Asia) into particular threats that journalists, HRDs, bloggers and activists face. These studies will be made available soon to download.
DDP is looking for Programme Officer Technology & Safety
Are you interested in technology and human rights and do you have the technology skills we are looking for? The Digital Defenders Partnership is expanding the team and we are looking for someone who has can mitigate and analyse threats bloggers, journalists and human rights defenders around the world are facing. Do you want to know more about what we do and what we are looking for in a Programme Officer Technology & Safety please click here. Deadline is the 21st February 2014.
‘Whatever states will do in attempt to curtail human rights online, they will fail. The Internet is such a powerful messenger. Technology evolves so rapidly. States won’t keep pace with users. The Internet will prevail as an open space of communication and the free flows of ideas.’