By Zabihullah Noori, Deputy Director, Afghanistan Journalists Center
June 22, 2018
At this age of technology where activists use various forms of digital communication whether it is texting on a mobile phone, sending an email, twitting breaking news or organizing an online campaign on Facebook, the privacy and the protection of data is at the center of all these platforms.
Afghanistan Journalists Center as associated member of the CIVICUS participated in a digital security training that discussed the techniques and maneuvers of detecting data breaches and coming under cyber attack through phishing, malware, and spywares. The training also provided useful tips and list of procedures to follow on how to limit these threats and try to prevent them in the first place.
First and foremost, journalists, civil society activists and human rights defenders should download software from well-known sources. Regularly update their computers, tablets and mobile phones. Un updated software are more vulnerable to cyber attack. They should also install an anti virus on their Mac and PC desktop, laptop, tablets and mobile phones and run a health check at least once a week.
Once these steps are done then the journalists, civil society activists, and human rights defenders can follow these measures that will assist them to safeguard their data and devices such as computers, tablets and mobile phones and to protect their identity from hackers.
Password is at the heart of protection. The stronger the password, the more you are protects. The creation of a strong and unpredictable password backed up by a Two Factor Authenticator (2FA) is utmost importance. Passwords are the primary key to hackers who would be interested in hacking one’s account. The weaker or the most predictable the password the more it makes the hackers’ job easy to break in into the account. A password of 15-20 character-long containing numbers, characters and Upper and lower case letters would be really hard for hackers to break in. The 2FA will put another protection layer into the account. Even if ahacker manages to figure out the password in an activist’s computer, it will be really difficult to break in the 2FA that has been activated in another device such as mobile phone.
Variation of passwords for different accounts is another recommendation that journalists and activists must consider. If the same password were used for different accounts, once a hacker manages to break in one of the accounts, then breaking into all accounts wouldn’t be a hard job.
Since memorizing so many passwords is not an easy task, using the password manager can help. Password manager is a great help in two ways. First for creating a strong randomized password, and second for storing all the randomized passwords for different accounts into a password protected folder. Instead of memorizing 10 different randomized passwords, the activist will only need to memorize the password for the Password Manager application.
Encrypting the computer hard drive, USB and external hard drive is another measure in keeping the data protected and secure from the hackers. It is worth noting that in some countries the governments can force the service providers to share the contents of the activists with them. However, if the data is encrypted, it will make it really hard, if not impossible to decrypt the data, given that is protected with a strong, unpredictable and randomized password and the 2FA.
Some countries ban activists from their activities by imposing restriction on their Internet. To break this and to be able to access the Internet and do not disclose your physical location to such authorities, it is better to use a Virtual Private Network (VPN).
If you ever felt hacked or got suspicious of coming under a malware attack, you can contact Afghanistan Journalists Center that will connect you to the right sources at Access Now whose staff will analyze the threats and advise you on how to deal with it.
And finally since journalists and activists try to reach as many people as possible they reach out to various sites, particularly social networking sites that are vulnerable to hackers. The activists and journalists must take extra care in using the sites that are safe for their communication.
Below are the list of some of the website and the purpose they could be used for.
https://www.google.com/landing/2step/ (Google 2 Factor Authentication to back up your password)
https://www.cnet.com/news/the-best-password-managers-directory/ (Password manager for creating randomized password and for storing all your passwords in one place)
https://prism-break.org/en/(websites for downloading open source websites)
https://www.accessnow.org/blog(warning about serious threats)
https://www.torproject.org/(keep your search anonymous and encrypt your search, but only use it for delicate and sensitive matters)
https://haveibeenpwned.com/(check if your email has been hacked)
https://share.riseup.net/(files sharing= equivalent of we transfer, but a lot safer)
https://www.sync.com/(for end to end encryption-*paid)
https://signal.org/download/ (-messaging, audio and video calls)
https://wire.com/en/(video calls-End to End encrypted)
https://securityinabox.org/en/(offer step-by-step instructions to help you install, configure and use some essential digital security software and services)