Guide to Safer Online Environment to Journalists: How to detect and protect against cyber-attacks, and how to avoid and face online harassments

للنسخة العربية، الضغط هنا

Smart phones and various communication devices have become n “need” for many working remotely or having to communicate with sources, especially journalists, as they provide them with easy access to information and direct access to sending options, which constitute an essential pillar of journalistic work (receiving and disseminating information).

This exchange has made journalists and human rights defenders among the main targets of spyware by authoritarian governments on one one hand and those seeking to hide what the journalists are trying to reveal on the other, especially in times of crises and/or fateful and decisive periods, such as pandemics outbreak, elections, armed conflicts….

 The Journalists Support Committee (JSC) reported in a study entitled, “Freedom of the Press and the Rights of Freedom Defenders in the Middle East: Hostages in the Grip of Israeli Spyware Industry and Their Governments,” about the suspicious Israeli development in this field and the existing cooperation between its companies, especially NSO Group and Circles, and countries with a long history of violations of human rights in general, and the right to freedom of speech and expression and press freedom.

With the spread of malware to infect devices, especially with the Zero-Click technologies which characterize the third generation of the Pegasus program developed by the Israeli NSO Group and exported to many systems with a history of violating human rights, global interest in security has increased. Cybercrime, especially for journalists.

As such, the Journalists' Support Committee presents you a simplified guide on: Signs of infection of your device (smartphone, computer…), Steps to protect your devices from cyber-attacks (smartphone, computer...), and tips to avoid and face online harassments and intimidations.

Major Signs of Possible “Infection”

Following is a list of the most prominent signs that your phone or computer MAY be hacked by spyware and ways to detect it, especially with the development of Zero-click techniques, which enable the target parties to attack your device, without the need for you to click any malicious link or reply any call.

1. Automatic activation of downloading applications from untrusted sources feature

The feature to download applications from unknown or trusted sources, Root or Jailbreak, is available on some devices to allow their owners to download certain applications of their choice. However, activating this service on the device on its own, without your decision to activate it, may be an indication that your device has been hacked, allowing access to its fundamental operating system and modifying it.

2. Unknown apps in use which you have not installed

Check your phone’s settings-> Battery usage detection by the software: There you will check the applications which consume power, or by accessing the Network and Internet option-> then “Data usage”, or by going to Advanced Options -> “Accessibility”.

If you find any active application that you did not download yourself, this may be an indication of a hack that you have been exposed to that installed special software on your phone to make sure that all the existing applications you have chosen to download.(Delete the suspicious applications from your phones and devices immediately if they are present, and contact your IT to check your device).

3. Rapid Unjustified Depletion of your Internet Data Bundles

The suspiciously rapid increase in your consumption of Internet data, especially at times when you are not downloading, sending and following up on data-intensive files, may indicate the installation of surveillance software that receives and transmits data on your phone.

4. The Suspicious heating of your device (your phone or computer), even when not in use

The temperature of electronic devices rises at a relatively acceptable rate during the period of their use. However, the suspicious high temperature of the device, even though it is not in use, may be an indication of loading the device’s CPU by hacking programs which are constantly run or at allotted times.

5. Rapid drainage of the battery

Spyware and hacking software usually run continuously in the background of the device software, causing additional and rapid battery drain.

6. Hampering device performance

Due to continuous performance in the background and access to many of the device’s settings and applications through receiving and sending data (photos, conversations, messages, calls, videos, microphone, browsers, etc...), hacking software may weaken the device’s ability to respond to your commands (especially in terms of Call, sharing photos and videos, text messages, voice messages....), indicating possible malware malfunction.

7. Your device sends messages and makes calls that you did not make yourself and your personal messages are rejected

If you discover among your data that there are suspicious numbers that you did not contact (you did not receive a call from and you did not contact them), or you find text messages or emails that you did not send, this is a possible indication that your device has been hacked, especially if it contains texts with more frequent grammatical errors and misspellings, incomprehensible words, punctuation marks and special characters, not necessarily only links.

You may also notice that the messages you send are rejected or classified as Spam for an email that has already received and identified your messages.

8. Increase in pop-ups

Although malware (non-spyware) also depends on increasing the frequency of pop-ups to display profitable commercial advertisements, this may sometimes indicate the presence of malicious software that may require your attention and caution.

9. Strange noise in the background of the device

It is true that many phones or computers may make strange sounds sometimes, but their continued appearance (such as regular noises and buzzing....) may be a sign that your device is being eavesdropped, whether on the phone or through connected computer microphones and cameras.

10. Your device does not respond directly to “Shutdown” and “Exit” decisions

If you notice that your device does not respond or is slow to respond to your decision to turn it off or to exit an application or program, this may be an indication that it has been hacked by software trying to terminate the sending or receiving services before allowing the device to stop working. For some compromised devices, they may completely stop responding to shutdown commands.

11. Auto-turn on of Bluetooth feature

If you notice that the Bluetooth feature on your device (phone or computer...) is turned on by itself without you doing so directly, this may be an indication that your device has been hacked by relatively close devices without the need to touch it.

12. Stop caching data (especially video and audio files) on your device

A weak network may cause slow streaming of videos or audio files which you watch or download to your device, but a high frequency of “freezing” with a good internet may be a suspicious indication that your device's internet connection is being shared with an additional party. This is what may happen, especially after your device (computer or phone) is connected to an unreliable or public network.

13. Programs and applications suddenly stop and then return to work on their own

Hacking programs often control a high percentage of applications and programs on your device, stopping their work, activating, weakening, or encrypting to prevent you from accessing them again. Therefore, your observation that certain programs stop suddenly (especially antivirus and task manager) or prevent you from opening your files may be an indication that they have been hacked.

14. Sudden device restart

If you notice that your device is restarting on its own or it notifies you and warns you that it will restart without justification, this may indicate that it has been hacked.

15. Device partitions work by themselves

If you notice that the mouse cursor is moving alone, or it is selecting or pointing to something, or the keyboard of your computer or phone is slow to respond or types something other than what you requested, these are strong indicators of a hack.

16. Redirecting to different websites on the Internet

If you notice that your device is moving you, quickly and randomly, among different windows and pages other than the ones you seek to access or even without trying to access any page, your device may be hacked.

17. Losing files, programs or applications

The hacking software may delete or cut files off your device to send them to the operators, or delete software and applications which hinder its action on your device. Noting these incidents must draw your attention and caution.

18. Modification of the home and browser pages

Unjustified modification of your device screen or the browser home page or the default search engines may be indications that your device has been hacked.

19. Auto-turning on the camera or microphone

Although it may happen by chance, the frequency with which the camera flash is automatically turned-on on your device or the microphone is turned on may indicate that it is activated by hacking programs to follow its surroundings.

Related Articles: Step by step.. Here's how to activate a tool to ensure that your phone has not been hacked by the Israeli "Pegasus" spyware

 Steps to Better Protect Your Devices from Cyber-Attacks

1. Ensure that the applications and programs on your phones are constantly updated, as updates usually aim to raise the level of security.

2. Download applications which combat malware, including spyware and viruses, including Incognito, Certo, Kaspersky Antivirus, Bitdefender and others...

3. Adopting two-factor authentication mechanisms to ensure that you do not log into your accounts (especially social networking applications) without your permission.

4. Through the phone settings, it is necessary to constantly monitor the active devices of your accounts, whether it is e-mail, or the pages of social networking sites (Facebook, Twitter, instagram, WhatsApp and others) to make sure that there is no unknown account .

5. Be sure to follow the active applications which are constantly active in the background of your devices and make sure that you have downloaded them yourself, or remove the suspect.

6. Avoid using unencrypted public internet networks (Wi-Fi), which is one of the easiest ways for hackers to store, control and modify your data.

7. Avoid turning on the Bluetooth feature in a public place or connecting to a device that is not trustworthy.

8. Avoid Rooting (Android) or Jailbreaking (iOS) to download apps from untrusted sources.

9. Change passwords periodically, adopt strong passwords, and avoid using the same password for multiple accounts.

10. When purchasing any new device, you must log in using your own account (Gmail or icloud account). And when buying used devices, it is necessary to delete the old account and access your own.

11. Avoid clicking on any “strange”, provocative, or anonymous links to avoid phishing messages.

12. Avoid using a USB cable to charge your device at any external charging point or unreliable computer because of its ability to allow data access and replace it with a charger or “power-bank”. If necessary, select the "Charging only" option and disconnection from the computer.

13. As it is widely used, end-to-end encryption does not necessarily protect your WhatsApp account from hacking. To protect your account, never share your WhatsApp code with anyone, and make sure you activate Two-step verification in your WhatsApp Settings (Click here for simple demonstrative video of the steps).

How to "Disinfect" Your Device? 

Knowing that spyware technologies dedicate a great section of their research on “secrecy” of action of developed applications and programs, as well as alarming procedures to indicate attempts to uninstall the “malware”, the “monitoring agency” would recognize the removal of the program once data flow stops.
To disinfect your device, you may try to: 
1.    Run a malware scan: Most electronic devices (computers and phones) have their antivirus programs which are able to detect and remove basic threats. 
2.    Change passwords frequently and use strong-hard-to-predict ones. 
3.    Enable Two-factor-authentication to protect your accounts and ensure that logins require your consent from a non-trusted device. 
4.    Update your system software as the newer versions often include solutions to security breaches patches.
5.    Restore Factory Settings: After backing up your important content, reset your software settings (for Android: Settings > General Management > Reset > Factory Data Reset, for iOS: Settings > General > Reset). 
6.    If the problem persists, check with CyberSecurity specialist and avoid using the device in close proximity meanwhile. 

Tips to Protect Yourself from Online Harassment

Not only journalists themselves but also their close family members, colleagues, and friends could be in the target zone of online harassment. By trying to impersonate or publicize personal information about a journalist, some parties try to intimidate a journalist to keep him or her from following up on a certain critical case under study. This is why many journalists, especially investigative journalists, are trying to protect themselves by minimizing the available public information about their whereabouts to avoid any possible online harassment, discrediting, shaming, defaming, bullying… which in many cases develops into physical assaults as well.  

Knowing that taking down information posted online may take a while and is not immediate, especially if it is published by a third authorized party (employer, government agency…), here is a list of some advice to keep in mind:

1. If possible, try to separate your personal and career life. Using different devices (computers and phones), different emails, social media accounts, and others could protect your personal life (once kept private and shared with trustees) from possible attackers.
2. Keep in mind that online attacks are usually organized and coordinated so that attackers target the same “victim” in large numbers at the same time. So make sure you have a group of friends or family or colleagues who are aware of possible close attacks to keep you alarmed and supported.  Moreover, attackers seek to reach out your close inner circles with “scandals” before reaching out to others, as they know you value those “insiders’” image of you.
3. Avoid publishing “online print” (personal information) online, being your location, personal pictures, personal updates and key news which may be abused by attackers. If you feel more likely to share them, make sure to adjust your privacy settings to trusted audience and secure your accounts (check above).
4. Disable location tracking services, especially on social media accounts.
5. Always go over public information available on your social media accounts and your professional accounts, by using View as features, to eliminate any info. You feel unlikely to share anymore, like children’s pictures, personal pictures, addresses, check-ins….
6. Set up Google alerts for your name, initials, nicknames, or others, including possible misspellings in the different used languages, so as to be alarmed if you are mentioned online.
7. Keep in mind that any picture you post, video, text or any that you share through private or direct messages is never deleted off the network servers, even if you delete them on your side and the other side’s, unless after going through legal procedures with the servers.

Dealing with online harassers:

Once a target, a journalist should immediately coordinate the ongoing with his-her media outlet or agency or order or syndicate as well as local authorities. If they have a special department for that, they may offer the needed technical, legal, and psychosocial support. If not, and in parallel:

1. Avoid replying to those who are harassing or attacking you. Keep in mind that “attackers” usually act in large numbers: commenting, posting, sending direct messages, and emails. Replying them is to give them one of their aims: hindering you from fulfilling your missions. The more you reply, the more they are likely to focus their targeting, as more of your followers could get to know about it.
2. Monitor the comments and replies or messages to distinguish real from “fake or automated” responses (usually automated responses follow same pattern).
3. Make sure you document abuses, attacks, insults, offenses, especially including life threatening messages or holding potential physical threats. This could be by taking screenshots, keeping the URLs of the profiles, recording the calls or audios received… remember to keep track of the time and circumstances, as well.
4. If recommended by your local authorities and legal references, consider blocking the real accounts harassing you to avoid their impact, especially at the psychosocial level. As well, consider disabling your personal accounts if enough information is already collected by your legal agency about the attackers, to minimize their effects.

Cover Photo Courtesy: Jagwire