In late 2012, the Digital Defenders Partnership (DDP) was established to provide rapid response to threats to internet freedom. The Partnership aims at keeping the internet open and free from emerging threats, specifically in internet repressive and transitional environments. It also wants to increase and better coordinate emergency support for the internet’s critical users, such as bloggers, cyber activists, journalists and human rights defenders, whenever and wherever they are under threat. The DDP will reach these objectives by providing grants to individuals and organizations, investing in applied research projects and by connecting different stakeholders.
Digital First Aid Kit
If you think you are facing a digital emergency and you want to assess the problem, take first steps to mitigate the problem or seek help, check our Digital First Aid Kit. This guide combines advice for self-assessment with advice for “first responders” to help non-technical users all over the world to identify and respond to their digital emergencies. A pdf version can be downloaded here
‘The Web does not just connect machines, it connects people.’
The Digital Defenders Partnership is a competitive grant making mechanism providing support to organisations and individuals working in the digital emergency field. The Partnership was established to provide rapid response to a range of threats to internet freedom: from supporting bloggers and cyber activists who find themselves under attack, to facilitating the deployment of emergency internet in countries where the internet is not free or not accessible.
The Digital Defenders Partnership has its origins in the Freedom Online Coalition, and is managed by Hivos, an international NGO based in the Netherlands. As an initial investment, the governments of the Netherlands, the United States, the United Kingdom, the Republic of Estonia, Republic of Latvia, Czech Republic and the Swedish International Development Cooperation Agency (SIDA) have dedicated financial support. The Partnership invests in organisations and individuals working on solutions to digital threats faced by journalists, bloggers and human rights defenders. This can range from individual threats to national emergencies. Our aim is to stimulate a robust digital emergency sector which can respond to threats in a timely and comprehensive manner. The assessment and approval of potential grantees will be made by the DDP’s independent Investment Committee. Read more about our grant making process.
An independent Investment Committee is responsible for assessing, rejecting and approving potential grantees. The Committee currently consists of four members who are installed for a period of two years. The Committee members meet at least four times per year. The current members of the Investment Committee are:
Anja Kovacs; is Project Director at the Internet Democracy Project in India which engages in research and advocacy on the promises and challenges that the internet poses for democracy and social justice in the developing
Amira Al Hussaini; Amira is a leading journalist, columnist, blogger and a free speech advocate. She is also the Middle East and North Africa Editor at Global Voices Online.
Claudio Guarnieri; is an independent security researcher specialized in tracking, dissecting and understanding malware and botnets. He co-authored several researches in the last year concerning commercial surveillance technologies, such as FinFisher, and their use in countries with critical human rights records.
Janet Haven; Associate Program Director at the Information Program of the Open Society Foundations (OSF). Janet oversees OSF’s efforts to support the use of new technologies and information strategies by civil society actors.
The Freedom Online Coalition is a group of 21 governments committed to work together to advance internet freedom. The Coalition provides a forum for like-minded governments to coordinate efforts and work with civil society and the private sector in a multi-stakeholder process to support the ability of individuals to exercise their human rights and fundamental freedoms online.
Areas of concrete action:
- Diplomatic coordination: Coordinating efforts to advance Internet freedom as the issue arises in bilateral, multilateral, and multi-stakeholder fora;
- Support for civil society: Providing political support for individuals facing Internet repression, and in the case of some participating states, projects aid through the Digital Defenders Partnership;
- Engagement with the private sector: Working with Information and Communications Technology (ICT) companies to encourage them to adopt practices and policies to respect human rights.
Hivos is an international development organisation guided by humanist values. Together with over 700 local civil society organisations, Hivos wants to contribute to a free, fair and sustainable world. A world in which all citizens – both women and men – have equal access to opportunities and resources for development and can participate actively and equally in decision-making processes that determine their lives, their society and their future.
Hivos believes that free exchange of information, space for expression and opportunity for active participation of citizens are essential conditions for the development of a democratic society. New technologies offer opportunities to enhance space for expression and can be an important tool to protect human rights and accelerate social change. Hivos works on Internet Freedom, Transparency and Accountability, Independent Media and Cultural Activism.
‘The internet is like a tree that is growing. The people will always have the last word - even if someone has a very weak, quiet voice. Such power will collapse because of a whisper.’
The Digital Defenders Partnership supports projects which address digital emergency situations, regarding both network-related emergencies (internet and mobile) and user-related emergencies (bloggers, journalists and human rights defenders), in internet repressive and transitional environments.
Projects of individuals and organizations are eligible for support if they plan to work on directly mitigating digital emergencies or improving their digital security apparatus. Support may be direct support to replace equipment, secure hosting, VPN connections, providing personal legal protection, temporary support which is needed to mitigate a specific digital emergency situation, kick start the digital security or testing and research on a specific threat of internet critical users.
Potential grantees can apply for three types of grants; emergency grants, direct support grants and strategic grants. After submission the emergency and direct support grant proposal are reviewed, approved or rejected by the DDP. An independent Investment Committee will review the strategic grants.
Scroll down to read more about the scope of the grants, our grant making process and eligibility criteria or read about it in the Grant Fact sheet . If you want to know about future funding opportunities, please send an email to firstname.lastname@example.org.
To apply for an emergency grant, fill out the Grant Application Form.
Emergency grants are for rapid support to journalists, human rights defenders, NGOs, activists and bloggers who are facing an urgent digital emergency because of their online activities.
What kind of projects?
The emergency grants can provide financial emergency assistance that can be used for mitigating digital threats or digital emergencies by way of:
– digital security audit for organizations
– equipment replacements
– secure hosting
– VPN connections
– safe internet connections
– finding legal representation
– payment of legal fees
– other types of urgently needed expenses
Scope of the grant
The emergency grants:
- Range from 1 USD maximum to 5,000 USD
- Run for a maximum period of 4 months
- Open to individuals and organizations
- Process time of proposal max. of 2 weeks
Note that projects are only eligible if there is a digital emergency situation. This type of grant will not support projects addressing digital security issues that are more structural in nature.
Emergency grant process
The grant making process for emergency Grants consist of the following steps;
- Potential grantees can submit their proposal by completing the grant application form for emergency grants
- An initial assessment is made on the DDPs eligibility criteria
- The DDP secretariat will review and approve or reject the proposal
The DDP secretariat will inform the potential grantee of the outcome. For questions, email us at email@example.com
Direct Support grants
If you want to know about funding opportunities for Direct Support Grants, please send an email to firstname.lastname@example.org
– human rights defenders & organizations
– bloggers & related organizations
– media organizations
What kind of projects?
– Improve their digital security apparatus
– Set up temporary helpdesks
– Test and research specific threats
– Implement safe infrastructure
– Give security trainings
– Temporary support which is needed to mitigate a specific digital emergency situation
Note that the support can only be awarded if it concerns a project in internet repressive and transitional countries.
Scope of the Grant:
The Direct Support Grant:
- Has a maximum of 50,000 USD
- Runs for a maximum period of one year
- Organizations should be operational for a minimum of one year
- Process time of full proposal max. of 4 month
Direct support grant process
The grant making process for direct support grants consist of the following steps;
- Potential grantees can submit their proposal by completing the grant application form for direct support grants
- An initial assessment is made on the DDPs eligibility criteria
- The DDP secretariat will review and approve or reject the proposal
The DDP secretariat will inform the potential grantee of the outcome. If you have questions, send an email to email@example.com
If you want to know about funding opportunities for Strategic Grants, please send an email to firstname.lastname@example.org
– human rights defenders
– organizations who are operational for a minimum of 2 years and have at least 1 audited statement
What kind of projects?
– Strengthening the emergency response capacity
– Improving infrastructure, software and hardware to mitigate digital emergencies
– Personal protection for anyone facing digital threats or are targeted due to their online presence
– Other strategic investments in the digital emergency response sector
Scope of the Grant
The strategic grants:
- Range between 20,000 USD – 400,000 USD
- Run till maximum the end of 2015
- Organizations should be operational for a minimum of 2 years and have at least 1 audited statement
- Process time of full proposal max. of 4 months
Strategic grant process
The grant making process for strategic grants consist of the following steps;
- Potential grantees can submit their proposal to the DDP secretariat through email to the grantsddp [at] hivos.org, stating:
– Objectives and outputs
– Needs assessments
– Context and risk analysis
– Project work plan
– Confidentiality classification with explanation
– Name organization
– When was the organization established
– Organization structure
– Core areas of expertise
– Experience/track record
- An initial assessment is made on the DDPs eligibility criteria
- The independent Investment Committee will review and approve or reject the proposal
- The DDP secretariat will inform the potential grantee of the outcome
Please note that the Investment Committee will get together 4 times a year to review the submitted proposals.
All potential grantees will be assessed by the DDP and the Independent Investment Committee on a number of eligibility criteria:
- Provide emergency response to urgent digital threats to critical internet users and/or keeping the internet open and free
- Activities concern repressive and transitional environments
- Activities are benefitting internet critical users, independent media, human rights defenders, journalists, bloggers and/or activists
- Need and context assessment
- Technical need, feasibility and security
- Value for money
- Organizational track record
Projects that the Digital Defenders Partnership cannot support are projects that are:
– Projects that do not target internet repressive contexts
– General Internet Freedom Policy
– Internet Freedom lobby
– General digital security training
Examples of grants provided by Digital Defenders Partnership
- Establishing safe internet access through VPNs
- DDoS mitigation for websites under attack
- Replacement of equipment and retrieval of hijacked accounts
- Setting up temporary digital security helpdesks
- Undertake malware analysis
- Support for organizations that provide legal support to human rights defenders under threat
- Support for digital security consultants in specific regions
- Secure hosting for very high risk websites
- Increase the architecture behind Tor
The DDP also launched its Digital First Aid Kit, a self-assessment tool to guide you what to do if you face digital threats.
The DDP and its partners have been active in countries in Central Asia, Middle East, South East Asia and Central America.
‘Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.’
Quick readsThis section gives an overview of the latest publications by the Digital Defenders Partnership.
Digital First Aid KitThis Kit offers a set of self-diagnostic tools for human rights defenders, activists and journalists facing attacks themselves, and provides guidelines to assist a person under threat.
OrganizationsClick here to find a list of useful organizations in the field of digital security.
ToolsClick here to find a list of practical tools, such as links to programs that provide secure messaging, password managers, circumvent censorship and anti-virus software.
GuidesClick here to find a referral list to guides created by specialized organizations which can take you step by step how to deal when under digital threat.
ResearchThe latest researches on technology, censorship and surveillance can be found by clicking here. If there is anything missing, let us know at email@example.com
Here you can find DDP’s latest articles and blogs:
02/09/2014: From Digital Threat to Digital Emergency
10/07/2014: Digital First Aid Kit for online activists
11/04/2014: Heartbleed, what you can do about it
Digital First Aid Kit
The Digital First Aid Kit
The Digital First Aid Kit is a collaborative effort of EFF, Global Voices, Hivos & the Digital Defenders Partnership, Front Line Defenders, Internews, Freedom House, Access, Qurium, CIRCL, IWPR, Open Technology Fund and individual security experts who are working in the field of digital security and rapid response. It is a work in progress and if there are things that need to be added, comments or questions regarding any of the sections please go to Github.
It aims to provide preliminary support for people facing the most common types of digital threats. The Kit offers a set of self-diagnostic tools for human rights defenders, bloggers, activists and journalists facing attacks themselves, as well as providing guidelines for digital first responders to assist a person under threat.
The Kit begins with ways to establish secure communication when you or a contact are facing a digital threat and want to reach out for support. The Kit then moves on to sections on account hijacking, seizure of devices, malware infections and DDoS attacks. Each section begins with a series of questions about you, your devices and your situation. These questions will guide you through a self-assessment or help a first responder better understand the challenges you are facing. It then lays out initial steps to understand and potentially fix the problems. The steps should also help you or a first responder to recognize when to request help from a specialist.
The Digital First Aid Kit it is a work in progress and if there are things that need to be added, comments or questions regarding any of the sections please go to Github.
Find a printable version of the Digital First Aid Kit here.
Here you can find a list of several organizations active in the field of digital security.
Computer software and online browsing:
Alkasir is a computer program that works with proxy servers to allow users to circumvent censorship of URLs in countries where there is censorship of political content.
Avast! is a free, full-featured anti-virus program that detects and removes malware and viruses from a home or personal computer.
CCleaner is a tool that can permanently delete browser history, cookies, other temporary files, as well as free disk space, limiting the ways in which hostile or malicious parties can monitor or infect a personal computer.
Prey Anti-Theft is a useful cross-platform and open source device tracking tool.
Psiphon is a circumvention tool from Psiphon Inc. that utilizes VPN, SSH and HTTP Proxy technology to provide you with uncensored access to Internet content.
Prism-break is a website that offers many safer open-source alternatives to commonly used proprietary software to enable users to mitigate the NSA surveillance and PRISM program.
Tor is a program for serving Tor and related files over SMTP
CSipSimple is a tool to make secure calls with.
Open Whisper Systems: free, worldwide, encrypted phonecalls for iPhone
RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
SilentCircle is a secure mobile communication solution for iOS and Android that includes voice, text, video, file transfers and more.
Surespot: a secure mobile messaging app that uses exceptional end-to-end encryption for every text, image and voice message returning your right to privacy.
HTTPS Everywhere is a secure browser application that automatically changes the communications protocol to encrypted http secure for any website that supports it. It was developed by the Electronic Frontier Foundation. Available for Firefox and Chrome.
Jitsi is a cross-platform, free and open-source program which supports Instant Messaging (IM), voice and video chat over the Internet.
PGP is a data encryption and decryption tool that provides privacy and authentication for data communication such as texts, e-mails and files sent by e-mail.
Riseup is a secure e-mail client for people and groups working on liberatory social change, providing a relatively safe means of e-mail communication for them.
Thunderbird is a free and open source email client for receiving, sending and storing emails
Password and storage managers:
Keepass is a handy password manager that enables users to keep all their passwords in one securely encrypted database, which is locked with one master key.
Keysync is a software that syncs your trusted programs
Truecrypt is a file encryption tool that may encrypt sensitive data into entire partions, storage devices (such as a USB drive) or virtual disks that look like ordinary files.
Find below a list of guides that can help you mitigating digital emergencies:
Digital First Aid Kit
Provides preliminary support for people facing the most common types of digital threats. The Kit offers a set of self-diagnostic tools for human rights defenders, bloggers, activists and journalists facing attacks themselves, as well as providing guidelines for digital first responders to assist a person under threat.
Security in a Box
Tools and Tactics for Your Digital Security is a useful guide developed by Tactical Technology Collective and Frontline Defenders specifically for the digital security of bloggers, online journalists and human rights defenders working under repressive regimes. The guide is available in twelve languages, including Arabic, Farsi, Vietnamese, Burmese and Tibetan.
Columbia Visuals checklist
This checklist may serve as a good starting point for bloggers and online journalists to think about their digital security.
Everyone’s Guide to By-passing Internet Censorship
This is a comprehensive guide on internet censorship circumvention technologies, providers and users, developed by University of Toronto’s Citizen Lab.
The guide on Basic Internet Security
This booklet by Floss Manuals provides a good overview of the different aspects of digital security such as safe browsing, e-mail encryption and mobile security.
Find below a short list of interesting researches if you want to know more about digital threats, censorship and surveillance.
Nada Akl, 2014, Mapping Digital Threats in the Middle East and North Africa
Ben Wagner, 2012, ‘Exporting Censorship and Surveillance Technology’. A study into European and U.S. based IT companies exporting their censorship and surveillance technology to repressive regimes.
The OpenNet Initiative identifies and documents internet filtering and surveillance worldwide and regularly publishes reports on internet regulation practices.
The Citizen Lab is a research institute under the University of Toronto Munk School of Global Affairs and focuses on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security.
Giswatch 2014 report: Communication surveillance in the digital age
A research on Mass Surveillance and encryption by the European Parliamen
‘It is not possible to cling to a belief in universal values but maintain the majority of the world in information poverty.’’
Insights into Internet freedom in Central Asia: Uzbekistan
This is the first of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Uzbekistan, one of the most repressive countries in former Soviet Union, characterized by a pervasive regime of control and censorship.
Whereas Uzbekistan is not a front-runner with regard to economic growth or technological development in Central Asia, it is one of the most striking examples of illegal cyber-censorship and pressure on the informational community. Partial or full Internet content filtration, substitution of original websites with fake ones, blocking of access to Internet pages, surveillance and even complete Internet shutdown is not a full list of the instruments, applied to enable control over users and their activities.
Nowadays, human rights organisations of Uzbekistan are separated geographically, since part of the activists remain in political emigration outside
of the country. There are not many active human rights activists and civil groups in the country. Most of them are old people with a low level of computer literacy, who have little (if so) understanding about the digital security tools. All local activists of non-governmental organisations are exerted to pressure from the side of authorities to extent of arrest. A part of them has only episodic Internet access or spread their information via
other more computer literate colleagues. Websites publishing critical information about the Uzbek government are being blocked by the local ISPs. This complicates informational flow between the actors and its export to international community.
There are no independent journalists in Uzbekistan, and most foreign organisations (mass media, HR NGOs etc.) who have a correspondent in
Uzbekistan, try to stay in the shadow and do undercover work on human rights violations, torture, and child labour cases. One of the major problems is communication with them, as the current Internet situation in Uzbekistan – high-costs, low connection speed and bad service quality, as well as surveillance and low level of computer literacy in general – it is a big problem to establish a secure and surveillance-free connection between the people inside of the country and the outer world.
Apart from Internet threads, there is a common practice of inspection of computers, data storages and mobile phones. All active human rights activists and journalist are being constantly inspected when crossing the border of the Republic, the contents of digital storages are being checked (USB, CD, DVD), most of them are requested to open computers and show the contents of their drives. In some cases more sorrow inspection is being conducted in a separate room and in the absence of the owner. There are facts of confiscation of electronic storages from journalists, crossing the border. Umida Niyazova, journalist and human rights advocate was convicted for her professional activities. In her case the materials confiscated while she was crossing the border (DVD and files stored on her PC) played the central role. There are cases of unreasonable inspections and confiscations of computers from human rights advocates and activists. Those who received their devices back complain, that “they work in a strange way”.
Internet infrastructure and use
Uzbekistan has a common border with 5 states: Afghanistan, Kyrgyzstan, Turkmenistan, Tajikistan and Kazakhstan. There are fiber-optic connections with 4 of these countries. According to the reports, the connection with Afghanistan will be established in the nearest future. As of January 2012 there were over 900 communication operators registered, whereas the cumulative capacity of the external Internet channel was 8 Gigabit.
In November 2006 a special resolution № PP-513 was implemented by President Islam Karimov on ‘measures to increase the efficiency of investigative activities in communication networks of the Republic of Uzbekistan’ which led to the fact that all communication operators without exceptions are obliged to install special SORM (System for Operative-Investigative Activities) equipment for surveillance on all communications (IP-addresses, http requests, etc) at their own costs, leaving aside that the possibility exist that DPI technology is already being used on Uzbek communicational networks. The SORM system-analysis allows the National Security Agency (NSA) of Uzbekistan to view all individual user’s activity for any period of time and to gain information on the communicational partners, including e-mails, instant messages and VoIP calls, as well as requested websites (including the names of the encrypted websites she or he attempted to access).
An example of SORM usage in Uzbekistan is described in the RSF report: in January 2010 a large number of people were arrested for participation in religious extremists organisations. They were identified due to the fact that their communications in Mail.ru Agent, which is not featured with encryption, were monitored. This is true not only for the Internet, but also for voice communications (mobile, landline and VoIP). The entire external traffic from the secondary ISPs is routed through UZPACK (daughter of UZBEKTELECOM). According to the law, UZBEKTELECOM has the exclusive right for providing local operators with external Internet channel and based on this fact, the local operators always use UZBEKTELECOM’s services and do not have own satellite or alternative connection channels. Thus, a secondary ISP has no control over the traffic, which leaves their network to the outer world (traffic is being tracked, recorded, blocked and might potentially be modified by the primary operator).
Uzbekistan is a pioneer in implementation of surveillance technologies against its citizens among CIS-countries. The history of surveillance technologies application is one of the most unique. First computer appliances for filtration and limitation of Internet access were installed and applied on the educational network called UzSciNet (NREN project of NATO, the network was established and launched approximately in 2002-2003), directed by Vadim Navotniy. System initially designed for saving external traffic (caching proxy server) was used as user activity control and content filtering tool (blocking of porno, games and entertainment) for content not related to education and science. Later this technology was used as basis for filtering at state ISP’s level (UZPACK), improved and implemented for a certain period of time, until specialized appliances were purchased.
Nowadays, there are three main levels of censorship in Uzbekistan:
- National ISP’s level (national gateway);
- Local licensed ISPs’ level;
- Resellers’, non-ISPs’ level.
At the national level politically unwanted content is being filtered. The lists of prohibited resources are being updated on the everyday basis. The filtering is implemented based on IP-addresses and URLs. Moreover, traffic is being redirected with substitution of an original resource (located for example in Russian Federation) with a fake one, located inside of UZPACK network and being a copy of the original resource, but containing modified contents. This method was for instance episodically used to control access to certain parts of centrasia.ru website in 2009-2010.
The filtering at the level of local ISPs is not being implemented centralized. Normally it is initiated by the operators themselves, which can block porno resources and entertaining websites. At the operators’ level the physical connection of a subscriber is controlled, thus the companies might intentionally created difficulties with Internet access, supposedly motivated by “the defects of communicational networks”.
Resellers are basically Internet cafes. Based on the location and owners’ statement porno resources, gaming websites, dating sites, as well as the major oppositional and human rights organizations’ websites are being filtered. At the same time there are no legal acts directly regulating the filtering in the Internet clubs. In some Internet clubs, which are located near the expensive hotels and are usually visited by the foreigners, the filtering is concealed as failures of the network. Some usually blocked websites are easily accessible. For example, in TRANSNET (Internet Café, located near the Radisson Hotel), in 2010 the website of BBC blocked elsewhere in Uzbekistan was accessible without any limitations.
Usually almost all Internet cafes are being maintained by non-professionals, use unlicensed copies of software, which are never updated, and as a result become a perfect environment for viruses and harmful software. In some Internet cafes there are announcements prohibiting the access to certain resources, which stimulates self-censorship.
Other types of potential attacks and threads
There many examples of attacks on independent Internet media dedicated to Uzbekistan. Most recently in February and March of the last year (2012) there were attacks on http://www.fergananews.com and www.uznews.net.
On the 28th of February 2012, about 11 PM an attack on www.uznews.net media resource started. On the 29th the attack became more intense and as a result hosting provider switched off UZNEWS’s server in order to avoid its complete failure. After a company specialized on defense against DDoS attacks was engaged, the website was restored and worked properly. At this point the numbers characterizing the attack became available: 1.5 Gigabit bandwidth, type of attack – SYN flood. Chief editor of UZNEWS Galima Bukharbaeva claimed: “We don’t know what provoked the attack, try to conjecture. One of the guesses is the series of publications about assassination attempt against Uzbek imam Obid-kori Nazarov in Sweden.”
On the 28th of March 2012 another famous independent news resource www.fergananews.com got attacked. The website previously used services of Deflect (financed by Internews), but later rejected their services, leaving only mobile version enabled. According to the Chief editor Daniil Kislov, Deflect had way to aggressive caching which lead to interferences with the display of ads. Mr. Kislov claims there were no clear reasons for attack (no negative events currently covered by Ferghana.ru). However during the DDoS attack on Ferghana.ru another website (www.vesti.kg, actively publishing news from Ferghana.ru) was affected. Previously Ferghana.ru was under DDoS attacks in 2008 and 2009.
Based on the researchers’ claims, SORM equipment developed in Russian Federation is being actively implemented in Uzbekistan. The equipment was exported by MFI-Soft through an intermediary, ALOE Systems, to Uzbekistan’s state-owned UZBEKTELECOM.
One of Oxygen’s resellers, Softline, has offices in all Central Asian countries, including four offices in Kazakhstan alone. Softline directly markets forensics packages on Allsoft.uz, the Uzbek version of one of its subsidiaries’ websites.
Speech Technology Center (STC), the audio forensics company based in St. Petersburg has conducted business in Uzbekistan.
As reported by AccessNow.org Tech Fellow, Peter Bourgelais: “The Uzbek state security services are capable of interception of landline telephone communications, internet traffic, semi-structured data such as SMS, MMS, and forum posts, and automated voice and facial recognition. They also possess some mobile forensics capability.”
There is one single case of hard drive theft from an office of the human rights organization EZGULIK in Tashkent. An unknown person broke into the office and removed the hard drive from the server, which contained organization’s database and the entire office documentation.
Potential threats, possible ways of their escalation and suggested mitigation measures
It is important to understand that our beneficiaries can be divided into two main categories: those living inside of the country and those who left its borders. Taking this factor into consideration the major problem identified is the communication between these two groups and often files transfer. IWPR, Frontline, NewEurasia Foundation, TacticalTech, CIIP, and TransitionOnline conducted multiple trainings on digital security. However most of them were ineffective due to mixed groups (different age groups, various levels of computer literacy), large amount of materials covered, difficulty of individual subjects and short timeframe for training. People involved in technical self-education, considering all human rights advocates, activists and independent journalists inside as well as outside of Uzbekistan are a handful. The rest of them require thorough work, mentoring and individual training.
The majority of the activists and human rights advocates are not able to effectively use instruments of personal cyber security, barely use encryption and other instruments. Any escalation of cyber threads from the side of the government or cybercriminals will cause grievous consequences. The majority of the NGOs in Uzbekistan are not capable to protect themselves and their digital resources.
Almost all potential grantees use unlicensed software. This creates a huge risk of infection with viruses and hacking of victims’ computers. Raids of state agencies aimed at identification of use of unlicensed software in NGOs and civil organisations represent a perfect influence tool allowing to legally and effectively exerting pressure on the NGOs. Such method is applied in Russia, Kazakhstan and Kyrgyzstan for a long time. In Uzbekistan the users of the pirated software are punished with large fines and confiscation of equipment. An analogue of the initiative conducted by the American NGO TECHSOUP in Russia (INFODONOR program) is necessary for Uzbekistan in order to ensure free availability of basic office software for Uzbek NGOs.
The purposeful transition of all websites dedicated to Uzbekistan or blocked in Uzbekistan to operation via SSL connection is necessary. Introduction of SSL will allow avoiding tracing of users’ activity and substitution of the websites with fakes.
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.
Insights into Internet freedom in Central Asia: Belarus
This is the fourth of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Belarus, a country that is tightening its Internet control, especially after 2011, out of fear for activists facilitating protests over the Internet, as could be seen elsewhere in the world.
Belarus is a country closely connected to Russia, depending mainly on the its natural resources and financial inflows. Belarus’ government tries to preserve the “Soviet Union culture” through its national economy and policies. However, it struggles to prevent the ‘Western influence’ from its European neighbors. After the election in December 2010, when people went to the streets to protest against the rigged election results which kept Lukashenko in power for a third term, clashes happened with police, which resulted in the persecution of many activists, and NGO’s got restricted in their activities. All these events increased the level of cyber threats for the civil society organisations.
The techniques of cyber attacks on websites and methods of surveillance on activists used by the government were implemented with particular ingenuity and guile. There are three major competing intelligence services: OAZ (Operative Analytical Centre at the President’s administration), MVD (Ministry of Internal Affairs) and KGB (Committee for State Security) were responsible for almost all attacks on civil society, online and offline. Belarus is also considered an ‘Enemy of the Internet’ by Reporters Without Borders, since 2012.
Almost 50% of the population has access to Internet in Belarus. As a result of the high level of censorship and surveillance in the country, many people are forced to be educated in cyber security technologies. There is a dedicated NGO located outside of Belarus, which provides deliberate support to the Belarusian NGOs aiming at enhancing their digital security. The organisation among others provides consulting services on cyber security issues, organises trainings for NGO employees and trainings of trainers.
Data acquisition by Belarusian intelligence services is omnipresent. Already in 2010 were operators obliged to provide free and round the clock remote access to the databases of subscribers. Alexander Lukashenko signed a decree on the introduction of SORM (System for Operative-Investigative Activities), which meant that all websites had to get officially registered, which became a responsibility of the providers.
Besides SORM, the intelligence services of Belarus occasionally attempt to use viruses and spying software for cyber surveillance over users and organisations. On the 13th of July 2011 a journalism student from Belarusian State University, Maxim Chernyavskiy, was summoned to local department of the KGB and interrogated for 5 hours. Maxim is the administrator of a community called “We are fed up with Lukashenko” (original Russian name “Надоел нам этот Лукашенко”), created in the Russian Vkontakte social network. After a standard ideological brainwash Maxim was forced to cooperate with the agency. During one of the meetings that followed, a KGB employee handed him a CD, containing spying software which Maxim had to install on the computers of a team of activists residing in Poland. Instead of fulfilling the received “instructions” Maxim simply left the country and gave the CD to specialists.
Analysis of the surveillance program on the CD shows that the tool looks a lot like Skype. The program is a self-extracting 7zip archive, which contains an installer of a commercially available program known as “Remote Manipulator System”. The developer of the software is a Russia based company called TEKNOTIT. The system tray icon of the program was replaced with a logo of Skype software, whereas the rest of the information about the file of the application reveals its actual producer as well as the name. Installation runs in a “passive” mode, especially featured by the developer for administrators of computer networks, who often need to massively distribute/install this software. Due to this fact, the program does not indicate installation process and does not ask users for any permission. After launch the program checks the Internet connection by opening the following link: http://rmansys.ru/utils/inet_id_notify.php?test=1. Later on the program starts to send information about the system, where it runs, to a server. This request contains an ID of the user, who registered the program. The following e-mail address is used as the user’s ID: firstname.lastname@example.org. The program allows to remotely control a computer, spy on the screen, access web camera, microphone etc. Subsequently the team managed to investigate further facts about the presence of this virus on the computers of Belarusian activists.
This ‘data theft’ program has been operative at least from July 2011. This is when the first documented infection of a computer occurred. During this attack the passwords from Skype (the software allows to start Skype on a remote computer and spy on the user’s communications), social networks, e-mail addresses and even from the account at ISP were stolen; the screen of the desktop, indicating all user’s activities, copies to the clipboard, text typing in text processors and messengers were recorded. The hackers implemented three types of viruses: the previously described KGB virus known as RMS, developed by TEKNOTIT; UFR Stealer, a virus infecting computer by using external flash drives and Keylogger Detective. These are the so-called “Trojans for schoolboys”. They can be easily purchased in RuNet for 20-30 USD. The reason for human rights activists to become such an easy victim of the intelligence services is the use of unlicensed software and the lack of attention to digital security at their working places.
The content filtering is widely implemented in Belarus. The first web resource blocking event occurred on the 9th of September 2001, when charter97.org website was blocked. Later the access to this Internet resource (organised and supported by opponents of current Belarusian government) was filtered/blocked for the users in Belarus in several ways. For example, there are claims, that users from Belarus when trying to access charter97.org were redirected to a website with a similar name, but in .IN zone. The fake website had an interface similar to the original, but contained false information. In January 2008 the blocking was conducted by limiting the connection speed to this particular website, thus the website could be accessed, but the connection was significantly slow.
On the 19th of December 2010 the encrypted SSL protocol (transmission control protocol, or TCP, port: 443) was blocked in Belarus. In 2011 LiveJournal was blocked due to the fact, that the popular blogging platform contained articles written by Evgeniy Lipkovich and directed to the Writers Union of Belarus. According to the official information, the reason for the blocking supposedly is “dissemination of information of destructive nature and violation of the State’s symbols”. Moreover, occasional blocking of Vkontakte social network continues. The network is being blocked every Wednesday during the so-called “Silent protest actions”. The websites goes back into operation after the action is completed. A community “Revolution via social network” as a virtual group located in Vkontakte initiated the silent evenings of applause – actions promoting economic and political changes in the country. The blocking was implemented based on the IP address of Vkontakte server and thus limited access not only to the community page, but also to the other information, blogs and pages.
In the middle of August 2012 the Operative Analytical Centre at the President’s administration (OAC) in cooperation with BELTELECOM blocked DNS-servers of DNS Made Easy LLC and by doing so disabled Belarusian Internet users to access many websites, including the world’s petition platform change.org. This website, for example, was used for campaigning in support of release of journalist Anton Suryapin and real estate broker Sergey Basharimov. Both of them were arrested by KGB on charges of abetment in crossing the border to Swedes, who disseminated teddy bears and posters in the support of freedom of speech in Belarus.
Other types of potential attacks and threats
DDoS attacks are frequently utilised to temporarily “jam” web resources of Belarusian NGOs, activists and opposition. There are several major websites (www.belaruspartisan.orgg, www.charter97.org and www.electroname.com), which are supported by opponents of the existing government, and are often under DDoS attacks of various types and strengths.
Besides DDoS attacks there are cases of hacking, interception and phishing attacks against groups/communities in social networks. After the election in December 2010 a number of social networks accounts (mainly in Vkontakte and Facebook) belonging to citizens of Belarus were hacked. The victims of trespassers were Internet users, who were spotted by the intelligence services during the demonstrations in Minks on the 19th of December, on the day of President’s elections. Users of these social networks reported their contacts from the network were on-line while being held by the police and kept in the police stations. The same day HTTPS protocol was blocked in Belarus, which led to blocking of Gmail and Facebook. The authorities simply blocked TCP port 443, which according to the claims of “Belarusian partisan” indicates their will to intercept passwords of the Internet users’ personal accounts.
Potential threats, possible ways of their escalation and suggested mitigation measures.
The digital security situation of NGOs in Belarus is heterogeneous today and depends on such factors as location and specifics of a certain organisation. In general one can say that understanding of the problem and necessity of protection is inherent for the majority of NGOs and media organisations located in the capital city. At the same time the situation is less promising for less urban NGOs. In more rural areas awareness level of the available protection toolset as well as detailed understanding of the issue is characteristic to only several NGOs and organisations. For those the key factors listed below are true:
– The employees have taken part in digital security training for NGOs;
– There is a hired competent technician;
– There are financial resources to follow the security protocol.
Nowadays many NGO employees in Belarus are over 40 years old, and have little knowledge on digital security. Many of those, who became victims of search and mass seizures after the elections in 2010, were within this category. According to interviews there was only one organisation, which managed to effectively move their equipment prior to the confiscation, leaving behind only a note showing a fig sign on the table.
Furthermore, as in the other CIS countries there is a problem of illegal software copies, used for paper work. Almost all of the NGOs use illegal copies of software in their work, which undermines digital security of users. The costs of even basic software packages (operational system + office software) are too high. Low level of competence of the majority of technical specialists engaged in NGOs does not allow using FLOSS to re-educate the employees.
The next Presidential elections in Belarus are scheduled for 2015. It is assumed that all types of threats for civil society, opposing the current government (not only opposition, but also other organisations and individuals, supporting fair and transparent elections), will escalate. This is also true for digital threats. Unfortunately, the opinion poll indicates, that the experience of repressive measures of 2010 and the their consequences (a large amount of information was retrieved from computers seized from NGOs and opposition organisations) was a strong motivation for digital security tools application only for a short period of time. In this connection it is recommended to support initiatives aimed at strengthening the level of protection of the main risk groups (NGOs, civil activists, human rights activists, and elections monitoring organisations).
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.
Insights into Internet freedom in Central Asia: Azerbaijan
This is the fifth of a series of reports on Internet freedom in Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Azerbaijan. When it comes to internet freedom, Azerbaijan is one of the countries in the world which is under threat. With several journalists in jail, president Ilham Aliyev is desperately trying to cling to power, thereby taking the 160’s place out of 180 countries in Reporters’ Without Borders Pres Freedom Index 2014.
After its independence from the Soviet Union in 1991, the first Internet infrastructure developments in Azerbaijan appeared in 1994, and in 1996 Internet became available for users, but only after 2000 it became widely used. At this moment, almost 60% of the population has access to Internet. Many reports agree that Azerbaijan’s authorities control the Internet, through mass surveillance, filtering and blocking the Internet, as well as large fines for online content, as well as physical intimidations and jail time.
When it comes to Internet policy, there are no clear regulations in Azerbaijan legislation, which makes it easy for authorities to intercept Internet data and execute electronic surveillance at all times, which is proven in different reports. These shown that the Ministry of National Security (MNS) of Azerbaijan received support in various time periods from intelligence services of Turkey, USA and Russia. The USA was for example interested in gaining information about contacts between Azerbaijany citizens and Iranians, whereas Russia was keen on getting control over network activity and communications of immigrants from Northern Caucasus living in the republic, inter alia representatives of Chechen diaspora.
The MNS furthermore engaged in profiling people who voted for Armenia during the music contest Eurovision organized by Azerbaijan in 2012. After the event, different people were arrested and interrogated, and learned that the interrogators had a list of those people who voted for Armenia. The list included the persons’ addresses and phone numbers, which means that mobile operators provided information to the MNS. According to a documentary broadcasted on Swedish TV, mobile operator AZERCELL allowed surveillance equipment to be installed in their network, which enabled intelligence services of Azerbaijan to gain access to all available communications, including phone calls, SMS and mobile Internet services without due process.
Anotherof the most striking examples is the case of a well-known oppositional journalist, Khadija Ismayilova. A video of her having sex was published on the Internet in 2011 after she ignored several threats to stop her journalistic activities, and wires for video and audio surveillance were installed in her apartment in July 2011 on the order of the MNS. Multiple other journalists and activists faced the same treatment, some of them even shown on local TV channels.
Control on the Internet has only been growing since these incidents, and in September 2012, president Ilham Aliyev signed a decree on measures to enhance the activities in the sphere of informational security. As of the 1st of May 2013, an IMEI database is in operation, which registers mobile phone numbers and communication, and gives authorities an additional opportunity to track communications even of those subscribers using anonymous SIM cards.
Next to surveillance is censorship widely present, including regulation of Internet channels, control of publications on the net, limited Internet usage for children, and control of social networks, especially Facebook, since protests were organised using this social network. Also a law was implemented in May 2013 making punishments on ‘crimes’ committing on the Internet as high as those in the real world. Already some victims were prosecuted under this law. Blogger Mikhail Talybov was sentenced to 1 year of correctional labour with 20% of wage withdrawal for publishing critical statements on social media.
In 2009, a group of youth activists uploaded a satirical video about president Ilham Aliyev which resulted in jail sentences of various lengths. In August 2012, journalist Faramaz Allahverdiev was sentenced to 4.5 years of imprisonment, being accused of organizing mass riots and illegal border crossing. The journalist himself considers it as a persecution for the articles he published to social networks, in which he investigated cases of corruption among the political circles.
Azerbaijan authorities deliberately aimed to suppress dissidents during the two major events conducted in Baku in 2012: Eurovision songfestival 2012 and global Internet Governance Forum (IGF) in the same year. At least 9 journalists were thrown into prison on various charges. The Committee to Protect Journalists thinks that charges of drugs possession and blackmail were fabricated, in order to punish journalists for their professional activities. Video journalists Vugar Ganagov and Zaur Guliev, were jailed for over a year based on charges of organisation of activities aimed at distorting public order. In March 2013 they received 3 years suspended sentence. Apart from these arrests, several other critical journalist were arrested based on various charges.
Other types of potential attacks and threats
Online hacktivism is not a popular way to express protest against the government and the power in general. Neither is it often that hacking attacks against oppositional websites occur. Nevertheless during the last three years several oppositional organisations, e.g. Yeni Musavat and Radio Azadliq claimed that their websites were under attack.
Most frequent cyber attacks are associated with bilateral issues, in particular between Azerbaijan and Armenia, as well as between Azerbaijan and Iran. Depending on the on-going events, sluggish cyberwar may transform into active “combat operations”. For instance, on the 1st of September 2012 the websites of leading news agencies of Azerbaijan were attacked. Apart from the attacks on news agencies, the websites of the Ministry of Justice and the official website of president Ilham Aliyev were hacked. The attacks occurred right after president Ilham Aliyev pardoned an Azerbaijani officer, who killed an Armenian military man and was sentenced for life imprisonment in Hungary without a right for amnesty. The man was returned to Azerbaijan on the 31st of August 2012 and released the exact same day. The hacked website of president Ilham Aliyev contained a large photo of the killed Armenian military man, bearing an inscription “Always with us”. Hackers’ group “Armenian Cyber Army” took the responsibility for the attacks. As a response to these attacks the hackers’ group “Azerbaijan Defacers” conducted a DDoS attack against the official website of the President of Armenia and major national news websites.
In January 2013, the Anonymous group provided free access to over 1.7 Gb of documents, assumed to be stolen from dmx.gov.az website, which belongs to the Special State Protection Service (SSPS) of Azerbaijan. The documents contain confidential data about various major commercial companies, occupied in oil mining industry in Azerbaijan. The Imgur website, on which they posted the documents, remains ever since inaccessible.
Moreover in February 2013, the information resource www.minval.az, known to be opposition friendly, was hacked. As a result of the attack the main page of the website was replaced with pictures of oppositional leaders and unprintable writings in English. At the same time a group of Iranian hackers, called White Hat Hackers, announced that they hacked computer system of eight Azerbaijan banks and gained access to the bank accounts of 53,634 clients, who’s money was transferred to the clients of Azerbaijan Royal Bank, which was closed a year before. The reason for the closure of the bank seems to be the imputation of Iranian money laundering, bypassing the international financial sanctions.
Another event with a great response was the statement of the spokesman of European Commissioner Neelie Kroes, Ryan Heath, who claimed that there was an attempt to hack his laptop at the Internet forum in Baku in November 2012. Later on he stated that the investigation of the accident confirmed the fact of several hacking attempts and traces of possibly compromised passwords, but no information was stolen.
In October 2013 as a result of president elections in Azerbaijan Ilham Aliyev was re-elected for the third term. International observers (apart from the commission from CIS) reported flaws and violations. The opposition did not accept the results of elections as valid. In the beginning of 2013 the leaders of one of the most active youth movements in Azerbaijan called NIDA were arrested based on fabricated criminal cases. The movement organised protest actions via Facebook, where they were openly discussed in a group. According to the statements from the group members, MNS agents were introduced to the group on Facebook. Moreover during interrogations and inquiry processes hardcopies of communication logs were presented to the group participants as evidence. Eight members of the group have received sentences in 2014 ranging from 6 to 8 years.
There are various opinions regarding digital security situation development in the long run. Some experts suggest the pressure on the civil society from the side of Azerbaijan authorities will weaken under the influence from European Union and due to Aliyev’s intention to close in with Europe (and his interests in oil and gas industry). Others are sure that the violence and pressure escalation against the active opposition and those who struggle for freedom and human rights will continue to rise. Corruption and arbitrariness in power is widespread. Consequently, pressure to block freedom of information and communication is growing. Censorship and control of authorities over the Internet space will be strengthened, leading to an even bigger monopoly of the Internet, owned by the authorities.
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.
Insights into Internet freedom in Central Asia: Kazakhstan
This is the sixth and last blog of a series of reports on Internet freedom in Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Kazakhstan. Kazakhstan is the country with the greatest potential for IT development in the region.
Kazakhstan has a well-developed infrastructure, high investments in communication sector, considerable amount of costumers and Internet penetration rate of about 62%. There is no state monopoly on interurban and international communications (this was cancelled in 2004).
In terms of Internet censorship and limitation of freedom of expression Kazakhstan is still very restricted. On July the 11th of 2009, president Nazarbayev approved the amendments to the legislation concerning the information and communication networks. According to these amendments, all Internet resources, including websites, chats, blogs and even on-line shops and electronic libraries are set to the same administrative, civic and criminal proceedings as are applied to mass communication media. By decision of the court, information websites, blogging platforms and social networks are being blocked. Networks are equipped with the most recent surveillance techniques, among others DPI, the most ultimate tool for surveillance and control over Internet access.
The content filtering includes blocking access to many popular blogging platforms, Google services and individual websites, which are inconvenient for the existing regime.
KAZAKHTELECOM, the major communication operator in the country, has installed software on their network servers, which allows them to cache the most popular Internet resources and when a user sends a request to some photo or video content, the data is being transmitted not from a European or American server, but from an internal server, installed within KAZAKHTELECOM network. This infrastructure allows for additional opportunities of content filtering and end user content modification.
Based on the research of Peter Bourgelais, a tech fellow at AccessNow, the Kazakh state security services are capable of intercepting landline telephone communications, Internet traffic, semi-structured data such as SMS, MMS, and forum posts, as well as automated voice and facial recognition. They also possess some mobile forensics capabilities as well as sophisticated data analysis software.
As in other CIS countries, the Kazakh state obliged communication operators to buy, certify, install and maintain special SORM (System for Operative-Investigative Activities) equipment. Intelligence services force the operators to overtake the costs although the law does not define clearly whether or not the operators are obliged to cover these costs. The licensed SORM package alone costs about 30,000 USD, whereas the price does not include the delivery and installation expenditures. Talgat Doskenov, the President of the Kazakhstan Association of Entrepreneurs, has submitted a number of claims regarding this issue to the Head Public Prosecutor and Prime Minister of Kazakhstan.
According to a statement of the Tor Project team, Deep Packet Inspection (or DPI for short) is being implemented on the territory of Kazakhstan. The clear signs of DPI utilisation are at the moment only evident when access to the specific resources is being blocked and on specific protocols.
Cyber censorship practices in Kazakhstan are quite actively implemented and have a long-term history. Over the years, news websites as well as websites of radio stations got blocked. Among the websites blocked in 2011 there were several popular anonymous proxy-servers, e.g. Hidemyass (http://www.hidemyass.com) and Ninjacloak (http://www.ninjacloak.com).
The blocking of various Internet resources was implemented roughly. For example, the scandalous blocking of the popular blogging platform livejournal.com by KAZAKHTELECOM was entirely implemented by the IP address of the respective server. Thus, all blogs located on the server were affected. At the same time the real reason for the blocking was the blog of disgraced Rakhat Aliev hosted on this platform. The same happened with http://www.wordpress.com, http://www.blogspot.com, http://www.blogger.com as well as with some elements of Google infrastructure (applications.google.com, Google Ads, etc.). Moreover, by blocking access to the listed websites for its subscribers KAZAKHTELECOM, being transit operator for Kyrgyzstan, Uzbekistan and Tajikistan, blocked traffic to these resources for all these countries as well. In Kyrgyzstan there were a lot of discussions on this matter during several years.
Furthermore, during the riots in Zhanaozen (oil mining location in Kazakhstan) in December 2011 Twitter was actively blocked.
According to the available information in December 2011 KAZAKHTELECOM launched DPI equipment and by doing so temporarily blocked key exchange mechanism necessary during the establishment of SSL sessions and thus disabled the normal function of the Tor network, as well as SSL featured PPTP and VPN tools. In April 2012 KAZAKHTELECOM blocked the entire traffic, generated by Opera search engine, which is able to use its own proxy-servers.
Another striking example was on January 1, 2014, when the website Ratel.kz posted a presentation by the ministry of communication and information regarding the government’s brutal suppression of an oil worker strike in Western Kazakhstan that turned into mass riots and became known as the Zhanaozen crisis. The presentation suggests that the government then disrupted all communications in the town (it was officially stated that the telecom lines were hit by fire).
Other types of potential attacks and threads
In the last several years DDoS attacks against various Internet resources of Kazakhstan became very frequent. Websites of banks, independent Internet resources, Internet mass communication media and forums were exerted to DDoS attacks.
Also journalists and activists are under threat. On March 14, 2013, human rights activist and journalist Alexander Kharlamov was arrested for allegedly “spreading atheist ideas” and “inciting hatred” online, but observers believe his anti-corruption activism was the real reason for his arrest. He was sentenced to six months pre-trial detention (some of which was forcibly spent in a psychiatric ward) and now faces a prison sentence of up to seven years.
Furthermore, there is a fact of criminal prosecution of a small entrepreneur for using illegal copy of software. According to a rumour, sets of equipment were confiscated from several private printing offices in the regions due to use of supposedly illegal software copies during the pre-election campaign prior to elections for Kazakhstan Parliament (Mazhilis). Taking into consideration the amount of illegal copies of software used in Kazakhstan, one can affirm with confidence that almost all vulnerable strata of the civil society (non-governmental and non-commercial organisations, mass media, printing offices, human rights organisations, etc.) use unlicensed software copies to a certain extent. This situation creates a high level of risk for cyber security and might lead to criminal prosecution and pressure from the side of the local authorities.
Potential threads, possible ways of their escalation and suggested mitigation measures
The broad application of illegal software copies along the obvious cyber threads (infection with viruses, instability of software operation, unavailability of support from the software producer) creates a certain risk of property confiscation and criminal prosecution used as a tool to control and exert pressure on NGOs in case of conflicts with local and central authorities. It is necessary to implement massive financial aid to initiatives, which are involved in solving this problem.
DDoS attacks are becoming more and more frequently used as a suppression tool against independent Internet resources dedicated to Kazakhstan. One can affirm with confidence that the clients requesting such attacks understand the financial and technical weakness of their victims in the face of the threads. It is necessary to support initiatives assisting in protection of civil society organisations, NGOs, independent media and other relevant organisations against DDoS.
The biggest problem of NGOs is the computer illiteracy of their employees, which is the reason for their low level of competence and motivation to understand the threads and proactively promote own digital security and find the best suitable solutions for the respective issues. This is especially true for remotely located, rural NGOs. The majority of the organisations are not able to provide necessary reasoning for the additional costs of protection against potential digital security threads in their budgets (e.g. hosting on a secure webserver, IT specialist’s services to ensure digital security during the development of a website, procurement of licensed software products and so on). Donors, on the other hand, are not able to efficiently identify the threads and usually do not pay necessary attention to the issues of cyber security when evaluating the projects and do not motivate the potential recipients to consider these issues.
The availability of cyber surveillance technologies and techniques of user activity analysis is an additional thread for privacy and security of civil society members. Support of initiatives aimed at enhanced security of communications and increase of users’ anonymity level is required. Provision of tools and solutions enabling digital security at personal and especially at organisational level are required.
Taking into consideration the overall situation with cyber security of NGOs in Kazakhstan and relationships of the last with the authorities, it is highly recommended to provide solutions aimed at support of NGOs and other relevant actors in terms of digital security, privacy and protection. It is necessary to create service capable of development of customised solutions, provide on-site consultations for people requiring assistance, organise targeted seminars and when necessary provide small grants in form of licensed software, equipment and secure remote support for NGOs. This initiative should operate not only on the country (Kazakhstan) level, but also have regional mission including at least all Central Asian countries.
Insight into Internet freedom in Central Asia: Ukraine
This is the second of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Ukraine. Since December 2013 a lot of things have changed and are still changing rapidly in the Ukraine, and this report is a reflection of the country prior to the protest, the instalment of a new government and the current security situation.
Ukraine has an important geostrategic location between the countries of Western and Eastern Europe and Russian Federation. Back in the Soviet Union times, Ukraine, and Kiev in particular, was one of the information communications development centres. Currently when compared to other Commonwealth of Independent States (CIS) countries, Ukraine is the runner up after Russia in terms of IT development. Being a country with a well-developed infrastructure and high online activity, Ukraine was one of the first countries where political events, e.g. the Orange revolution 2004-2005, were mainly caused by the development of Information Communication Technology (or ICT) branch.
Ukraine is a relatively free country in terms of Internet access, however the authorities are trying to find ways to regulate and limit this field on various pretexts, including protection of copyrights, and struggle against terrorists and cybercrime. The cases of physical assaults against online activists with the aim of intimidation occur quite often. Despite frequent attempts to amend the legislative basis in favor of increased limitation and strong regulation of the Internet, Ukrainian legislation remains relatively liberal. According to the data from the Ukrainian Internet Association, there were about 19.7 million regular Internet users in Ukraine at the end of 2012, with an Internet penetration level of 43.5%.
Ukrainian authorities tried to legalise control over the Internet several times over the past years. The first attempt was undertaken in 1999. The President of Ukraine introduced a draft bill, which implied telecom operators’ liability to install special equipment enabling information interception from communicational channels by means of licensing procedure for a respective type of entrepreneurial activity (equivalent of Russian SORM-2 requirements). The majority of votes rejected this bill in the Supreme Council of Ukraine, due to active public involvement.
In the beginning of 2012 the National Security Service of Ukraine was reformed, introducing a new department for protection of State’s informational security interests. According to an explanatory note of the respective legal document, such departments are aimed at management facilitation in order to protect legal interests of the country and its citizens in the sphere of communication and information from foreign intelligence services, illegal activities of corporations and groups of people. In reality this department was probably created to strengthen the human and technical capacity in order to monitor the blogosphere and social media. An example of such activity was reported during the pre-election campaign in front of the Supreme Council in October 2012. Back then the administrators of Vkontakte group “We are Patriots of Ukraine”, which counted some 170,000 members, were blackmailed. They were requested to provide administrative rights under the threat of institution of criminal proceedings for “revolutionary activities”.
In the meantime in July 2012, the National Commission of Ukraine was responsible for regulation of communication and information adopted the terms of engagement for telecom operators. One of the terms is that ISPs should provide access for installation of the Commission’s equipment at the connection points between operators in order to enable monitoring and/or technical control over the settings of communicational networks according to the requirements of normative documents in the communication sphere. Thus, this term obliges the communication companies to provide state authorities with access to their networks.
In May 2013, the Ministry of Internal Affairs of Ukraine initiated a draft bill, obliging ISPs to install on their networks systems for operative-investigative activities in order to enable control over users’ activity. The necessary equipment as suggested by law enforcement agencies shall be bought on the expenses of telecom service providers. Thanks to the mass communication media and critics from the side of general public, the draft bill did not pass.
In August 2013, the State Service of Special Communications and Information Protection issued a draft of listing procedure for technical means, which are allowed for use on telecom networks of Ukraine. One of the prerequisites for the equipment will be approval of their surveillance systems support, which means the authorised equipment will be fully compatible with surveillance systems.
Over the past years, different activities have been undertaken to increase censorship in Ukraine. One way to limit the access to Internet resources apart from protection of public morality is accusation in violation of copyrights. In November 2009, the employees of the National Security Service of Ukraine confiscated all servers of hosting provider FREGAT, including those hosted gorod.dp.ua website, the biggest online news media in Kiev. Simultaneously servers of oppositional website vlasti.net, hosted by colocall.net hosting service provider, were shut down and confiscated. The reason for this action was institution of criminal case on illegal distribution of classified information. Based on the results of examination, the press service of the law enforcement agency claimed:
“During the inspection data bases of governmental authorities containing classified information and being the property of the State were found. Furthermore, over one million copies of computer programs, audio and video records were discovered. These were distributed with violation of copyrights”.
It’s important to mention that this operation was implemented during the presidential pre-election campaign. On the 31st of January 2012, the biggest file hosting service in Ukraine (ex.ua) was shot down due to the accusation of copyrights and related rights violation. The servers owned by the service were confiscated. Two days later after the protest actions in front of the Ministry of Internal Affairs in Kiev and DDoS attacks on the websites of governmental authorities, the requisition to block the domain was withdrawn, the resource was unlocked and partly resumed operation. Not until June the operation of the resource was fully recovered. Currently another bill “On introduction of changes to various legal documents of Ukraine concerning the regulation of copyrights and related rights” is being reviewed in its second reading. In case of violation of copyrights the bill gives the respective authorities the right to shot down websites without any legal proceedings.
Moreover, the actions of the law-enforcement authorities against statements made by users online are to be mentioned. In July 2010, the press service of the National Security Service of Ukraine announced: “In course of investigation measures information about the materials containing threats towards the President of Ukraine hosted on the website singing-foot.livejournal.com was gained”. The author of the materials, Ukraine’s citizen Oleg Shinkarenko subsequently informed that he was conveyed to the public prosecution body and released only after submitting a written obligation not to criticize the government in a harsh form in his blog. In December 2011, the Head department on cybercrime and human trafficking of the Ministry of International Affairs of Ukraine in Kiev in its letter addressed to the company hosting news website lb.ua, demanded from the latter full information about the natural person or legal entity owing the website LB.ua. The reason for this request was a complaint regarding the publication of unprintable expressions on the LB.ua platform, submitted to the police by a certain citizen. After this case the owners of lb.ua in order to prevent such incidents were forced to disable the anonymous comments and provided commenting rights to the registered users only.
Another case against lb.ua occurred in June 2012, when a deputy made a claim against the editorial board of lb.ua, demanding to institute legal proceedings according to the Article 163 of the Criminal Code of Ukraine (violation of privacy of mail, telephone conversations, telegraph and other correspondence conveyed by means of communication or via computers). This article stipulates prison sentence from three to seven years. The reason for the claim was lb.ua publication from November 2011 containing sms-exchange photographed by lb.ua journalist, in which the deputy writes about the future of his son, being at that point prosecuted for assault and battery against a female. It was clear from this communication that the deputy engages political technologists and journalists to write positive comments in the news and articles about the trial on his son. The initiated criminal case was widely discussed and subsequently was closed as reported by the public prosecutor’s office, even though the closure was never supported by any written document.
Being the most popular social network in Ukraine in terms of the number of users the social network “Vkontakte” long ago gained special interest of the law-enforcement authorities. The Ministry of Internal Affairs of Ukraine claimed that photo and video materials uploaded to the social network become more and more alarming. Due to difficulties with blocking of this network, the Ministry is cooperating with the department “K”. According to the Head of the Department on cybercrime of the Ministry of Internal Affairs of Ukraine: “All materials are forwarded directly to the department “K” of the Russian Federation. The webpages are getting closed and respective users punished”. Earlier in 2008, the National Expert Commission of Ukraine for protection of public morality directed a letter to the Minister of International Affairs of Ukraine Vladimir Ogryzko, asking to consider the possibility of contacting the Embassy of the Russian Federation concerning the discussed fact in order to prevent dissemination of pornographic content.
Other types of potential attacks and threats
One of the biggest DDoS attacks in Ukraine occurred in August 2009. Infrastructure of the company Imena.UA / MicroHost.net, domain name registration and hosting service provider, was under attack. At peaks the load on the company’s servers reached values over 2Gb/sec. Two IP-addresses revealing the control centre of the botnet were identified in cooperation between several Ukrainian companies. The IP-addresses were traced back to the spamming company Real Host Ltd, a shareholder of the biggest botnet called Zeus. Experts assumed that this attack was the first trial before the election campaign, and it allowed estimating the capacity of the communicational infrastructure of the major Ukrainian providers.
In 2009, the National Security Service of Ukraine in cooperation with their US colleagues revealed the activity of an international malware production and distribution company in Ukraine. The company ran by US citizens employed over 400 highly qualified specialists in their office in Kiev. The employed programmers had no idea they were working on the development of components for computer viruses, which were later used in order to infect computers all over the globe and create botnets. Furthermore, cases of involvement of Ukrainian citizens in illegal activities, associated with larcenies from foreign bank accounts under the cover of legal entities and money laundering amounting tens of millions of dollars, were reported.
According to a research conducted by the Kaspersky Lab, almost every second Internet user in Ukraine underwent at least one cyber attack in 2012. Results of a joint survey of the Kaspersky Lab and the O+K Research think tank, conducted among the Internet users on all continents in 2012, stated that 62% of Ukrainian users experienced the situation when pop-up windows alarmed about would-be viruses or recommended to set up fake antivirus software. It was found out that 50% of respondents came across malicious links in search result and 24% of the Ukrainian users when shopping online were redirected to dubious websites that requested them to provide their bank account numbers.
Potential threats, possible ways of their escalation and suggested mitigation
When comparing Internet freedom situation in Ukraine with any other country of concern for the series of reports in the framework of this research, one can state with confidence that Ukraine is more democratic. The absence of the censorship from the side of the state, presence of computer literate NGO community, well developed IT branch and availability of IT specialists, all these factors create good conditions not only for business development, but also for development of civil and non-commercial sector.
The experience of trainings conduction in Ukraine indicates positive results. The trainees usually have solid basic computer skills and are able to learn new information, including materials on use of digital security tools. It is advisable to conduct more trainings on the application of technologies of information protection, protection of online resources and offline data for both regular users and technicians. In combination with the above-mentioned technical trainings, educational seminars on organisational security policy and on planning of measures to maintain security are recommended.
The mobile communication services become more and more popular along with the price reduction for smart phones and tablet PCs. Everybody with no exception actively use mobile communications (both voice and data transfer) at work. In general, users do have a basic understanding about mobile communication threats (for instance that one needs to remove the battery when avoiding a potential shadowing), but they tend to ignore the necessity to secure their communications.
Taking into account that the majority of people use various social networks and there are tensions between different activists groups (for example, potential threat from nationalists and other radical groups) the escalation of online threats in social networks, provocative actions, vandalism, hacking threats and data leakages are probable. It is therefore recommended to support initiatives aimed at promotion of digital security and confidentiality protection measures in social networks.
The next Presidential elections in Ukraine are to be conducted in 2015. For that reason starting in 2014 escalation of tensions both in media sphere and in the realm of NGOs is expected towards the current authorities and the influence of neighbouring countries (first of all Russia) on the internal political situation in the country. This will definitely be reflected on the digital environment, security of web resources as well as on security of individual organisations and socially active persons.
One can claim that the civil society in Ukraine is able to rapidly mobilise itself in case of a threat (sometimes even in case of personal conflicts between NGOs and those in power), there is an intensive information exchange in case of opposition against any sort of threat. For that reason the promotion of the tools and dissemination of knowledge for digital security should work effectively in Ukraine.
This blog is made with cooperation of security experts in the region, and is entirely based on their findings.
‘Whatever states will do in attempt to curtail human rights online, they will fail. The Internet is such a powerful messenger. Technology evolves so rapidly. States won’t keep pace with users. The Internet will prevail as an open space of communication and the free flows of ideas.’
ddp (at) hivos.nl
By snail mail
Attn. Digital Defenders Partnership
P.O. Box 85565
2508 CG Den Haag
+31 (0)70 3765500