Security tools to protect newsrooms, journalists and citizens online
A quick recap of a recent Hacks/Hackers Africa NBO community meetup, where Elric Wamugu and Laura Tich showed some tricks and tools for anyone who wants to remain safe online.
A world where smart kitchen appliances take down the world’s biggest sites, hackers kill off presidents in 140 characters, and prevent citizens from accessing news sounds like something out of a science fiction novel.
In 2016, we saw Mirai malware infect software used by Internet of Things (IoT) devices, such as web cams and smart fridges, to launch DDoS attacks against, among others, Twitter, Spotify and Reddit. These devices are easily hackable — often only proctected by factory-default usernames and passwords.
This technique has been amplified, with two of the biggest DDoS attacks thus far taking place in March 2018, bringing down GitHub. From 1 to 8 March, the total number of Mem-cached based attacks totalled 13,027, with an average of 1,682 attack events per day.
In 2011, the Fox News Politics Twitter account was hacked, declaring then president Barrack Obama had been assassinated at a restaurant in Iowa. The posts were retweeted thousands of times before they could regain admin rights to their account. The Script Kiddies claimed responsibility for this — offering a taste of how easy it could be to spread misinformation.
In June 2017, social media users in Nigeria shared reports of a bomb blast in Lagos accompanied with a video clip. Authorities quickly dispelled these claims and linked the clip to a bomb blast in 2014 in Abuja. However, a number of news sites had already published the story and had to retract them later.
Media personalities and newsrooms continue to be target of digital attacks. As new vectors crop up by the day, it may be difficult to determine what’s real news and puts news sites and blogs at bigger risk. It could and has been used by governments to censor important news stories, or bring down banking institutions as seen in the Netherlands early this year.
Battling online censorship and content manipulation
At the Hacks/Hacker Africa NBO meetup in March, the main focus was on censorship and content manipulation through Distributed Denial of Service and man in the middle attacks. Elric Wamagu from Huridocs and Laura Tich, co-founder of SheHack KE, discussed a number of free tools to combat digital attacks and defend digital assets.
“It’s not a question of if you will be hacked but of when… You can put in place preventative measures now instead of curative ones later.” — Elric Wamugu
Deflect
Deflect is an open source project by eQualitie created to defend human rights groups, civil societies and journalists from digital attacks. Deflect not only hides your server’s IP address, but also prevents any unauthorised access to editorial dashboards.
Outline focuses on simplifying the management of your own server at no charge. Jigsaw, an Alphabet company focusing on human rights and access to information, created the Outline VPN project to help journalists create secure connections to sources, their news desks, and the internet.
Outline also allows you to block traffic and access any site — including within countries that censor some sites.
“To prevent man in the middle attacks, use a Virtual Private Network which creates an encrypted, secure ‘tunnel’ that prevents access by unknown parties.” — Laura Tich
The Tor Project allows users to browse the internet and share information over public networks without compromising their security and privacy. Tor is also effective at circumventing censorship, allowing users to reach blocked content, and allowing journalists to communicate safely with whistleblowers.
Additionally, one can update websites without revealing a location. With Tor, instead of making a direct connection to a site, one passes through a series of virtual tunnels making those digital footprints untraceable.
The Tor Project has also built free software project called the Open Observatory of Network Interference (OONI). It aims to increase transparency of internet censorship around the world by empowering decentralized efforts.
Ooniprobe is a free and open source software that users can run to examine blocking of websites, services and censorship circumvention tools such as Tor. It can also be used to detect the presence of systems in a network that may be responsible for censorship or cyber-spying. Ooniprobe allows one to collect data that one can use as evidence of internet censorship by revealing the location, time and identity of who implemented it.
A project by the African Network of Centres for Investigative Journalism (ANCIR), afriLEAKS provides a secure platform for whistleblowers to leak documents that are of interest to the public to newsrooms. With this platform, whistleblowers can also communicate with reporters without revealing your identity or contact information.
afriLEAKS is also considerate of newsrooms which may be resource-challenged by customizing the technology and deployment models to suit these newsrooms.
Have any further queries about digital security or how to implement these tools? Code for Africa and ANCIR has created a hotline for digital security questions. Get in touch by filling out this form.
Would your newsroom like help with Digital Security?
ANCIR is offering a helpline, technical resources, and sharing best-practices with newsrooms and human rights activists for FREE. If you’d like to get access to these and more, sign up here to be considered for our digital security support.
The African Network of Centers for Investigative Reporting (ANCIR) is an association of the continent’s best investigative newsrooms, ranging from large traditional media to small specialist units.
ANCIR works to strengthen African investigative journalism by improving the techniques, expertise, the tools used in muckraking newsrooms. This includes providing member newsrooms with the world’s best encryption and semantic analysis technologies, to forensic research support (through the Investigative Dashboard), legal services, and seed grants for cross-border collaboration.
ANCIR is incubated by and receives technical support from Code for Africa.
Follow ANCIR on Facebook and Twitter today.
The worlds of hackers and journalists are coming together, as reporting goes digital and Internet companies become media empires.
Journalists call themselves “hacks,” someone who can churn out words in any situation. Hackers use the digital equivalent of duct tape to whip out code.
Hacker-journalists try and bridge the two worlds. Hacks/Hackers Africa aims to bring all these people together — those who are working to help people make sense of our world. It’s for hackers exploring technologies to filter and visualize information, and for journalists who use technology to find and tell stories. In the age of information overload and collapse of traditional business models for legacy media, their work has become even more crucial.
Code for Africa, is the continent’s largest #OpenData and civic technology initiative, recognises this and is spearheading the establishment of a network of HacksHackers chapters across Africa to help bring together pioneers for collaborative projects and new ventures.
