Digital Security Lab
What is the Digital Security Lab?
The Digital Security Lab (DSL) is a forensic service by Reporters without Borders (RSF) offering analysis of digital attacks on journalists.
What is the purpose?
To support journalists in making digital attacks public and to demand justice, the Digital Security Lab analyses digital attacks on journalists. Usually, there exist many possibilities to record and collect evidence on physical attacks: They might be filmed, or pictures can be taken of the resulting harms. But this is not the case with digital attacks which often go unnoticed or show only very subtle symptoms: Even to experts it can be difficult to decide whether a device was compromised by malware or not. This results in a situation where digital attacks on journalists are rarely made public. We want to identify those attacks to support journalists, help them protect their sources, understand the technological patterns of digital attacks and help them make attacks public if they choose so.
When to contact the Digital Security Lab
For capacity reasons, we can only offer to analyze a digital attack if one of the following criteria is met:
- Known indicators are pointing to an attack, such as:
- Phishing mails where passwords were entered
- Successful account takeovers
- Phishing mails with content tailored very specifically to the life and context of the target person
- Unwanted email notifications that an account password has been changed or reset
- Devices have been seized and taken away by the police
- Cases linked to people who have been attacked by state actors and those attacks are documented
- Cases of journalists who are working in a context where digital attacks on peers have already been documented
Cases that do not fit these criteria can only be analyzed if we have sufficient capacity.
Victim of a digital attack? Contact the Lab!
If you are a journalist and are affected by a digital attack or have good reason to believe that you have been attacked, don’t hesitate to contact us.
- Analysis of devices for indicators of malware
- Analysis of phishing attacks
- Analysis of malicious account take-overs
You can contact us in the following ways:
- write a mail to [email protected]
- If you prefer Protonmail: [email protected]
- our PGP Public Key
What we can offer and what not
The DSL can analyze digital attacks to the extent that is possible with civil forensic techniques. However, as in any unknown system, it can never prove the absence of malware. If the DSL does not find malware or other attack traces on your device, this does not mean that it is certain that there is none.
In general the DSL cannot offer incident response to security incidents. If you need help in securing devices or recovering from attacks, the Helpline service of Access Now is likely better suited for the situation.
What happens when you contact the DSL?
- The DSL verifies with the international assistance team that your case is covered by the RSF mandate. For that you will be asked for information on where you work as a journalist and how you are being attacked because of your work.
- The DSL collects the necessary data to analyze the attack. In many cases this requires you to sign a privacy statement. We keep your data secure, only store it on encrypted disks, and delete it after the analysis is done.
- The DSL performs an analysis of the attack.
- The DSL informs you quickly about any new findings in the analysis.
- If a digital attack can be proven and documented, the potential (consensual) publication of the results is discussed.