Real threat in virtual world
By: Shahzada Irfan Ahmed
Who says journalists land into trouble when they transgress certain ideological or geographical boundaries? That’s not always the case. Today, it’s not necessary for them to travel to lawless zones to risk their security. They are equally vulnerable to dangers even within the confines of their homes if they care less about their security in the virtual world.
This is the gist of a recent report commissioned by the Internews Center for Innovation & Learning and conducted by Bytes for All (B4A), a Pakistani human rights organisation with a focus on information and communication technologies.
The report titled “Digital Security and Journalists: A Snapshot of Awareness and Practice in Pakistan” reveals a widespread lack of awareness of the security risks Pakistani journalists and bloggers face in their online activities without being aware of who’s following them and for what purpose.
Based on interviews of several journalists and bloggers, the report findings suggest that though a vast majority of journalists uses Internet in their work and take basic precautions such as installing anti-virus software and using strong passwords, they were largely unaware of secure tools such as IP blockers, which can be set up to block access to one’s website from computers or networks that have certain Internet protocol (IP) addresses, such as from particular government entities, and virtual private network (VPN) services.
Many of them face issues such as having their emails intercepted or data stolen, having their websites attacked or hacked and having their identities exposed against their wishes. The obvious purpose of carrying out the study is to highlight the importance of security in using email services, running websites, interacting on social media websites and sharing data, sometimes unnecessarily, with larger audience and later on train journalists to take care of this aspect.
No doubt this training is essential for every person who logs on to Internet, but the reason to focus on journalists first was that their unsafe online practices can harm whistleblowers or their informants, believes Shahzad Ahmad, Country Director Bytes for All, Pakistan. “If the password of one person in a network is taken over, he/she can make the whole network vulnerable.”
Imran Naeem Ahmad, co-founder and managing editor of website Journalism Pakistan. com, is one such victim who was not ready for a hacker’s attack. The website was hacked in June 2012 and it took them by surprise. “We had never thought this could ever happen to us, after all hackers often target mega websites.”
They were staring at a blank page on the screens for a good 12 hours and the attacker had deleted all the content. Fortunately, they had back-up of all data and were able to get the website back fairly quickly.
Imran Naeem shares it with TNS that “the hacker then threatened to do it again, making his intentions clear by sending us a message through our website after we were back.” He strongly believes it was not a random action and neither was it the act of some “bored teenager.” Indeed, Journalism Pakistan.com was the calculated target of a cyber terrorist, a virtual mercenary. It was intended, he adds.
“We have our suspicions of course as to who could have engineered such a cowardly deed and why. The list is surprisingly short. We have already taken steps to ensure that it does not happen again.”
Imran Naeem has made passwords complex and taken some other precautionary measures to avoid such attacks in future. But the way hackers operate and the advanced tools they have to achieve their end calls for a more professional handling of the menace. The responses gathered from around 80 journalists and bloggers contacted during the study suggest the respondents are least equipped to counter the threats they face.
These respondents were selected using convenience sampling, on the basis of their importance in the media world and the blogosphere, says Shahzad. He adds extreme care was taken to ensure gender and regional diversity, and national scope among participants.
Contacts were made through telephone, email and various sources within the journalist community. A total of 52 people (65 per cent of those initially contacted) completed questionnaires. Seventy per cent of the respondents were working journalists and the remaining 30 per cent identified themselves as bloggers.
A very few of them were aware of the modus operandi of cyber attackers who use spy softwares such as trojans, keyloggers etc to hack email accounts and websites and commit identity theft. They were not aware that careless attitude in the cyberspace can cause severe harm to one’s professional and personal reputation.
Explaining keyloggers, Shahzad states it can be software (sent to you via email or transferred during downloading sessions) or a hardware device that can record the real time activity of a computer user including the keyboard keys they press. They are hidden within the system and a non-techie user cannot find out easily that his/her online activity is being logged/recorded by someone sitting at a remote computer.
Such softwares, he says, work like viruses that infiltrate your computer system and take over all the resources and digital assets that you have. They can come in via an attachment or transferred via different downloading websites e.g. movies or software portals, which though offer you free downloads but may be spreading such kind of malicious softwares.
The most troubling thing is that once a keylogger is installed on your computer, the person sitting at a remote computer can use your computer for any unlawful activities, Shahzad says. “For example, spamming is a crime in several countries so someone can use your computer power, and bandwidth without your knowledge to spam someone, whom you even don’t know.”
Unfortunately, there are no cyber laws in Pakistan and hence no deterrence against unwanted online activities. That’s one of the major reasons why hackers operate with impunity and the poor victim gets no relief at all.
Muhammad Adeel, a Lahore-based expert in network security, believes identity theft is frequent because people share too much personal information on social media websites and store user names, passwords and other personal information in memory offered by email accounts. “It’s easy for hackers to retrieve passwords by doing guesswork on the basis of personal information.”
However, Shahzad contests this assertion, saying strong password is just the first line of defense in the cyberspace. “There is no guesswork involved as there are softwares to harvest passwords. Digital security experts suggest that the time of passwords is over and now everyone should have pass phrase and that too should be at least 20 characters long.”
He suggests that passwords should also be changed frequently, adding those who want to take over your passwords can also use keyloggers that can send your personal information across. “So it is fairly easy that if you are not observing secure practices to access your digital assets (emails, website, blog or other documents) it can be at risk.”
Shahzad says journalists can also be victims of cyber stalking on social networks. Women and young girls are especially the target of this practice and that is why Bytes for All under its “Take Back The Tech” campaign works with young girls to train them on how to be safe and secure online.
There are several cases of women and girls, who had to face miserable consequences due to their poor digital security. Some of the Pakistan-specific cases are available at https: //www.apc.org/ushahidi/.
One such case is that of a female human rights activist who was harassed online when her profile was created on a fake fan page. It had her name and her pictures but she was described as a prostitute in that fake account. The girl had to write to the Facebook complaint centre that helped her at a later stage in taking it off. Similarly, several girls complained about their fake profiles on Facebook in Peshawar.
Female journalists, especially the popular anchors of TV talk shows, are highly vulnerable to cyber stalking. They must constantly look out for fake pages in their names often carrying their engineered pictures and act before the damage is done, says an Internet addict, who does not want to be named.