A coalition of worldwide non-governmental organizations has compiled a guide for individuals at risk for cyberattacks as well as for anyone charged with helping activists, human rights organizations and journalists identify and respond to threats.
The Digital First Aid Kit is available on Github and provides those who are potential targets for surveillance or individuals living under oppressive regimes with tools to respond and recover from hacks that could put communication and personal safety at risk.
“The Digital First Aid Kit is not meant to serve as the ultimate solution to every digital emergency, but it strives to give users and first responders tools that can help them to make a first assessment of what is happening and determine if they can mitigate the problem on their own,” wrote Eva Galperin, a global policy analyst with the Electronic Frontier Foundation. The EFF, along with other advocacy organizations such as Hivos, Internews, VirtualRoad and CIRCL, put together the guide and released it this week under a Creative Commons Attribution Share Alike International license.
The kit covers basic threats facing at-risk individuals, including how to secure communication, detect and deal with hijacked online accounts, DDoS and malware mitigation, and to lost or seized mobile devices, as well as a raft of resources. Galperin called the kit a living document.
“We encourage people to annotate the guide, fork their own versions, contribute feedback about advice that does or does not work, and make translations,” she said.
The guide is written for non-technical people and first-responders trying to help them. Users must go through a self-assessment first to help determine the scope of the problem and then guidelines for first-responders inside organizations trying to help.
“The self-diagnostic quality of the kit should also enable journalists, bloggers, activists and human rights defenders to understand what is happening to their digital assets, to be able to determine more rapidly when they should reach out for help, what kind of help they need and improve individual digital safety,” the introduction to the kit says.
It’s been well documented how groups in political hotspots around the world are targeted with malware that not only monitors their online activities and exfiltrates data from devices, but can also monitor their physical location putting lives in jeopardy.
Groups such as Citizen Lab in Toronto and the Tibet Action Institute, for example, have documented how attacks attributed to China have been used to monitor Tibetan and Uyghur activists in China or in exile who use mobile devices to communicate and organize resources.
Often these groups have limited resources to understand how they’re being targeted and when devices are infected. The guide walks users through a bevy of free and open source tools and apps that make use of encryption to keep communication private, as well as signs to look for if it’s suspected that a social media or Web-based email account has been compromised.
“[The kit] was inspired by the belief that everyone has the ability to take preventative measures to avoid emergencies and responsive steps when they are in trouble,” Galperin said. “Further, everyone has the ability to help out a colleague facing trouble.”