Access Now offers 24/7 advice to victims of cybercrime

UPDATED A dedicated cybersecurity hotline launched by human rights charity Access Now is providing 24-hour assistance to victims of cyber-attacks, spyware campaigns, data theft, and other digital malfeasance.

The Digital Security Helpline is led by a team of trained security professionals offering digital security guidance on topics ranging from how to protect against data and credential theft to targeted cyber-attack campaigns.

It officially launched in 2013, though the charity has been offering support and direct technical advice to activists, journalists, and other human rights campaigners since it was formed in 2009.

Access Now is a leading defender of citizen’s digital rights.

The organization recently reiterated its demands for activist Ahmed Mansoor to be released from prison – he was sentenced to 10 years for calling for reform in the UAE in messages posted online.

Mansoor had been the victim of physical assaults, death threats, government surveillance, and a sophisticated spyware attack allegedly using technology by Israeli firm NSO Group.

Just this week, Access Now published an open letter to the co-owners of NSO Group after allegations that the firm has targeted journalists and other citizens with surveillance technology.

The Daily Swig spoke to Access Now’s Daniel Bedoya Arroyo, Digital Security Helpline director, about the threats facing citizens – and how they’re seeing an increase in credential theft across the globe.

Can you share some background with us – when did the helpline launch?

Daniel Bedoya: The Digital Security Helpline started, in its current shape and form, in 2013. However, Access Now has been involved in the provision of support and direct technical advice to activists and human rights defenders since its creation in 2009. Back then a much smaller, but equally passionate, Access Now team supported people in Iran facing digital attacks during the Iranian Green Movement.

How long have you noticed a need for the helpline?

DBA: The need for a helpline was evident from the very beginning of Access Now, almost 10 years ago. In our work supporting human rights defenders, activists, NGOs, and media professionals, it has always been clear that the environment in which we operate is one with well-resourced adversaries – financially, technically, legally, and physically – and under-resourced victims, who are threatened online and off.

What does the helpline offer in terms of advice?

DBA: We offer real-time, direct technical assistance and advice to civil society groups and activists, media organizations, journalists, bloggers, and human rights defenders. The helpline will work with the individual or organization in need of support to assess the risks they face in their work, and together we’ll prioritize tasks, determining which digital security needs, tools, and practices most need to be improved. We help to resolve emergency issues, teach some of the most important best practices, and enable at-risk individuals and organizations to get into a secure mindset for the future.

How many requests, on average, do you receive?

DBA: This has changed greatly over time. When the helpline first started in 2013, we received around 10 to 15 cases per month. Over the past year, this has grown to an average of 120 cases every month.

What kind of people are you seeing accessing the helpline? Have you noticed a higher concentration of requests from specific regions?

DBA: The service is truly global, and requests have come in from more than 100 countries. Certainly, there are countries where we get a constant flow of cases – to no one’s surprise, these are places where minority groups are struggling to have their rights respected and [where] there is a high level of repression.

Regarding the type of incidents or problems these individuals and organizations confront, they vary greatly. Adversaries use different techniques and tactics in different regions, and many of the attacks are not limited to the digital sphere – our area of focus and expertise.

That being said, it would be accurate to say that in the recent times, a high number of the requests we have received are related to the compromise or potential compromise of sensitive information. This includes compromise of a client’s email or social media accounts and the surveillance of their devices and connections. In response, the Digital Security Helpline supports the affected groups in recovery and containing the exposure due to the incident, and, whenever possible, help these groups develop preventative measures to avoid future incidents.

Did you work with any cybersecurity firms or consultants when developing the advice for clients?

DBA: Over the past five years, the helpline has developed and matured a large knowledge base that is crucial in our provision of advice. Unless confidential, we publish our advice and encourage our community to review and provide feedback.

Moreover, the helpline is part of CiviCERT, an initiative of civil society organizations working in similar topics to globally improve the security awareness of civil society.

Finally, how do you choose which languages to offer advice in?

DBA: We offer advice in English, Spanish, French, German, Portuguese, Russian, Tagalog, Arabic, and Italian. These languages reflect the language capacity of our helpline staff. We have continued to expand the list of languages in which we are able to provide support thanks to our staff, and the goal is to serve in as many languages as possible.

In some regions, like Latin America for instance, it is much easier to have a wider coverage with fewer languages whereas in others, like Asia, we are conscious that our capacity needs to grow, and we are looking at strategies to ensure support will be available for at-risk users in their local language.

This article has been updated for clarity reasons.