Heading text reads What problem are you facing? Underneath are 9 icons in white circles. Each icon represents a different problem.

Digital First Aid Kit

Introduction

The Digital First Aid Kit is a free resource to help rapid responders and activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed.

The Digital First Aid Kit is a collaborative effort of the RaReNet (Rapid Response Network) and CiviCERT.

How to Use the Kit

Select the problem you are facing and the Digital First Aid Kit will walk you through a set of questions to better diagnose the problem and find resources to help you.

I Lost My Device

Is your device lost? Has it been stolen or seized by a third party?

In these situations, it is important to take immediate steps to reduce the risk of someone else accessing your accounts, contacts, and personal information.

This section of the Digital First Aid Kit will walk you through some basic questions so you can assess how to reduce possible harm related to losing a device.

I cannot access my account

Social media and communications accounts are widely used by civil society members to communicate, share knowledge and advocate their causes. As a consequence, these accounts are highly targeted by malicious actors, who often try to compromise these accounts, causing harm to civil society members and their contacts.

This guide is here to help you in case you have lost access to one of your accounts because it was compromised.

Here is a questionnaire to identify the nature of your problem and find possible solutions.

My device is acting suspiciously

Malware attacks have evolved and become highly sophisticated over the years. These attacks pose multiple different threats and can have serious implications to your personal and organisational infrastructure and data.

Malware attacks come in different forms, such as viruses, phishing, ransomware, trojans and rootkits. Some of the threats are: computers crashing, data theft (i.e.: sensitive account credentials, financial info, bank account logins), an attacker blackmailing you to pay a ransom by taking control of your device, or taking control of your device and using it to launch DDoS attacks.

Some methods commonly used by attackers to compromise you and your devices seem like regular activities, such as:

  • An email or a post on social media that will tempt you to open an attachment or click on a link.
  • Pushing people to download and install software from an untrusted source.
  • Pushing someone to enter their username and password into a website that is made to look legitimate, but is not.

This section of the Digital First Aid Kit will walk you through some basic steps to figure out if your device is likely infected or not.

If you think that your computer or mobile device has started acting suspiciously, you should first think of what the symptoms are.

Symptoms that commonly can be read as suspicious device activity, but often are not sufficient reason to worry include:

  • Clicking noises during phone calls
  • Unexpected battery drain
  • Overheating while the device is not in use
  • A device operating slowly

These symptoms are often misconceived as reliable indicators of worrisome device activity. However any of them taken on its own is not sufficient reason for concern.

Reliable symptoms of a compromised device usually are:

  • The device restarts frequently on its own
  • Applications crash, especially after input action
  • Operating system updates and/or security patches fail repeatedly
  • Webcam activity indicator light is on while webcam is not in use
  • Repeated “Blue Screens of Death” or kernel panics
  • Flashing windows
  • Antivirus warnings

Now, answer these questions to get a better idea of what is going on.

I Received a Suspicious Message

You may receive suspicious messages to your email inbox, social media accounts and/or messaging applications. The most common form of suspicious emails is phishing emails. Phishing emails aim to trick you into giving up your personal, financial, or account information. They may ask you to visit a fake website or call a fake customer service number. Phishing emails can also contain attachments that install malicious software on your computer when opened.

If you are not certain about the authenticity of the message you received, or what to do about it, you can use this questionnaire as a guiding tool to further diagnose the situation or to share the message with external trusted organizations that will provide you with a more detailed analysis of your message.

Keep in mind that receiving a suspicious email does not necessarily mean that your account has been compromised. If you think an email or message is suspicious, don’t open it. Don’t reply to the email, don’t click any links, and don’t download any attachments.

Now, answer these questions to get a better idea of what is going on.

My Website is down, what is going on?

A threat faced by many NGOs, independent media and bloggers is having their voices muted because their website is down or has been defaced. This is a frustrating problem and can have a lot of causes like bad website maintenance, unreliable hosting, script-kiddies, a ‘denial of service’ attack or a website takeover. This section of the Digital First Aid Kit will walk you through some basic steps to diagnose potential problems using material from My Website is Down.

It is important to know that there are many reasons why your website can go down. It can range from technical problems at the company that hosts the website or the not updated Content Management System (CMS) like Joomla or WordPress. Finding the problem and possible solutions to your website’s problem can be cumbersome. It is good practice to contact your webmaster and the website host after diagnosing these common problems below. If none of these options are available to you, seek help from an organization you trust.

As a start, consider:

  • Who built your website? Are they available to help?
  • Was it built using WordPress or another popular CMS platform?
  • Who is your web hosting provider? If you do not know, you can use a WHOIS online service to help.

Now, answer these questions to get a better idea of what is going on.

A threat faced by many activists, human rights defenders, NGOs, independent media, and bloggers is to be impersonated by adversaries that will create false profiles, websites, or emails in their names. This is meant sometimes to create smearing campaigns, misleading information, social engineering, or stealing one’s identity in order to create noise, trust issues, and data breaches that impact the reputation of the individuals and collectives being impersonated. In other cases an adversary may impersonate someone’s online identity for financial motivations such as raising funds, stealing payment credentials, receiving payments, etc.

This is a frustrating problem that can on different levels affect your capacity to communicate and inform. It can also have different causes depending on where and how you are being impersonated.

It is important to know that there are many ways to impersonate someone (fake profiles in social media, cloned websites, spoofed emails, non-consensual publication of personal images and videos). Strategies may range from submitting take-down notices, proving original ownership, claiming copyright of the original website or information, or warning your networks and personal contacts through public or confidential communications. Diagnosing the problem and finding possible solutions to impersonation can be complicated. Sometimes it will be close to impossible to push a small hosting company to take down a website, and legal action may become necessary. It is good practice to set up alerts and monitor the internet for finding out if you or your organization are being impersonated.

This section of the Digital First Aid Kit will walk you through some basic steps to diagnose potential ways of impersonating and potential mitigation strategies to remove accounts, websites and emails impersonating you or your organization.

If you are being impersonated, follow this questionnaire to identify the nature of your problem and find possible solutions.

The Internet, and social media platforms in particular, have become a critical space for civil society members and organizations, especially for women, LGBTIQ people, and other minorities, to express themselves and make their voices heard. But at the same time, they have also become spaces where these groups are easily targeted for expressing their views. Online violence and abuse denies women, LGBTIQ persons, and many other unprivileged people the right to express themselves equally, freely, and without fear.

Online violence and abuse has many different forms, and malicious entities can often rely on impunity, also due to a lack of laws that protect victims of harassment in many countries, but most of all because protection strategies need to be tweaked creatively depending on what kind of attack is being launched.

It is therefore important to identify the typology of the attack targeting you to decide what steps can be taken.

This section of the Digital First Aid Kit will walk you through some basic steps to plan how to get protected against the attack you are suffering.

If you are targeted by online harassment, follow this questionnaire to identify the nature of your problem and find possible solutions.

Now, answer these questions to get a better idea of what is going on.

Digital data can be very ephemeral and unstable and there are many ways you can lose it. Physical damage of your devices, termination of your accounts, erroneous deletion, software updates and software crashes can all propel a loss of data. Besides, sometimes you might not be aware of how or if your back-up system works, or simply have forgotten about your credentials or the route to find or recover your data.

This section of the Digital First Aid Kit will walk you through some basic steps to diagnose how you might have lost data and potential mitigation strategies to recover it. Here is a questionnaire to identify the nature of your problem and find possible solutions.

Someone I know has been arrested

Arrests of human rights defenders, journalists, and activists put them and those with whom they work and live at great risk.

This guide is specially oriented at countries which are lacking in human rights and due process, or where authorities can circumvent legal procedures, or where non-state actors operate freely, detentions or arrests pose a greater risk to the victims, their colleagues and relatives.

In this guide we aim to alleviate the danger they face and limit the detainers’ access to sensitive data that may incriminate the victims and their colleagues, or that may be used to compromise other operations.

Taking care of the detainee as well as of the digital impacts of this detention might be exhausting and challenging. Try to find others to support you and coordinate your actions with the community involved.

Feeling Overwhelmed?

Online harassment, threats, and other kinds of digital attacks can create huge burden to your feelings and wellbeing. Read our Self-care tips to find out more resources and organizations for support and mitigation.

Access Kit

Languages

The Kit is available in a multitude of languages. To access different languages access the guide and language options are available to select on the top right hand menu.

Credit and Licence

This resource is a collaborative effort of the Rapid Response Network and CiviCERT. See our About page for further information. The Digital First Aid Kit is an open-source project and we welcome outside contributions.

The Digital First Aid Kit uses the following Creative Commons Licence – Attribution 4.0 International (CC BY 4.0). Minor adaptations have been made by the Commons.

Explore Further