Digital Security Lab | RSF Resource for Journalists' Safety

The Digital Security Lab (DSL) is a forensic service by Reporters Without Borders (RSF) offering analysis of digital attacks on journalists.

To support journalists in making digital attacks public and to demand justice, the Digital Security Lab (DSL) from Reporters Without Borders (RSF) analyses digital attacks on journalists.

Usually, there exist many possibilities to record and collect evidence on physical attacks — they may be filmed, the resulting harms can be photographed, etc. But this is not the case with digital attacks, which often go unnoticed or show only very subtle symptoms: even to experts, it can be difficult to decide whether a device was compromised by malware.

This results in a situation where digital attacks on journalists are rarely made public. The DSL wants to identify those attacks to support journalists, help them protect their sources, understand the technological patterns of digital attacks, and help them make attacks public if they choose to.

What the DSL can offer

The DSL can analyse digital attacks to the extent that is possible with civil forensic techniques. However, as in any unknown system, it can never prove the absence of malware. If the DSL does not find malware or other attack traces on one’s device, this does not mean that it is certain that there is none.

In general, the DSL cannot offer incident response to security incidents. If journalists need help in securing devices or recovering from attacks, Access Now’s helpline is likely better suited for the situation.

Cases criteria

For capacity reasons, the DSL can only offer to analyse a digital attack if one of the following criteria is met:

Known indicators are pointing to an attack, such as: phishing mails where passwords were entered; successful account takeovers; phishing mails with content tailored very specifically to the life and context of the target person; unwanted email notifications that an account password has been changed or reset; devices have been seized and taken away by the police.
Cases linked to people who have been attacked by state actors and those attacks are documented.
Cases of journalists who are working in a context where digital attacks on peers have already been documented.

Victim of a digital attack? Contact the Lab!

If you are a journalist and are affected by a digital attack or have good reason to believe that you have been attacked, don’t hesitate to contact us. We offer:

Analysis of devices for indicators of malware;
Analysis of phishing attacks;
Analysis of malicious account take-overs.

You can contact us in the following ways:

Write an email to lab@reporter-ohne-grenzen.de.
If you prefer Protonmail: rsf_lab@proton.me.
DSL’s PGP Public Key.

What is the procedure?

1) The DSL verifies with the RSF international assistance team that the case is covered by the RSF mandate. For that, you will be asked for information on where you work and how you are being attacked in the course of your work.

2) The DSL collects the necessary data to analyse the attack. In many cases this requires you to sign a privacy statement. The DSL keeps your data secure by only storing it on encrypted disks, and deletes it after the analysis is done.

3) The DSL performs an analysis of the attack.

4) The DSL informs you quickly about any new findings in the analysis.

5) If a digital attack can be proven and documented, the potential (consensual) publication of the results is discussed.