Lock your virtual doors and windows. Just like in the physical world, when you lock everything down, the bad guys may move on. Your accounts and data (such as email, social media profiles, or sources) are valuable assets – to you and criminals.
Imagine you’re an independent reporter embedded in a war zone. Ever since a rogue nation attacked the country you’re working in, you’ve published a blog with ground truth reporting, firsthand accounts of human rights abuses, profiles of civilian casualties, and troop movements. You’ve built a trusted network throughout the conflict area, and your work has a global reputation so solid, you’ve been cited by United Nations observers. Like many wars, the action sometimes happens at lightning speed, and other times it’s a slow, frozen conflict. And this is a slow news week.
As you’re preparing your weekly newsletter, though, you notice something new on the blog. “Heavy Artillery Moving in from The North, Prompting Immediate Retaliation” reads the headline. You find this deeply confusing – how could this headline be on the top of the page? Why does it have your byline? Who updated your website without telling you? Maybe it was one of your former collaborators.
By the time you click on the link, it’s dead: “404, Page Not Found.” For a minute, you think it was an odd quirk in your hosting platform and go about your work. But when the web traffic report comes in, you’re astounded how many hundreds of thousands of people clicked to your site today. Friends begin sending you screenshots of your website headed with the now-deleted headline, along with images of panicked civilians fleeing for safety up north.
You’ve never changed your passwords, and, indeed, one of your former collaborators let your credentials slip to malicious operatives. Now soldiers and civilians on both sides of the conflict don’t know what’s going on, and people are sure to get hurt.
Several variations of this story happened in 2020 in Poland and Lithuania. Hackers used password vulnerabilities to log into the back ends of several reputable news sites reporting on the tensions between Russia and NATO. Several fake stories were published, including fabricated images of German soldiers desecrating Jewish gravestones.
Though only online for a short amount of time, attackers shared the stories broadly, propaganda sites cited the stories, and they were copied onto other sites. Analysts fear that the high speed of such planted stories can sow chaos in breaking news situations, leading to lost confidence in elections and even possible violence.
Making sure your passwords remain a tightly-held secret can prevent unwanted access to your public-facing sites. If you change them frequently and implement two factor authentication, then you give attackers a moving target that’s much more difficult to breach, and you can also prevent old passwords from coming back to haunt you.
“Time” defines the approximate time it will take to implement the tool, including installation and setup. Based on your system and experience, the time may be longer or shorter than the time estimated.
Tool Levels
Level 1
Requires minimal technical knowledge to complete setup. Users with little-to-no familiarity with computer systems will still easily be able to implement Level 1 tools.
Level 2
Requires basic technical understanding of operating systems and settings controls. Users with a basic understanding will be able to easily implement Level 2 tools.
Level 3
Requires an intermediate level of understanding to implement. Users will need an intermediate understanding of computer systems and code languages.
Level 4
Requires advanced levels of understanding of computer systems, settings and code languages. Users will need experience with advanced system configurations.
