Financial crime is detrimental to the economies of developing countries. Money Trail empowers journalists to uncover such malpractice. As part of the project, Free Press Unlimited and Finance Uncovered teach journalists how to conduct cross-border financial investigations. A large part of the five-day course is dedicated to digital security. Participants learn how to protect their work and sources against adversaries who want to keep their stories from being published.
Ahead of the training, Visser had already implemented security procedures in her team. “We had started setting up a minimum safety procedure for how we collaborate. Because the thing is, you are as weak as the weakest link in your organisation,” she says. “If out of ten people there’s one who always uses the same five-letter password for everything, the entire team is in danger.”
During the course, Visser learned how to stay safe online within practical limitations. Using encrypted communication from the beginning, for example, is not always realistic. Visser explains that in Asia, Facebook Messenger is the preferred communication tool for many. The messaging app is not fully encrypted, but cannot always be avoided entirely. “Sometimes you just establish contact through it but then you try to go to a safer mean for instance,” she explains.
Shortly after the training, Visser’s website was targeted by hackers. At first, she admits, there was panic. “It does feel like someone broke into your house, it’s very personal. It feels like your personal space has been violated,” she says.
Visser initially feared for the safety of the website’s visitors, because all the articles were redirected to another website. Later, she found out that it was a spammy page. “So it was probably just to increase ad money or Google ranking,” she says.
Even though she already used a password manager, Visser and her team realised that probably one of the passwords used was easy to break. She reached out to Free Press Unlimited security officer, who leads the digital security module in the Money Trail training. He advised her to log everyone out and get new passwords. He advised her to install plugin softwares too, which are components that add a specific feature to an existing program. She has now implemented a two-factor authentication password system within her organisation and has restricted the number of administrators.
In retrospect, Visser thinks that the hack was a valuable experience: “I’m very, very grateful for this test actually,” she says. “It forced us to look at any issues that make the website vulnerable.” She continues looking for ways to improve her team’s safety: “We’d still like to implement a few things that came up during the training, like cloud storage.”
More information about Global Ground Media can be found on their website.