A section of the Chinese Red Cross website has reportedly been hacked. Apparently the hacker gained access to the website and created four fraudulent bank accounts to steal earthquake relief funding. If you can read Chinese you can read the report here. Otherwise check out the link attached to the graphic below. Read the full report from The Dark Visitor.

Tags: China, News, NGO Security, Technology, Incident

Recent media coverage of the Ninth U.S. Circuit Court of Appeals' decision to allow border agents to search travellers laptops without cause has inspired a lot of coverage in tech media circles. However, as an aid worker it is important to remember that the US border is not the only place where your laptop can be searched. Aid workers have reported having their laptops searched by authorities in Sudan, and Pakistan. Sri Lankan security forces frequently demand access to aid worker's laptops when they are entering LTTE controlled areas or travelling by to or from Jaffna. In one case they even seized the computer of the Executive Director of an NGO.

So how do you keep prying eyes from accessing your sensitive files while travelling? The EFF has some good advice for protecting your laptop from arbitrary searches. Bruce Schneier has his take as well. Finally you shouldn't overlook Front Line's "Digital Security and Privacy for Human Rights Defenders".

Tags: NGO Security, Technology, Tips, Tools

The Centre for Monitoring Election Violence is monitoring the election in eastern Sri Lanka. They are using the emerging standard, Twitter updates mashed with google maps, a blog, and mobile phone access to spread the word. Even if you are not interested in the elections you should check it out in case you need to do something similar in your own country.

CMEV is comprised of the Centre for Policy Alternatives (CPA) the Free Media Movement (FMM) and INFORM Human Rights Documentation Centre. Despite financial constraints they plan to field 330 stationary monitors at selected polling centres across the Eastern Province along with 49 Mobile Teams.

Tags: Sri Lanka, News, online tools, Twitter

Vikalpa has launched a new site on Twitter with short reports generated by its citizen journalist network in Eastern Sri Lanka. eastelections08 will provide updates on election related violence and malpractices in the Eastern Province.

You can also view the updates on the vikalpa website. You'll find them in the middle column just above the fold.

Tags: Twitter, Advocacy, Sri Lanka

Aid Worker Daily has instructions for sending GPS co-ordinates from your Thuraya satellite phone to Twitter via an SMS message. This might come in handy if you get into trouble and need help like James Karl Buck.

Tags: Technology, Twitter, Tips, Communications, GPS, NGO Security, SMS

BBC Radio's iPM until Chris Vallance contacted me to talk about using Twitter in Afghanistan. He has put together a a great piece titled "Twittering Around the World". Its definitely worth listening to. There are a lot of fascinating people doing interesting things with Twitter.

Add IPM Radio4's channel to your page

Be sure to check out the blog post too. Chris has links to some cool Twitter related sites.

Tags: Twitter, News

Hmmm. This video looks interesting. It purports to be of an Android mobile phone application called MapMaker for creating maps in disaster zones. Here is what the person who posted the video on YouTube says about the application:

Map Maker is an Android application for creating maps in a disaster zone. It is designed to allow aid workers to quickly and easily create a map of the area they are working in. After a disaster such as a hurricane or earthquake the landscape can change so fundamentally that existing maps are rendered out of date. Knowing things like which roads are passable, where field hospitals are and suitable aircraft landing areas makes it far easier to manage an emergency.

Unfortunately the video has no audio and there are very few details. If this turns out to be more than vapourware I'd like to see some additions to support NGO security. Labels and tags for minefields, no-go areas, checkpoints, safety hazards etc. would be very nice.



If the creator of this program is out there listening I'd love to beta test this!

Tags: GIS, GPS, video, Tools, Technology, Software, Maps, Mobile Phones

You might recall that a couple of weeks ago NGO Security and humanitarian.info covered cyber attacks on NGO's in Tibet. Now Wired magazine has a more mainstream follow up article on the issue. Most alarming perhaps is that some of the malware used in the attacks was designed to steal PGP encryption keys. PGP is used by many human rights groups to secure their email from prying eyes.




If you'd like to know more about how to protect your organization's information from prying eyes be sure and check out "Digital Security and Privacy for Human Rights Defenders".

Tags: NGO Security, Tibet, Technology, News

Inspired by the demise of the Sri Lanka Monitoring Mission (SLMM) website, government censorship of sites like Tamilnet, and the demise of websites like Tafern, Sanjana Hattotuwa has set up Websites at Risk. His intent is to archive civil society and NGO websites that are at risk of being closed down with little or no notice. These websites are valuable sources of information and lessons learned for humanitarians, researchers and NGO security practitioners.

Sanjana deserves a big round of applause for this initiative.

Tags: Data, Sri Lanka, Technology, Tools

Discussion (here and here) regarding Bruce Schneier’s recent post on security mindset combined with recent interesting posts from friends regarding NGO IT security issues (here, here and here) has me thinking. It seems to me that social engineering, rather than a purely technological attack, is still the easiest route into most NGO’s networks. There is no need for anything too complicated. Most aid workers are somewhat trusting and helpful by nature making them easy targets for even relatively inexperienced social engineers.

Kevin Mitnick’s book, “The Art of Deception - Controlling the Human Element of Security” is a great introduction to social engineering. Kevin Mitnick was one of the world’s greatest hackers. He gained great notoriety for his ability to penetrate telephone and computer networks seemingly at will. What surprised many is that it wasn’t sophisticated technology that allowed him to do it. It was his ability to con or ‘pretext’ people into giving him the information he needed to access their systems. As he explains in the book the human factor was security’s weakest link.

Hint: If you search for “Kevin Mitnick The Art of Deception.pdf” Google you just might be able to find a free copy of Kevin’s book floating around the net.

To further develop your security mindset check out "No-Tech Hacking" by Johnny Long. Its a sample chapter from "Techno Security's Guide to Managing Risks for IT Managers, Auditors and Investigators". Johnny has since turned the chapter into a book in its own right. In the freely available sample chapter he covers tailgating, faking ID cards, lock bumping, shoulder surfing, dumpster diving and other low tech means of gaining forbidden access.

Happy reading and don't blame me if it keeps you up at night.

Tags: links, NGO Security, Technology, Training

In Case of Emergency (ICE) is a program that encourages people to enter emergency contacts in their cell phone address book under the name "ICE". This enables first responders, (paramedics, firefighters, police officers, and of course NGO security officers) to quickly search an unresponsive victims phone for the ICE contact who can identify the victim, provide emergency medical information, and next of kin details.

Of course this is not a panacea. It comes with the usual caveat; you'll need to adapt the system to your local context and your organization's methodologies. For instance it might not be appropriate in Afghanistan where Taliban supporters have been known to search the phones of passers by for foreign names. However, with a little bit of adjustment you should be able to use this idea to help ensure the safety and security of your staff.

If you want additional videos like the one above W. David Stephenson has done a number of videos at least one of which I have used before. You can find out more at his website or at his YouTube channel. Don't be put off by the Homeland Security 2.0 label he uses. His short videos are intended help empower ordinary people during times of emergency or disaster.

Tags: video, Tips, Mobile Phones, Tools, Technology

Thanks to Sources and Methods for pointing out the Trunk Monkey Vehicle Security System. Hopefully they'll develop a ruggedized version for NGO use. Just imagine how useful it could be at militia checkpoints or when the police want to search your vehicle for the fifth time that day.



For more about Trunk Monkey go to trunkmonkey.com.

Tags: NGO Security, Humor, Technology

I believe that publicly funded data (data from governments, the UN and other world bodies, and INGOs) should be truly public. By this I mean that anyone can easily, and without cost, access the data in a non-propietary format. No locked pdf files. No password protected databases. No one-query-at-a-time, one-answer-at-a-time forms. Just the data in a simple user accessible format.

The Stockholm International Peace Research Institute (SIPRI) and the International Relations and Security Network (ISN) understand. They have teamed up to provide an integrated database known as FIRST . FIRST contains free, open source, clearly documented information from research institutes around the world. The databases filled with hard facts on armed conflict, peace keeping, arms production and trade, military expenditure, armed forces and conventional weapons holding, nuclear weapons, security, international relations, human rights, and health statistics. Most of the data can be exported in comma-seperated value (.csv) or Excel (.xls) formats. These formats are easily imported by many analytical tools allowing the user to carry out their own processing and analysis.



As an excellent example of what can be done with data from FIRST check out Jeffrey Warren's Vestal Design interactive data visualization of world-wide arms transactions. You can view the full Java-based visualization at ARMSFLOW. I love this kind of thing. Effective data visualization allows you to quickly present complex data to senior level decision makers without overwhelming them.



Now if only there was a way to get NGOs to share security incident data in the same way!

Tags: Data, International Security, online tools, Technology

NGO compounds can be very vulnerable to civil disturbance, especially when they become the focus an angry crowd’s attention. Walls, fences and gates will only slow determined rioters and not for very long at that. Even armed guards are of little use. Guards from a reputable private security company are unlikely to be willing to fire upon a crowd of their fellow countrymen, nor would humanitarian organizations want them to. So the question is, how does one slow the advancing crowd long enough for staff to seek safety?

The Inferno invisible security barrier might be a solution worthy of consideration for at risk humanitarian organizations. The modules look like sleek high tech stereo speakers but they emit a wall of sound so unpleasant that it forces most people to leave the area immediately. Any intruder who doesn’t leave immediately faces the unpleasant prospects of vertigo and nausea and will have difficulty concentrating on the task at hand.



The system works by emitting a combination of sound frequencies from 2 to 5 kHz. Unlike the comparably loud scream of a regular siren the inferno’s unique frequency combinations have a disturbing but non-permanent effects on human physiology. The system won’t even cause hearing loss without repeated exposure.

Yes, a determined intruder could still get in, perhaps covering his ears, but recall that the intent is not to prevent entry. Rather, the intent is to delay the intruders long enough for staff to seek safety and for assistance to arrive. Like walls and fences you'll need to leave an escape route for staff.

Tags: Tools, Technology

NGO security is really about people... but a few gadgets can't hurt either.

We've all worked in areas where mobile phone coverage is spotty at best. MOGO Wireless has a wireless signal booster for mobile phones that claims to reduce dropped calls and boost signal strength. There is a home version that plugs into the USB port of your laptop and also a mobile version that plugs into the power port in your car. The only down side is it seems they only do 800/1900MHz so globe trotting aid workers might want to wait until other antennas are available.

I've been experimenting with geotagging lately. Its very useful for keeping track of where you took your facility security, post-incident , and other photos. Most systems are still a little kludgey but a friend pointed me to the GPS Photo Finder. Simply carry it around while you take your pictures. Later, put your camera's memory card into the GPS Photo Finder and all the location data is merged with the digital photos. Your photos can then be used GPS compatible photo software or sites such as Google Maps and Flickr.

Better Energy Systems has introduced a couple of new models of their universal solar battery charger known as the Solio. I've used the original model for a couple of years. It comes in really handy for keeping your mobile phone and gadgets charged when you are working in areas without reliable electricity. All of the models are small enough to fit into your field bag. It only takes about four hours of tropical sun to charge fully... longer at more temperate latitudes.

The only thing I don't like about the Solio is having to carry all the little adaptors needed to support my various phones, iPods and other gadgets. Of course that's really not Solio's problem. I pray for the day when gadgets come with standardized ports.

Tags: Mobile Phones, GPS, Tools, Technology, Communications

According to Sunbelt, a security software company, there is a new email scam going around where small non-profit organizations are being targeted by a “Barbara Moratek” of the “Ivete Foundation“. Not only does the email seem to be a scam but Googling either name can take you to sites with fake codec Trojans and other potentially damaging sites. NGOs, especially smaller ones eager for donors, should also be aware of this potential threat.

Go to their site to read the whole post.

Tags: Technology, News, Tips

Two months ago Twitter added the ability to track keywords. Essentially this capability means that whenever someone sends a public update containing the word or phrase you’ve told Twitter to track you’ll receive a copy of the SMS.

Since its introduction I’ve been examining this feature’s potential utility for NGO security officers. I’ve tracked the names of several towns in trouble areas, the term Tsunami, and a variety of other keywords. The effort produced some positive results.

While most of the results were tweets sent by news services there were some other useful messages. On two occasions the messages containing tracked terms tipped me off hours before the issue made the media. On another occasion the issue never even made it to the mainstream media. In each case we were able to take pre-emptive action to reduce our potential risk.

There are caveats however. You get ALL public updates containing the search term, even ones in languages you don’t speak. It’s also surprising how terms are used sometimes. ‘Information Tsunami’ seems to be making its way into the modern lexicon. Apparently Tsunami is also the name of a very popular Sushi restaurant. It must be on the other side of the world from me because people’s lunchtime “enjoying Sushi at Tsunami” messages would arrive in the middle of the night. Needless to say I’m not tracking Tsunami any more.

Tags: SMS, Twitter, NGO Security, Tools, Communications

Earlier I wrote about the new BGAN Explorer 500 we were fielding. Well I’m back from the field and the unit is set up and running so I thought I’d share a few lessons learned and give my revised impressions of the unit.

Lessons Learned

• Ensure you completely set up your account before you go to the field. Some service providers (like ours) want you to log in to their website to activate your account before they’ll allow the BGAN to make a data or voice connection. This is going to be difficult if you are already in the field and have no other reliable connection. I learned that the hard way.
  
  

• Make sure the IT section either removes all proxy settings on the computer you’ll attach to the BGAN or that they give you administrator privileges.
  

• Take lots of extra cable. Ten-meter lengths of CAT 5 and telephone cable, plus a similarly sized outdoor power cable should suffice. This might seem like a lot but if you need to use it from inside a bunker you’ll be glad of the extra length.
  

• Take backup cables. You never know whose dog will decide to chew through them.
  

• It’s also a good idea to have a compass. There is one built in to the unit but it is rather fiddly and, depending on the angle you need to adjust the BGAN to, it can be difficult to read.
  

Impressions

Software:

Both the OS X and Windows versions of the connection software, called LaunchPad, are easy to install and intuitive to use. Tip: Ignore the installation guide and just follow the installer defaults. The documentation doesn’t seem to be current and you’ll end up with files scattered everywhere.

You can also access the BGAN via your regular browser. It gives you the functionality of LaunchPad plus allows you to make more advanced settings. Be warned though, most users it will find it to be a little more intimidating.

Hardware:

The Explorer 500 itself is pretty much ‘bomb proof’. It held up well to baking sun, monsoon rains, bouncing around the back of the truck, the attentions of a flock of hungry chickens, and a curious mutt named Max.

Overall: I’d recommend the Explorer 500 to anyone looking for a rugged, easily deployed voice and data system.

Pros:

Rugged
Portable
Easy to set up

Cons:

Lengthy and confusing documentation
Most NGOs will find it somewhat expensive

Tags: BGAN, Technology, Tools, Communications

John Bell’s post, “Nonprofit Widgets in the Age of OpenSocial” got me thinking about how to use widgets to support advocacy for human security, humanitarian access, and the security of aid workers. I’m not a coder but luckily many websites can help generate widgets based on content selected by the user. The “Selected News” sidebar on this page is an example of such a widget.

The people search engine Spock lets you create similar Flash and JavaScript widgets based on the search results you use. On my Demo page you can see three widgets based on the search terms “death by firearm”, “murdered aid worker” and “murdered journalist”. The content is a little sparse for the last two terms but I’m hoping to work with Spock to change this. These ideas only scratch the surface. How about a widget that rotates images of detained activists... missing persons... great humanitarians,,, kidnapping victims? The possibilities seem endless.

Of course there are other widget options. If you’re looking to do some fundraising organizations like the Network for Good can help you create a custom widget. They call them badges. Beth Kanter used one to help her raise funds to send young Cambodians to university. If you go to her blog and scroll down a little you can see the widget in the sidebar.

If you have any ideas you want to share please leave a comment.

Tags: Technology, Tools, Spock, Advocacy

Disaster relief workers may soon benefit from a new 'smart' suit being developed by I-Garment. The suit is intended to help remedy safety and communications problems faced by fire fighters but I can see its utility for humanitarian disaster response as well.



The suit is intended to address three familiar problems;

1. the unavailability of standard communications means during disasters,
2. the lack of information as to the whereabouts and safety of relief workers during emergency efforts, and
3. the problem of acquiring and distributing timely geospatial data during an emergency.



If one were to combine the suit with CSIRO’s proposed power generating shirts it could even be self powered.

Tags: Tools, Technology, GPS, GIS, Communications

The BGAN Explorer 500 is tiny! That is the first thing that struck me when I unpacked it. In fact it is only about half the size of my MacBook Pro. At 21cm by 21 cm and weighing in at 1.3kg it is truly portable.

For those who might not be aware BGAN stands for Broadband Global Area Network. Essentially it allows Internet and telephone connections via an INMARSAT satellite. The portability of this type of equipment makes it popular amongst journalists, disaster response worker, soldiers, and others working in remote areas or areas where the communications infrastructure has been destroyed.




The Explorer 500 package I received included the following:

• EXPLORER 500 BGAN terminal
  • Battery
  • AC/DC power cable
  • Vehicle accessory power adaptor cable
  • Bluetooth handset
  • Handset charging cable
  • CAT-5 LAN cable
  • USB cable
  • CD-ROMs with software and manual
  • “Quick Guide” and “Getting Started” pamphlets
  

You can connect your laptop to the terminal via USB, Ethernet, or Bluetooth. There are two power jacks, one to charge the terminal itself and one to charge the Bluetooth handset. You can also plug in a regular landline telephone if need be.

My one small quibble with the hardware is with the power cable for charging the USB handset. The terminal end seems quite delicate. I foresee it becoming easily clogged with dust or simply broken off with repeated use.

Software Setup

BGAN LaunchPad software for PCs (Windows XP) is included with the system. Despite the fact that some of the documentation suggests that it is PC only I was able to find a Mac OS X version (and an update) on a hand labelled CD. The documentation also suggests that the system is LINUX compatible but I have no way of testing this so we’ll just have to take their word for it.

Installing the OS X software was a little fiddly. The installer is very Windows like and installed bits and pieces all over the place. Unfortunately where the installer said it was going to install things was not where they were actually installed. When I ran the updater it generated an error that required me to find and open the install log. Come on! If I wanted to do that kind of stuff I’d buy a PC! Luckily the LaunchPad software seems to work fine despite the reported error.

I tried to test the system earlier today without success. Unfortunately the area around my office is cluttered with buildings and trees,not to mention nervous security forces. I wasn't able to get a good line of sight to the satellite so I’ll post more once I suitable open area and really put the system through its paces.

Tags: Tools, Technology, BGAN, Communications

This morning I came across Luis Suarez’s very informative post about micro-blogging in emergencies at elsua.net. His post led me to a great YouTube video by W David Stephenson.


David’s video led me to the American Red Cross’s twitter feed and their