Cyber attacks increasing against civil society in Azerbaijan ahead of election

On February 5, Azerbaijan’s president Ilham Aliyev announced that presidential elections previously scheduled for October 2018 will now be held on April 11. With only eight weeks to organize, civil society, international observers, and political opposition parties have raised concerns that this move undermines the democratic process in Azerbaijan and limits the possibility of free and fair elections.

In the lead-up to this announcement, Access Now’s Digital Security Helpline — a 24/7 global resource providing direct technical support for at-risk individuals and organizations — has observed a spike in the number of attacks on civil society in Azerbaijan.

While this increase in attacks appears to correspond with activists’ participation in the election, it is important to note that the Digital Security Helpline first began to see the spike in December, well before President Aliyev announced the rescheduled elections. This suggests the authorities knew they were going to call for a surprise election and were suppressing their opponents before that announcement was made, taking political opposition and independent media by surprise.

Since the crackdown began, independent media outlets have suffered ongoing attacks on their online assets. This prevents them from reporting vital information ahead of the election, and also spreads uncertainty about the veracity of independent media reports.

Our Helpline team has been responding to a series of attacks targeting admins of prominent Facebook pages, particularly those who have criticized the timing of the elections. Once the attackers have access to the page via the admin’s account, they are able to remove the page from public view, block its followers, and delete its posts. Even after a page’s owners have regained control, it is very difficult for them to restore followers and content that were lost during the attack.

We do not yet know all the techniques by which these accounts are being hacked, but it could be linked to the previously identified phishing campaign targeting Azerbaijani civil society members. In other cases, we have seen direct denial of service (DDoS) attacks attempting to overwhelm websites and take them offline, and reports of false copyright claims to YouTube to have content removed. Azerbaijan’s Ministry of Internal Affairs is also known to have previously purchased spyware technology, which has been used by governments around the world to surveil activists and journalists.

In order to mitigate such attacks, Azerbaijani activists need to harden their social media security. We recommend enabling two-factor authentication on all accounts and accessing them from secure devices. Social media account owners — particularly Facebook page admins — should also review who has access to the page or account and reduce any unneeded privileges. To mitigate the risk of DDoS attacks, media and civil society websites can use protection services like CloudFlare’s Project Galileo or Deflect.

Our Helpline remains available before and during the election to help civil society actors in Azerbaijan respond to any further incidents and take preventative measures to improve their digital security. Our team is available 24/7 at help[@]

Photo source: