"The real people, the real families behind the information you have now are some of the least powerful in the world. Please do the right thing. Do not share, sell, disclose or use this data," says the head of the International Committee of the Red Cross, Robert Mardini. In January 2022, the NGO he leads announced that it had been hacked two months before by unknown actors and for unknown reasons. Among the data it had lost control of were those of 515,000 people from at least 60 Red Cross and Red Crescent branches around the world.
The hackers were able to penetrate the Swiss-based NGO's network and gain access to its systems by exploiting an unpatched critical vulnerability in an authentication module (CVE-2021-40539).
"Every day, the Red Cross and Red Crescent movement helps to reunite an average of 12 missing people with their families. That's a dozen happy family reunions every day. Cyber attacks like this one put this vital work at risk," said Mardini at the time.
We are very proud to provide the CICR with a secure space where it can carry out research and development work to better protect people affected by armed conflict and violence.
On Thursday, the CICR and Luxembourg’s directorate for development cooperation and humanitarian aid confirmed an information that had leaked on 10 October during the inauguration of the House of cybersecurity: the establishment of a cyberspace office in Luxembourg.
"We are very proud to provide the CICR with a secure space where it can carry out research and development work to better protect people affected by armed conflict and violence," said minister for cooperation and humanitarian action Franz Fayot (LSAP). "I am convinced that the important tech and cyber ecosystem our country has at its disposal will contribute significantly to the CICR’s efforts to achieve this overarching goal."
A manual already in the spotlight
From money transfers through mobile applications, participatory platforms for information exchange, and the provision of connectivity (internet and mobile phones) to digital services that help protect personal data or facilitate the search for a missing relative, technology has profoundly changed the way authorities communicate and interact with people affected by armed conflict.
"Our main objective is to ensure that digital technologies do not expose people to additional risks and that assistance programmes based on these technologies actually improve the situation of people affected by armed conflict," said the CICR’s director of operations, Martin Schüepp. "This new office will focus on promoting technical solutions that are in line with our fundamental principles of neutrality, impartiality, independence and humanity, and that can be safely deployed in digital space."
The CICR was already very involved in these issues. During Cybersecurity Week at LuxExpo the Box, a team came to present what they are doing, such as the "handbook on data protection in humanitarian aid".
This story was first published in French on Paperjam. It has been translated and edited for Delano.