Digital forensics


Our digital forensics investigations focus on Internet censorship, targeted malware, disinformation campaigns, election fraud,  digital attacks against media sites, and other digital threats against a free and open Internet.

We collaborate with independent media and investigative journalists to validate and enrich their stories with digital forensics. Qurium also assists with media dissemination so that the stories reaches a wider public beyond local media. Several of our media partners have been awarded for their work in investigative journalism:

  1. Kloop Media, Kyrgyzstan, Global Investigative Journalism Network (Best Investigative Stories from the Former Soviet Union — 2017)
  2. Azadliq.info, Azerbaijan, Guardian Journalism Award winner (2014)
  3. Premium Times Nigeria, Nigeria, Pulitzer Prize, as a part of the Panama Papers Investigation (2017)

This page includes all forensic reports that have been released to the public.  For full reports including media coverage, please see respective country page.

Afghanistan

[Dec 2019] Investigative reporting from Etilaat Rooz under ddos

Azerbaijan

[Mar 2020] Targeted sophisticated phishing attacks against dissidents in Azerbaijan is trending
[Feb 2020] Finding “man”, the phisher of journalists in Azerbaijan
[Jan 2020] Fishing fishers in Azerbaijan
[Dec 2019] Find Face and Internet blocking in Azerbaijan
[Oct 2019] Fineproxy used to launch DDoS attack against site critical of Azerbaijani state oil company’s leader
[Jul 2019] DDOS: the inconvenient business visitor of Name.com
[Apr 2019] Media websites from Azerbaijan under DDOS
[Jan 2019] SUS-759: Sandvine and Internet blocking in Azerbaijan
[Jan 2019] Political motivated attacks against azadliq.info
[Aug 2018] Azerbaijan and the fineproxy DIY DDOS service (Region40/QualityNetwork)
[Apr 2018] Corruption, censorship and deep packet inspection
[Jan 2018] Digital attacks against media reporting on SOCAR
[Apr 2017] Deep Packet Inspection and Internet censorship in Azerbaijan
[Mar 2017] News media websites attacked from Governmental Infrastructure in Azerbaijan
[Dec 2016] How Azerbaijan is trying to block main opposition media news

Belarus

[Sept 2020] Internet blocking in Belarus

Colombia

[Aug 2020] La Nueva Prensa under DDoS attack after publishing “Operación Jaque” documentary
[Nov 2019] Kontacto and Translife
[Oct 2019] Kontacto – an insecure mobile app to track voters in Colombia
[Oct 2019] Kontacto’s lack of security exposed data from 55.000 people
[Nov 2019] Fake news and the Kontacto troll army

Cuba

[Jun 2020] Internet blocking in Cuba – “Silencing dissents in the name of moral and good manners”

Congo (DRC)

[Jan 2019] Democratic Republic of Congo shutdowns the Internet after Elections

Egypt

[Sept 2020] How operators use Sandvine to block independent media in Egypt

El Salvador

[Mar 2020] DDoS attacks against Salvadoran “Revista Factum” in El Salvador attributed to University infrastructure 

France

[May 2017] #MacronGate, tracing the source of the Macron offshore papers
[May 2017] The disturbing role of social media during the Champs-Elysées attack

Iran

[Feb 2018] PART 3: Fake mobile apps in Iran, Fraud, Phishing and Users at risk
[Feb 2018]  PART 2: Fake mobile apps in Iran, – when spyware and click fraud can put millions of unaware users at risk
[Jan 2018] PART 1: Tracking Mobile Spyware during the Telegram blocking in Iran

Jordan

[Mar 2018] Internet blocking in Jordan

Kazakhstan

[Sep 2019] Collateral blocking in Kazakhstan traced back to illegal prostitution ring
[Jul 2019] Kazakhstan impose users to install government controlled certificate – FAQ

Kyrgyzstan

[Dec 2019] Fake newspaper announces the involvement of journalists of Radio Liberty in the killing of Saimaitu Airken
[Nov 2019] Kloop and OCCRP’s report “Public land, private hands” under DDoS
[Dec 2017] Infocom unprovisions the Samara technical setup days before the Press Conference
[Dec 2017] Samara press conference
[Nov 2017]  SRS caught in denial

[Oct – Dec 2017] Elections in Kyrgyzstan 2017, Exposing Samara, a fraudulent voter management system

Mexico

Myanmar

[Sept 2020] My Ooredoo Myanmar. Insecure communications
[Aug 2020] Internet blocking in Myanmar – Secret block list and no means to appeal
[Jan 2017] Unrest in Myanmar

Nigeria

[Mar 2020] Cyberattack against Premium Times Nigeria attributed to “student” at the Federal University of Technology, Akure

Philippines

[May 2020] Attacks against websites in the Philippines during Covid-19
[Apr 2019] What is hosted at the Suniway network?
[Mar 2019] Attributing the attacks against media and human rights websites in the Philippines
[Jan 2019] Alternative news agency from Philippines “Bulatlat” under denial of service attack

South Sudan

[Aug 2020] “Sudans Post” gets blocked after receiving personal threats from NSS – transcript revealed

Spain

[Oct 2018] One year after denial of service against registremeses.com
[Oct 2017] Evidence of Internet Censorship during Catalonia’s Independence Referendum
[Oct 2017] Blocking techniques Catalunya

Sri Lanka

[Aug 2020] Colombo Telegraph blocked by Dialog Axiata

Togo

[Apr 2020] Togolese investigative media “The Confidential Report” blocked by authorities

Turkmenistan

[Sep 2019] Turkmenistan blocks Google’s cloud storage
[Jul 2019] Turkmenistan and their Golden DPI

Uzbekistan

Vietnam

[Jul 2018] DDOS against luatkhoa.org and thevietnamese.org
[Jun 2018] DNS tampering in Vietnam

Zimbabwe

[Aug 2018] The cyber attack against the Zimbabwe Electoral Commission