Digital Safety: Syrian Reflections after the Earthquake

When a magnitude-7.8 earthquake struck millions in the Syria-Turkey border region, SalamaTech helped survivors avoid being re-victimized online. Their experience offers insights for anyone promoting digital safety in a crisis.

The SalamaTech team understands crisis. Twelve years ago, this group of Syrian community workers and trainers was born out of crisis. Specifically: to help vulnerable people navigate a digital crackdown after the Arab Spring. Since then, they’ve grown into delivering more proactive digital safety awareness and capacity-building—especially for women and youth. But when emergencies happen in Syria, SalamaTech team members are still the ones you want on your side.

Recently, we connected with “Nada,” a longtime member of the SalamaTech team. (By convention, team members remain anonymous.) She had much to share about how people are navigating digital challenges in the wake of February’s earthquake. Nada also shared insights that team members have gained through the experience—about strengthening people’s digital resilience, in and out of crisis. We wanted to share a few takeaways.

#1: Never underestimate your field team

On February 6, 2023, a massive earthquake shattered a year-long sense of relative calm that had settled over a fractured Syria. Across the northern region and southeastern Turkey, the human cost was enormous: 55,000 dead, 130,000 injured and millions displaced from their homes. This unimaginable damage exacerbated already-challenging conditions for Syrians in the north, many of whom were already displaced by conflict.

While several SalamaTech First Responders lost their own homes, they didn’t stop working. Most joined searches for survivors and provided assistance in their communities. Days in, they also resumed efforts to help people stay safe online. In the first quarter of this year alone, the broader SalamaTech team handled more than 600 emergency and technical support calls—and engaged nearly 1,300 people in training and awareness sessions. Northern-based team members, in particular, found creative ways to get their digital-safety message out.

A group of women gathers around an outreach worker in a tent at a northern Syrian refugee camp.

A Community Outreach Advisor offers digital safety advice to internally displaced Syrians.

One inspiring example played out inside the tents of the Barisha refugee camp. This is a closed community housing mostly widows and children. Public activities and outsiders are tightly restricted. That’s why SalamaTech had already helped 11 local volunteer Community Outreach Ambassadors equip themselves to offer digital-safety support. So when the quake struck and Barisha’s ranks swelled to 1,800, they were able to mobilize quickly (with refreshers and encouragement from SalamaTech). Already by the end of March, 594 Barisha residents had participated in ambassador-led awareness sessions. These were small-group sessions that focused on account/device security and the latest digital scams, and we believe they helped forestall significant digital harm.

Again, all of this is being driven by frontline workers and volunteers who themselves are facing personal crises. It’s a good reminder: Never underestimate your field team. 

#2: Offline crisis inflames (and illustrates) online risk

Does it sound odd to be targeting digital threats in the wake of a physical disaster? That’s a common and natural reaction. But in northern Syria, this digital-safety work has been vital. And SalamaTech First Responders say the experience has been a potent refresher in how offline crises inflame familiar online risks—with real-world consequences.

Risk multiplier 1: Many people lose physical control of their devices. They lose them in the quake’s rubble and in the disarray that follows. And when they do, the consequences of poorly-protected devices—starting with absent or weak passwords—become endemic. Tech-savvy looters seek out still-working devices in ruins. The team also noted a surge of phones for sale in online buy-and-sell groups. Now they are working with victims of follow-on digital harms. Especially women who’ve had their private photos shared publicly, or who face threats from blackmailers.

Risk multiplier 2: People adopt unsafe digital behaviours. We can expect two things to happen in crises like this. First, connectivity becomes precarious: People lose devices, or they struggle to find power to charge them, or they lose access to known Internet networks. At the same time, demand for connectivity skyrockets: People want to connect with family, track missing loved ones, find help with food and housing, and so on. That disjoint—of availability versus demand for connection—can drive people to act out of character. For instance, many users connected to impromptu wi-fi hotspots that the team believes were set up to “sniff” account credentials as users enter them (for malicious use later).

More post-quake examples:

A young woman purchases a used mobile device from a street retailer. It comes preloaded with malware that shares her photo stream with a hacker—who later tries to blackmail her.
A mother sees a Telegram post offering help locating loved ones. She clicks the included link and completes the “registration form” with deeply personal and exploitable information.
A teenager uses “webmail” to check his email using a stranger’s device (his own was lost)—and forgets to log out. Later, he sees signs that someone has sent emails impersonating him.
A woman leaves her phone charging at a public power outlet, with no password set. Later, she learns that someone has installed data-scraping malware on her device.

Risk multiplier 3: People underestimate their vulnerability. Some victims say they were shocked to be targeted in times like these. On the streets and in camps, people spoke of a spirit of post-quake camaraderie, even among strangers. Naturally, many let their guard down. How could a cybercriminal strike now? Because that is what they always do: they strike the most vulnerable people, when they are most vulnerable. This is why The SecDev Foundation exists: to support digital resilience among at-risk populations. Crises only underline the burning need for this work.

A father and two kids sit amid the rubble.

Pausing to rest in the rubble of the devastating February 2023 earthquake, northern Syria. (Photo: Mohammad Bash / Shutterstock.)

#3: Crisis fosters “information havoc”

In the quake’s aftermath, SalamaTech First Responders identified two leading digital-safety threats: malicious scams and misinformation. The scams were mostly phishing campaigns spread through social media and messaging apps. They enticed people with promises of what they needed most: food, shelter, safety information, or help finding loved ones. Some scams invited users to pay deposits or overshare personal information through online forms. Others lured people to visit websites to learn more—websites that quietly installed malware on their devices.

On social media, the team also witnessed a rapid spread of mis/disinformation about the earthquake’s causes and the response. There were wild predictions of follow-on events: new quakes, floods and even tsunamis. Facebook accounts impersonating well-known scientists and psychics appeared to confirm the worst. In at least one case, looters moved into an area abandoned by residents fearing floodwaters. Other fake news deepened the panic, including photos of an exploding nuclear power plant in Turkey (where no operating plants exist).

Amid this generalized fear, other fake news stoked social and ethnic divisions. For instance: false reports of Syrians being denied medical help in Turkey and dropped at the Syrian border—and conversely, fake reports of Syrians carrying out violent attacks in Turkey. Or outlandish rumours that the quake was an engineered attack by one group against another (or alternatively, a U.S. military experiment gone awry).

In short, the SalamaTech team says the region entered a period of “information havoc,” further destabilizing people’s lives. We see this often in crisis contexts. But the team reminds us that this is not a wholly distinct, short-term phenomenon. Crises offer us a special view on how misinformation is created, reproduced and validated through communities of trust—only much faster, because guards are low and stakes are high.

#4: Digital resilience is the key

Since the quake, SalamaTech team members have been busy. Busy delivering emergency response to people and civil society organizations who’ve seen their devices or accounts compromised. Busy publishing digital-safety advice and alerts on the latest digital scams. They have also worked with Meta to shut down fake Facebook and Instagram accounts spreading misinformation. Increasingly, Meta has been approaching SalamaTech proactively for help tracking suspected misinformation and malicious accounts targeting Syrians.

Screenshot of a Feb 10, 2023, digital-safety alert on SalamaTech's Facebook Page.

SalamaTech shared many online safety alerts after the quake, like this one on using public Internet networks safely.

At the same time, the team has continued to deliver digital-awareness and training sessions on the ground. They have often done that very creatively, including by supporting Community Outreach Advisors in refugee camps like Barisha. Similarly, a small but growing “YouthTech” team has taken the lead in countering online misinformation. This is a group of young ambassadors who’ve completed digital-safety and training-of-trainers programs—and who are working to boost digital resilience among other young people.

This kind of long-term capacity-building feels more urgent than ever. According to team members, this may be the biggest takeaway from these tough months. When they step up with emergency response, very often real damage has already played out: digital assets lost; identities stolen; extortion underway. That’s always been true, but the flood of cases in a crisis drives it home. The key to protecting people from digital harm is to help them strengthen their digital resilience: the knowledge, skills and habits that keep them safe.

Last thoughts…

For SalamaTech’s Nada, the earthquake experience validates a basic shift that the team was already making. Simply put, they have increasingly focussed on the direct link between digital misinformation and digital safety. There’s always a place for showing people how to secure their devices, adopt strong authentication, use VPNs, and so on. But to stay ahead of emerging threats—and certainly disasters—people need to learn how to verify information. And they need to do that before they click, share, comment or act on what they see online.  This alone will protect people and civil society actors from the vast majority of threats that lie waiting to derail them.

It seems that every natural or humanitarian disaster spawns a period of reflection: How can we be better prepared next time? The SalamaTech team shares that focus on preparedness. Only they are not solely focused on preparing for the next crisis. The team works in a civic space fractured by years of conflict, deprivation and territorial division. Their mission is to help peaceful citizens prepare to take advantage of new opportunities—safely and effectively—to build a digital civic space that reaches across these boundaries. And the work goes on.

People were so scared, checking online for earthquake predictions. Civil society groups were providing psychological support to families in states of panic—and they asked us to help verify the news they were seeing online … A grandmother surrounded by three small grandchildren held my hand and led me to a group of people in the shelter, asking me to repeat what I’d explained to her. At that moment, I realized that my work on misinformation is also emergency response. [From a YouthTech team member]

SalamaTech logoAbout SalamaTech

With Foundation support, this self-organizing team of tech-savvy community workers promotes digital safety across the Syrian region. Since 2012, they’ve been supporting at-risk people and civil society organizations through training, technical support, emergency response, audits and public awareness campaigns.

Learn more about SalamaTech.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other