Cyber Incident Victim: FH Graubünden
Date:
Feb 2023
Location:
Switzerland
Summary
A cyberattack targeted a research project website focused on analyzing online hate images shortly after its public launch, disrupting the citizen contribution system essential for data collection. The attack rendered the site inoperable for nearly three days before IT experts successfully removed the malware and restored functionality. No personal or sensitive data was compromised due to segregated storage and preventive security measures isolating the affected platform from protected research data repositories. While attribution remains unconfirmed, the timing and nature of the attack suggest an intent to undermine the project's objective of combating digital hate, aligning with prior disruptions during the initiative's promotional events. The research team emphasized continued public participation in submitting hate imagery anonymously for analysis despite the temporary technical interference.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident targeting the 'Ein Bild verletzt mehr als 1000 Worte' (Hassbilder-verletzen) research project occurred shortly after its public launch in early February 2023. The project, a collaboration between FH Graubünden and the University of Freiburg and funded by the Swiss Federal Office of Communications (BAKOM), aimed to collect hate images from online platforms through citizen scientist contributions via its website hassbilder-verletzen.ch. On February 3, 2023, the project held a hybrid media conference to announce its campaign, which was disrupted by an online troll, foreshadowing subsequent attacks. Within days of the campaign's official launch, attackers deployed malware that compromised the project website, specifically disrupting its image upload functionality – the core mechanism for public contributions. The malware remained active for 58 hours before IT security experts successfully eradicated it, restoring full website operations by approximately February 5. No personal data or research materials were compromised during the incident, as contributor information and previously donated images were stored on separate, secured platforms unaffected by the attack.
The attack exclusively targeted the primary project website, preventing new image submissions but leaving backend research data intact due to deliberate architectural segregation. Forensic analysis confirmed the malware's limited scope, with no evidence of lateral movement to other systems. While attribution remains unconfirmed, project leadership suggested the attack aligned with opposition to their mission of analyzing and combating online hate speech. Response efforts focused on malware removal and system hardening, requiring nearly three days of continuous work by cybersecurity specialists. The incident occurred during the critical initial phase of the month-long public contribution window (February 3 - March 5, 2023), temporarily impeding data collection but not compromising existing research materials. Project operations fully resumed following remediation, with continued public calls for image submissions through the original campaign timeline.