Can Dündar: The Turkish Journalist Who Met His Killer — A Case Study in Press Freedom and Exile
December 25, 2025
Bearing Witness Under Fire: The TJC Project’s Global Documentation of Attacks on Journalists in 2025
December 28, 2025
This research-oriented article examines the work of a specialised cybersecurity incident response team that investigates suspected spyware attacks on journalists, human rights defenders, and activists worldwide. The piece focuses on the Digital Security Helpline operated by Access Now, a nonprofit organisation that provides expert support to individuals and civil society organisations targeted by sophisticated government spyware. These spyware campaigns, typically developed by private vendors and deployed by state actors, pose serious threats to press freedom, privacy, and civil liberties globally.
Background and Context
Government spyware — such as that produced by commercial cyber-arms vendors like NSO Group, Intellexa, and Paragon — is marketed for lawful surveillance of serious criminals or national security threats, but independent investigations have repeatedly shown its misuse against journalists, dissidents, and civil society figures. For example, Citizen Lab research documented spyware infections on the devices of major investigative journalists, leading to diplomatic fallout and policy debates.
Within this broader context of digital suppression, Access Now’s Digital Security Helpline serves as a frontline defence. Formed over a decade ago, the helpline comprises roughly a dozen digital security experts spread across different regions, including Costa Rica, Tunisia, and the Philippines, offering 24/7 support for suspected spyware incidents.
Methodology and Operations
The helpline operates through a multi-stage investigative process:
- Initial Screening: Victims — often alerted by in-device notifications (e.g., from Apple) — contact the helpline with signs of potential intrusion.
- Triage and Assessment: Experts conduct remote checks on suspected devices, determining whether activity suggests intrusion by known spyware exploits.
- Verification and Reporting: For confirmed cases, detailed digital forensic analysis identifies traces of specific spyware tools and possible vectors, documenting findings that can assist victims and inform broader research.
According to helpline leadership, the team screens around 1,000 suspected incidents annually, with approximately half advancing to deeper investigation and about 5% resulting in confirmed spyware compromise.
Findings and Patterns
The prevalence of government spyware targeting the press and civil society highlights several key patterns:
- State actors increasingly deploy commercial spyware beyond stated legal mandates, often violating privacy and rights norms.
- Notifications from technology platforms (such as Apple’s threat alerts) have become vital triggers for independent investigation, enabling early detection of sophisticated breach attempts.
- Collaborations between nonprofit responders and digital rights research bodies (e.g., Citizen Lab) enhance detection and public accountability.
Implications and Policy Considerations
The rise of spyware targeting journalists underscores pressing policy challenges:
- Regulatory frameworks lag behind technology deployment, often failing to curb misuse of surveillance tools.
- International standards for spyware use and transparency are insufficient, exposing civil society to unchecked digital intrusion.
- The model represented by Access Now’s helpline suggests that multilingual, globally distributed expert networks can help mitigate harms but also reveals gaps in state-led accountability and protection mechanisms.
Conclusion
The article highlights the critical role played by specialised incident response teams in defending journalists and activists against state-linked spyware — a domain where misuse intersects with violations of press freedom, privacy, and human rights. As spyware usage proliferates and becomes more opaque, the Digital Security Helpline’s work represents a key research and response model for safeguarding digital rights, emphasizing the need for expanded detection, legal reform, and international cooperation.
Reference –
Meet the team that investigates when journalists and activists get hacked with government spyware