FAQ

What is CERT Polska and what is its mission?

CERT Polska is a part of NASK (Research and Academic Computer Network) – a research institute that also operates the .pl TLD registry and offers a range of advanced telecom services. CERT Polska is the first CSIRT established in Poland. Since its inception in 1996, thanks to a dynamic activity in the CERT/CSIRT community, the team has become a recognized and experienced player in the field of computer security. The core activities provided by CERT Polska include incident handling and cooperation with similar units around the world, both in operational fields and research and development. CERT Polska is a member of various international forums and working groups, including FIRST (since 1998), TF-CSIRT (since 2000) and APWG (since 2010). In 2005, CERT Polska started a forum for the Polish abuse incident handling teams – Abuse Forum.

How is CERT Polska supported?

CERT Polska team is a part of NASK research institute and thus is financed by NASK.

Are you hiring?

Yes! We are looking for people passionate about information security, reverse engineering and fighting Internet crime. Current offers are avaliable on our page. The page is avaliable only in Polish, since you need to have Polish citizenship to be eligible.

What is the relationship between CERT Polska and CERT and CERT/CC?

We are not a Polish chapter of CERT or CERT/CC. We cooperate through FIRST (Forum of Incidents and Security Teams), though.

How do incident reports are used?

All data related to the incident reported to us, are suitably protected physically and technically. Without the explicit consent of the owner, the information is not passed to any third party, and only the information required to pursue the threat investigation is passed.

Additionally, the data will be used, along with other threat data, to create statistical reports. Those reports do not give out identifying details of specific incidents. You can access those reports on our publications page.

How much do CERT Polska services cost?

It is free, but due to limited resources we cannot handle everything. But we strive to provide basic level of service for everyone.

Could CERT Polska help with securing my IT infrastructure?

We don’t provide such services, but our mothership company, NASK, does. Please contact Customer Service Center at NASK for a quote.

How to report an incident?

Please use the incident report form and state your name and surname, phone number and email address, then please supply incident description. Please also choose incident classification and if possible, system logs relevant to the incident.

Should I report attacks coming from abroad?

Definitely. We are involved in wide international cooperation that makes it possible for us to handle attacks on international scale.

What kind of incidents should be reported?

CERT Polska deals with incidents and threats originating or aiming at systems in the .pl domain or connected to NASK’s or other Polish Internet provider’s network. Every documented attempt of Internet abuse is taken very seriously. Specifically we handle the following types of incidents:

port scans,
spam going through Polish servers,
DoS and DDoS attacks,
break-ins and hacks.

How much does it cost to report an incident and get it handled?

It is free, but due to huge caseload of our analysts, the incidents are handled on a best-effort basis.

Will I get a case report of my reported incident?

CERT Polska does not inform the reporter about the case progress. We pursue further enquiry if we need more information about the incident.

If the case is passed to an another team in Poland or abroad, we assume it is solved on our side as long as we do not observe further incidents related to the threat. Thus please note that our lack of response should not be considered dropping the ball on our side, for most cases it is the contrary — that the information we have received is enough to pursue the threat. But if the attacks or threat persist, feel free to contact us again.

Should I report Internet crime or threat to the law enforcement?

Practically all Internet threats are crimes according to Polish law, or laws in most countries. For Polish law code, it is usually Articles 267, 268, 269 and 287 of the criminal code. Those crimes are not prosecued ex officio so they have to be repotred to law enforcement for the investigation and private prosecution to begin.

Thats’s the reason we encourage you to report Internet crime to the Police. Please contact your local law enforcement to proceed. If you have already reported the incident to CERT Polska, please include that information in your statement. We can help law enformcement with investigating the crime and identifying the perpetrator.

In my inbox there is an e-mail with a attached document that I do not know anything about, should I click it?

Never click such attachments or links!

It is probably a malware installer (we call them droppers) or a link to a page that will infect your computer with malware that will be later used to hurt you. You can save such an email, with the attachment and full headers, and send it to us for analysis. Such samples help us in fighting malware.

How to secure my PC?

Enable automatic updates for the system, enable and configure the firewall, get an ativirus program, update the installed software when updates are avaliable. If the computer runs Windows 7 or later, Microsoft EMET software offers protection against malware exploiting the system.

No matter what the system is running on the device, do not install and run software coming from suspicious sources.

Where to get system updates?

Security updates are usually made avaliable by the system update mechanism, be it Windows Update or mobile operating systems update notifications for the system itself or for the apps. Updating the system as updates become avaliable makes the system more secure.