Report an incident
Report an incident


What is CERT Polska, and what is its mission?

CERT Polska is a part of NASK (Research and Academic Computer Network) – a research institute that operates the .pl TLD registry and offers a range of advanced telecom services. CERT Polska is the first CSIRT established in Poland. Since its inception in 1996, thanks to dynamic activity in the CERT/CSIRT community, the team has become a recognized and experienced player in the field of computer security. The core activities provided by CERT Polska include incident handling and cooperation with similar units around the world, both in operational areas and research and development. CERT Polska is a member of various international forums and working groups, including FIRST (since 1998), TF-CSIRT (since 2000), and APWG (since 2010). In 2005, CERT Polska started a forum for the Polish abuse incident handling teams – Abuse Forum.

How is CERT Polska supported?

CERT Polska team is a part of NASK research institute and thus is financed by NASK.

Are you hiring?

Yes! We are looking for people passionate about information security, reverse engineering, and fighting Internet crime. Current offers are available on our page. The page is available only in Polish since you need to have Polish citizenship to be eligible.

What is the relationship between CERT Polska and CERT and CERT/CC?

We are not a Polish chapter of CERT or CERT/CC. However, we cooperate through FIRST (Forum of Incidents and Security Teams).

How are incident reports are used?

All data related to the incident reported to us are suitably protected physically and technically. Without the owner's explicit consent, the information is not passed to any third party, and only the necessary information to pursue the threat investigation is passed.

Additionally, the data will be used, along with other threat data, to create statistical reports. Those reports do not give out identifying details of specific incidents.

How do I report an incident?

Please use the incident report form and state your name, surname, phone number, and email address, then supply the incident description. Please also choose the incident classification and, if possible, system logs relevant to the incident.

Should I report attacks coming from abroad?

Definitely, we are involved in broad international cooperation that makes it possible for us to handle attacks on an international scale.

What kind of incidents should be reported?

CERT Polska deals with incidents and threats originating or aiming at systems in the .pl domain or connected to NASK's or other Polish Internet provider's network. Every documented attempt of Internet abuse is taken very seriously. Specifically, we handle the following types of incidents:

How much does it cost to report an incident and get it handled?

It is free, but due to the huge caseload of our analysts, the incidents are handled on a best-effort basis.

Will I get a case report of my reported incident?

CERT Polska does not inform the reporter about the case progress. We pursue further inquiry if we need more information about the incident.

If the case is passed to another team in Poland or abroad, we assume it is solved on our side as long as we do not observe further incidents related to the threat. Please note that our lack of response should not be considered dropping the ball on our side; for most cases, it is the contrary — the information we have received is enough to pursue the threat. But if the attacks or threats persist, feel free to contact us again.

Should I report Internet crime or threats to law enforcement?

Practically all Internet threats are crimes according to Polish law or laws in most countries. In the Polish law code, it is usually Articles 267, 268, 269, and 287 of the criminal code. Those crimes are not prosecuted ex officio, so they have to be reported to law enforcement for the investigation and private prosecution to begin.

That's the reason we encourage you to report Internet crime to the Police. Please contact your local law enforcement to proceed. If you have already reported the incident to CERT Polska, please include that information in your statement. We can help law enforcement with investigating the crime and identifying the perpetrator.

I've received an email with an attached document that I do not know anything about. Should I click it?

Never click such attachments or links!

It is probably a malware installer (we call them droppers) or a link to a page that will infect your computer with malware that will be later used to hurt you. You can save such an email with the attachment and full headers and send it to us for analysis. Such samples help us in fighting malware.

How to secure my PC?

Enable automatic updates for the system, enable and configure the firewall, get an antivirus program, update the installed software when updates are available. No matter what system runs on the device, do not install and run any software coming from unknown sources.

Where to get system updates?

Security updates are usually made available by the system update mechanism, be it Windows Update or mobile operating systems update notifications for the system itself or the apps. Updating the system as updates become available makes the system more secure.