Danomyte - Stock.Adobe.com

Black Lives Matter activists targeted by cyber attacks

Civil liberties organisations are being targeted by far-right trolls as protests over the murder of George Floyd spread worldwide

Organisations advocating for racial justice and civil liberties are coming under frequent and sustained cyber attack by undisclosed groups of trolls, cyber criminals and other threat actors, according to statistics gathered by network protection service Cloudflare.

As protests prompted by the murder of George Floyd, an unarmed black man, at the hands of Minneapolis police officers on 25 May 2020 spread around the US and the world, groups such as Black Lives Matter (BLM), the American Civil Liberties Union (ACLU) and the National Association for the Advancement of Colored People (NAACP) have been working overtime, and the increased prominence of such organisations during the global protests has undoubtedly made them a target for cyber attack. 

Cloudflare said it had indeed seen increasing levels of cyber attacks against many organisations fighting racism – numbering in the tens of billions – compared with the corresponding week in April.

It has a number of such public interest groups on its books, and supports those that may be at risk of cyber attack but not necessarily able to afford full-service cyber security protection through its Project Galileo service, which was set up in 2014 in the face of a trend of disproportionate attacks against those advocating for marginalised groups, political dissidents, artistic groups and humanitarian organisations.

Cloudflare’s CEO and co-founder, Matthew Prince, and chief technology officer (CTO), John Graham-Cumming, said that on the weekend of 25 and 26 April, Cloudflare blocked 116,317,347,341 HTTP requests either performing distributed denial-of-service (DDoS) attacks or breaking into websites, apps or application programming interfaces (APIs), which works out at 670,000 a second – more than 10 times the number of searches performed on Google every second.

However, on the weekend of 30 and 31 May, Cloudflare blocked 135,535,554,303 HTTP requests, a 17% month-on-month increase, or 110,000 additional blocked requests every second.

A DDoS attack is designed to take its target offline by bombarding its server, website or other network resource with connection requests or malformed packets, forcing it to slow down or crash altogether, thereby denying service to legitimate users.

“Digging into the categories of internet properties that were attacked, we see a striking difference between the two weekends in April and May. The category with the biggest increase in cyber attacks was advocacy groups, with a staggering increase of 1,120 times,” wrote Prince and Graham-Cumming in a blog post disclosing their findings.

“In fact, those groups went from having almost no attacks at all in April, to attacks peaking at 20,000 requests per second on a single site.

“One particular attacker, likely using a hacked server in France, was especially persistent and kept up an attack hitting an advocacy group continuously for over a day. We blocked those malicious HTTP requests and kept the site online,” they wrote.

Cloudflare did not identify any specific groups that might be attacking advocacy organisations, but some of the attacks will very likely have been organised by small-time internet trolls with links to the far right. It is also possible that some of the activity could have been orchestrated by nation state-backed threat actors in China or Russia seeking an opportunity to destabilise the US still further.

“The whole Cloudflare community is deeply disturbed by the murder of George Floyd, and the shocking images of racial injustice playing out,” said Cloudflare.

“We have been listening carefully to those who have taken to the streets in protest to demand justice and an end to structural racism and believe that their powerful stories can serve as catalysts for real change. But that requires them to be heard. Unfortunately, if recent history is any guide, those who speak out against oppression will continue to face cyber attacks that attempt to silence them.

“Cloudflare remains committed to making sure they can continue to function in the face of these attacks, regardless of their resources or the size of the attack,” said the firm.

Other attackers, possibly including hacktivists acting in support of the protesters, have also been hitting the websites of government agencies, police and fire departments, which have almost doubled, and the US military, which has seen attacks treble in the past few weeks.

Reflecting the global outrage provoked by the murder of George Floyd, recent days have also seen more unlikely groups getting involved in online activism, including K-pop fans who have flooded alt right hashtags on social media with videos and gifs of bands such as BTS in an attempt to drown out hate speech.

Read more about technology and activism

Read more on Hackers and cybercrime prevention

Data Center
Data Management