Publisher: APCNews 04 June 2016
In August 2015, a series of DDoS attacks that lasted for weeks targeted reproductive rights organisations in the United States. Websites including those of the National Network of Abortion Funds were inaccessible for mere hours due to the diligence and outspoken support of May First/People Link (MFPL), an internet service provider (ISP) for the progressive left in the US and Mexico. The attacks failed to silence the speech of reproductive rights advocates and so the attackers began directly attacking the MFPL network. This diverted MFPL’s volunteer labour and financial resources for several weeks.
These attacks demonstrate the gravity and potential damage of politically motivated DDoS attacks, not only for access to reproductive rights information and resources for vulnerable communities, but for the entire progressive left.
Jamie McClelland, MFPL Leadership Committee member, explains, “The targeting of our website means that these people are not just focusing on the issue of abortion or trying to repress communication about it, but punishing an organisation that allows that communication. This isn’t about choice specifically, this is about May First/People Link and, because of who we are, it’s about an entire movement in two countries.”
For this reason, MFPL is behind Deflect, along with many of its members. The Deflect project from eQualit.ie protects websites from DDoS. It records, analyses and reports on the attacks on a weekly basis through the Deflect Labs DDoS analytic project.
Motives are inferred while attackers stay hidden
DDoS, or distributed denial of service attacks, are an increasingly popular tactic that computer-wielding hacktivists employ to overwhelm servers with successive requests for content. This effectively disables targeted websites. These attacks allow political messages to be derailed while guaranteeing the anonymity of the clandestine perpetrators.
There is an ongoing debate about whether DDoS attacks are a legitimate form of social protest. The attacks currently originate from both the left, such as Anonymous, and the right, examples of which are by far more common.
A DDoS attack overloads the server with requests for a webpage, for example, thereby slowing down the website or even preventing the site from loading at all. Services running on the same server as the website, such as email, may also be impacted. Networks of computers, or botnets, are usually carrying out the huge number of server requests. Botnets are an army of computers that work together to deploy malicious attacks with virtual anonymity. An unsuspecting computer joins the botnet via malware, often through social engineering like click-bait, or unfiltered email attachments. Botnets are then controlled by a user who can rent or sell their deployment to anyone. A single attack can be launched for as little as USD 150, while the budgets for government backlash online can be quite staggering.
Notable politically motivated DDoS attacks
Among the notable recent victims of major DDoS attacks are campaign workers, reproductive rights advocates, and revolutionary punk rock divas. The common rationale for the onslaught is “Silence your opposition and critics through any means necessary.” The disgruntled often hire the dark web’s numerous criminal gangs to do the actual dirty work, making accountability nearly impossible.
The results are frequently devastating for smaller organisations already subsisting on lean operational budgets, as tremendous expenses are associated with preventing the attacks.
The Association for Progressive Communications (APC, of which MPFL is a member) was caught in the cross hairs of #GamerGate for the #TakeBackTheTech initiative, aimed at tracking and fighting online violence against women, from stalking and bullying to sex trafficking and beyond. APC was drowned with angry texts, email and tweets. It emerged unscathed thanks to protection from its members MFPL and eQualit.ie, who got its website behind Deflect.
Planned Parenthood and the National Network of Abortion Funds (NNAF) were both attacked for offering reproductive services to low-income women.
The website of the Health Network of Latin American and Caribbean Women (RSMLAC – Red de Salud de las Mujeres Latinoamericanas y del Caribe) was attacked and taken down. This attack occurred immediately after the launch of several activities tied to #28SAbortoLegal, the September 2013 social media campaign to legalise abortion.
Github.com was broadly attacked and disabled, with the attacks apparently linked to its support for internet freedoms in China.
Premium Times of Nigeria came under intense DDoS attacks during the height of the country’s March 2015 presidential elections.
Zimbabwean human rights activist organisations were also hit during controversial elections. Fair Trade Africa, Privacy International and the Zimbabwe Human Rights Forum had their sites disabled, ostensibly for monitoring the elections for potential human rights abuses.
In June 2011 the Malaysian government came under surprise attacks by the hacker group Anonymous: 41 out of 51 primary servers were stalled in retaliation for state-sponsored content censorship, perceived as a violation of human rights.
Most recently, in April 2016, Anonymous derailed the KKK’s websites with DDoS attacks in opposition to the mission of global white supremacy.
The Israeli government was not immune to the latest attacks by Anonymous, finding itself subjected to an annual holiday of DDoS attacks, “Hack Israel Day”, for ongoing policies surrounding the disputed territories.
Attacks against the Kotsubynske independent media news site in Ukraine, in particular during the first two weeks of February 2016, were not successful.
The Boycott, Divestment and Sanctions (BDS) movement aims to non-violently pressure Israel to comply with international law and to end international complicity with Israel’s violations of international law. The movement’s website has been protected by Deflect since late 2014 and has frequently been attacked.
On the attacks against the BDS movement, Dmitri Vitaliev from eQualit.ie says, “Since joining the Deflect service, the bdsmovement.net website has been one of the most frequently targeted domains in our portfolio. Now that we have developed infrastructure and tooling to capture and analyse cyber attacks targeting our clients, we aim to reduce the impunity currently enjoyed by those aiming to silence online voices.”
Molly Sauter’s The Coming Swarm accurately and eerily predicted this tumultuous era of digitised political warfare:
It is unlikely at this time that DDoS actions will ever become a part of the popularly accepted activist repertoire of contention in the near future… DDoS actions will remain popular among internet-based fringe groups and subcultures, particularly those that adhere to a Barlowian view of the independent, self-contained nature of the internet. As high-profile hacker and computer crime cases come to trial these will serve as radicalizing events, “group grievances,” for the transgressive, technologically mediated subcultures that are currently serving as cultural laboratories for disruptive online activism.
The roster of victims continues to grow along with a diversity of mitigating tactical maneuvers that evolve from battle to battle. These incidents further reflect the urgent need for strong and effective resources to keep smaller organisations, projects, campaigns and voices both fortified and amplified.
Internet services designed to protect social movements
Many progressive organisations have been successful in promoting social and political change through easily accessible web tools that reach vast audiences at comparatively low cost. Politically motivated attacks can be deflected through collective action and support. DDoS is an extremely blunt tool used to silence voices and indicates a heightened level of backlash, obvious in the previous examples of abortion defence and resistance to Israeli apartheid.
Most network administrators are aware of standard security protocols including basic firewalls, anti-virus software, GNU/Linux operating systems, and malware protection. However, DDoS attacks deny the site owner basic control while driving away the target audience. The challenge of cutting off potential entry points from attackers becomes a costly and time-consuming exercise, and can be prohibitively costly for small non-profits.
Thus, it is important for social movement organisations to establish a relationship with an ISP that they trust, now, before they are in imminent danger of blow-back for their work. There are many independent and progressive ISPs around the world such as May First/People Link (US), GreenNet (UK), Colnodo (Colombia), Jinbonet (South Korea) and Pangea (Spain).
eQualit.ie builds software for social movements including Deflect, a DDoS mitigation tool. It is an infrastructure built on free/libre and open source software that protects and defends activist organisations that are or could become the subject of politically motivated DDoS attacks. Political organisations that wish to access Deflect’s services may check with the website for eligibility criteria.
According to MFPL’s McClelland, Deflect serves as a shield of sorts. Once a complicated DDoS attack is confirmed, Deflect deploys various mitigation methods to isolate and protect the site under attack. MFPL uses and recommends Deflect for many of its member organisations.
Typically, when a group begins using Deflect, it must transfer control of its DNS records to Deflect. However, it may still make changes to its zone file via the Deflect Dashboard. There are good reasons for this step: if Deflect has control over the DNS system, it can make changes to the IP addresses assigned to your domain name immediately and automatically. This control allows Deflect to move your site to different servers in the event of an attack.
However, to transfer these records, an organisation must have the proper login to its domain’s registrar. Often, a volunteer or a long-since-departed staff person set up the domain initially and the login information was not passed on to existing staff. And the process for regaining access to a registrar can be time consuming.
Therefore, MFPL has a method for keeping the DNS system in place with the MFPL name servers and synchronising this information with the Deflect servers. Making DDoS mitigation with Deflect an easy and seamless process for MFPL members is a major outcome of ongoing APC member-to-member collaboration since 2014.
How can Deflect protect you?
Deflect protects the privacy of its clients, because a strict adherence to protective privacy measures assists progressive websites in defending themselves globally.
Steve Revilak, a software engineer and MFPL Support Team member, said that for general strategic defence against DDoS attacks, “The first piece of advice I’d offer to political technologists is to acknowledge that DDoS attacks happen. Ask yourself, ‘What would I do if someone took our website off line, and kept it down for days or even weeks?’ If a long-term outage isn’t acceptable, then you have to think about countermeasures. Deflect was invaluable for MFPL. If it weren’t for Deflect, the whole experience would have been significantly more painful.”
As frustrating as these battles may seem, from the most small and petty to the most egregious, digital activists are constantly challenged to fight the good fight and stand with their principles for the greater good. While online harassment and abuse are unlikely to disappear entirely, it is up to each conscientious activist to remain steadfast in fighting for what they believe in. At the end of the day, while voices may occasionally be muted, the collective spirit can never be broken.