In the wake of George Floyd's tragic murder in May 2020, a disturbing trend emerged, shattering the digital sanctity of human rights advocacy groups across the United States. As protests ignited a global movement for racial justice, cybercriminals, emboldened by the chaos, launched an unprecedented wave of cyber attacks targeting these very organizations. According to Cloudflare, the volume of malicious HTTP requests aimed at human rights groups surged by a staggering 1,100 times, with some sites experiencing a relentless barrage of up to 20,000 requests per second. This alarming spike in cyber aggression paints a chilling picture: while the world rallied for justice, malicious actors seized the opportunity to exploit vulnerability, turning the quest for equity into a battleground for digital warfare. What transpired during this surge of cyber hostility reveals the lengths to which adversaries will go to undermine those championing human rights, making it imperative to examine the extent of the damage inflicted in this dark chapter of the digital age.

• Quantified Impact:

  • Cloudflare recorded a staggering 135 billion HTTP requests blocked over May 30/31, with advocacy groups facing an 1100X increase in attacks.
  • Some groups saw traffic spike from zero to 20,000 requests per second.

• Impacted Assets:

  • Numerous advocacy websites faced constant DDoS attacks, leading to severe disruptions in service.
  • Potential data corruption occurred due to unauthorized access attempts, though specific instances of data loss were not detailed.

• Organizational Effects:

  • Organizations struggled to maintain operational continuity, with many unable to process donations or provide timely information to the public.
  • Increased strain on IT resources to mitigate attacks led to reduced efficiency in other operational areas.
  • Direct financial costs included increased cybersecurity expenses and potential loss of donations, although specific dollar amounts were not disclosed.

The surge in cyber attacks on human rights groups post-2020 can be attributed to several factors that exploit system vulnerabilities. Firstly, the heightened emotional climate following George Floyd’s murder made advocacy organizations prime targets for cybercriminals seeking to capitalize on increased online activity and engagement. Attackers often deploy phishing tactics, using emotionally charged events to craft deceptive emails that appear legitimate, thus tricking users into clicking on malicious links or attachments.

Moreover, the large-scale Distributed Denial of Service (DDoS) attacks, as recorded by Cloudflare, indicate that attackers utilized botnets—potentially involving compromised servers worldwide, such as a hacked server in France—to flood advocacy group websites with traffic, overwhelming their defenses. This led to unprecedented spikes in request volume, with some sites experiencing attacks of up to 20,000 requests per second.

The presence of hacktivist groups like Anonymous also suggests a coordinated effort targeting specific organizations and government entities, leveraging social unrest to advance their agenda. Overall, a combination of social engineering tactics, technological vulnerabilities, and organized cyber activity enabled these attacks to occur successfully.

In response to the surge in cyber attacks, the affected human rights groups implemented immediate security measures to protect their digital assets. They conducted urgent assessments of their systems to identify any potential breaches or vulnerabilities. Malware was identified through a combination of automated security tools and manual inspections by IT personnel, who scrutinized network traffic for unusual patterns and unauthorized access attempts.

Once detected, the malware was triaged based on its potential impact and the severity of the threat. The groups isolated infected systems to prevent the spread of malware, followed by the removal of malicious code and the application of patches to address any vulnerabilities. They also increased monitoring of their networks, focusing on incoming emails and web traffic to ensure that any further attempts were promptly blocked. Staff were educated on recognizing phishing attempts and advised to enhance their vigilance when handling communications related to the ongoing crisis, thereby minimizing the risk of successful cyber intrusions.