Civil Society + Blockade.IO

Brandon Dixon
Blockade.io
Published in
2 min readMay 26, 2017

Imagine that just visiting a website can lead to your computer being compromised. For some individuals, this may not be a big deal — maybe you reformat your machine and restore from a previous backup. For others, especially those who maintain sensitive relationships or live in hostile locations, a compromise could literally lead to a complete loss of freedom.

The above situation may seem like hyperbole, but plenty of documented cases exist where nation states attempt to compromise individuals in order to harm, detain, undermine or influence them. Many of the parent organizations or individuals lack the technical resources or budgets to provide sufficient security controls to those who may be targeted.

One of the most recent examples of a high-profile compromise was reported yesterday by the Citizen Lab. Russian-linked malicious actors compromised the accounts of a prominent journalist and Kremlin critic through a credential harvesting attack. Malicious actors used their access to download materials from the journalist’s inbox, slightly modified them to support a false narrative and strategically leaked the tainted documents out through pro-Russia media sites.

Attacks like that reported by the Citizen Lab happen everyday with many of them being easy to defend against. In the case of the compromised journalist, malicious actors re-used infrastructure (phishing domains) that was several months old and previously reported on as being malicious by security companies. There’s no reason why this attack couldn’t be prevented except for a lack of security controls or awareness.

Blockade.io was created to provide security to individuals and organizations, both small and large. Using native browser interfaces, Blockade doesn’t require any change in user behavior in order for it to successfully block attacks and defend the user. Had the journalist been using a tool like Blockade, it’s very likely they may not have been compromised. Instead of seeing the phishing website, the user would have been presented with a bright-red warning indicating the page they were attempting to visit was flagged as malicious.

No solution is perfect and Blockade is far from enterprise-grade security, but if leveraged appropriately, it’s the perfect match for defending those in civil society. We feel this message is important to share and that’s why we are working with organizations like Security Without Borders to get Blockade deployed to those who need the defense most. If you have any questions, or simply want to contribute to Blockade, get in contact with us.

--

--

Brandon Dixon
Blockade.io

Founder of @BlockadeIO, PDF X-RAY, and @PassiveTotal. Partner and developer for @TheNinjaJobs. VP of Strategy for @RiskIQ. Roaster at @SplitKeyCoffee.