Cause & Effect: Unintended Consequences of the George Floyd Protests in Cyberspace
Crisis escalations, private data breaches, FBI Intervention and public embarrassments
The events described below are real-life consequences of the ongoing George Floyd protests as pertaining to cyberspace.
—
Dark Web Chatter
On Friday evening, May 29, 2020, while Jewish Jess (not her real name/nickname) was taking part in a virtual “happy hour” with some of her friends, relatives and a few work colleagues, she had the TV on mute to follow the news coverage of the day’s events — the CNN Center in downtown Atlanta was vandalized by George Floyd protesters who broke the front windows and spray-painted the CNN logo with graffiti. The protesters then set police cars on fire, and at one point during the protests, one protester threw a firecracker towards the police officers who formed a protective barricade inside the CNN lobby. In return, police SWAT teams in tactical gear dispersed the crowds of protesters with tear gas, flash-bang grenades and rubber bullets. Towards late evening, the situation devolved into a standoff: crowds chanting, police growling, news and police helicopters circling overhead, and social media platforms buzzing nonstop at almost 1,800 posts per minute. Wild stuff.
—
Jewish Jess works as a cyber threat intelligence analyst for a large financial organization in Atlanta. Part of her job involves secretly hanging out on hacker forums in the underground parts of the Internet — the Dark Web — trying to figure out who is contemplating attacking her company, why they want to do it, when they plan to do it, and how. In a previous life, Jess was a Cyber Threat Investigator in the Israel Defense Forces (IDF), where she used a similar set of skills to protect the State of Israel.
—
Back on Wednesday, May 27th, Jewish Jess had noticed increased chatter on one of her favorite Dark Web forums, referencing the recent protests against police brutality in Minneapolis. Some hackers called for outright retaliation by going after the websites and email servers of the City of Minneapolis and the Minneapolis Police Department, others called for attacks on the Internet infrastructure of the entire State of Minnesota, and yet others called for targeted doxxing on the four police officers that were involved in George Floyd’s murder, including their families. A few others offered anti-black sentiments — after all, it’s the Dark Web, all kinds of interests and viewpoints are well represented.
Doxxing (or doxing) is a cyber jargon mostly used in underground online communities and it refers to the “practice of researching and publicly broadcasting private…information (especially personally identifying information — PII) about an individual or organization.” The word “dox” is an abbreviation of documents.
By Thursday, May 28th, Anonymous — the international hacktivist movement widely known for its major cyber attacks against several governments, corporations, and even the Church of Scientology — declared a large hacking operation against the City of Minneapolis. In a now-deleted video released online, an individual appeared wearing a Guy Fawkes mask and stated: “We are Legion. We do not forgive. We do not forget. Expect us.” Anonymous addressed police brutality and vowed that they will be exposing the many crimes of the Minneapolis Police Department to the world.
Vendor-Client Crisis
Greg Hart (not his real name/surname) is the Chief Cyber Security Architect at a cybersecurity consulting company in Minneapolis. His team handles cyber defense and monitoring capabilities for their clients’ Internet infrastructure. Some of their clients include agencies and departments funded by the City of Minneapolis as well as the Minneapolis Police Department.
Greg woke up early on Tuesday morning, May 26th, to a series of email and text message alerts on his work phone, from both the Chief Security Officer and the Public Relations Officer. The emails carried bad news: the previous day, at about 8:19PM, a white police officer — Derek Chauvin — knelt on George Floyd’s neck for almost nine minutes while Floyd was handcuffed and lying face down on the street. Two other officers further restrained Floyd while he was on the ground, and a fourth officer prevented onlookers from intervening. George Floyd was pronounced dead at the Hennepin County Medical Center emergency room around 9:25PM.
Two days later on Thursday, May 28th, following the Anonymous hacker group’s call to action, the websites of the Minneapolis Police Department and the City of Minneapolis went offline as a result of distributed denial of service (DDoS) attacks — basically when a website or computer network is intentionally paralyzed by flooding it with data sent simultaneously from many individual computers. DDoS attacks are similar to the slowness or lag experienced by customers of a retail store’s website when several people all try to purchase a trending new product or during other seasonal shopping events such as Back to School, Black Friday, or Cyber Monday.
—
As expected, the website attacks created a new set of stressors for Greg’s clients, which naturally led to several phone calls and Zoom video meetings between executives, lawyers, cybersecurity specialists, and public relations officials on both sides. As Greg’s company scrambled to get in front of the catastrophe from both a public relations and a client relations service level agreement (SLA) standpoint, the City of Minneapolis and the Minneapolis Police Department were putting out fires literally and figuratively: dealing with protests and a burned precinct; answering questions from clergy members, community leaders, Minnesota state government officials, Minnesota federal senators and representatives, Federal Bureau of Investigation (FBI) agents, Native American tribal leaders and other minority groups, concerned private citizens, and so on.
It didn’t exactly help that the websites that could have served as key sources of information during those stressful first few days both went down in a coordinated manner, severely escalating the ongoing crisis as well as the corresponding crisis management techniques. On top of all that, morale, motivation and operational effectiveness has been severely affected in the day-to-day work of the Minneapolis Police Department. In addition, with the ongoing COVID-19 pandemic, the disabled city website is also impeding the flow of crucial public health information to the general public.
Similar cyber attacks on city and police websites took place in 2014 in response to the police shooting of Michael Brown in Ferguson, Missouri, and in 2015 in response to the killing of Freddie Gray, who suffered a spinal injury while being subjected to a rough ride in the back of a police van in Baltimore, Maryland.
Weak Links
By May 28th, Jewish Jess began seeing parallels in what was playing out in real time both on the Dark Web and on TV all over the country. When a company intends to acquire another company, they conduct comprehensive risk assessments to determine if there are any red or yellow flags before going ahead with the deal. In recent times, those risk assessments have now included cybersecurity risk assessments as part of the overall assessments — more companies are falling victim to cyber attacks without reporting them to the U.S. Securities and Exchange Commission (SEC), law enforcement agencies, or during merger and acquisition talks. An example of this happened during acquisition talks between Verizon and Yahoo in 2017 — two massive cyber attacks were discovered at Yahoo between August 2013 and September 2016, which made Verizon to significantly lower their original offer by $350 million.
Jewish Jess’s company had been in acquisition talks with a medium-sized Minneapolis-based registered investment advisor (RIA) firm since January 2020, and she was part of the team that was tasked with conducting a cyber risk assessment for the potential acquisition.
—
Because retaliatory cyber attacks during racially-charged protests — or any other kinds of protests — are usually free-for-all, everything available on the Internet related to the targets is usually considered fair game and hackers will go after whatever they can get their hands on without regard for who or what will be affected. Jewish Jess knew this, so she immediately began correlating the client list of the medium-sized RIA firm with the publicly available list of officers and employees of the Minneapolis Police Department and the City of Minneapolis.
Most cyber attacks are carried out with the goal of obtaining private information, email correspondence, sensitive documents, and anything of value that can cause embarrassment for the targets. Interestingly, Jewish Jess found out that not only did the medium-sized RIA firm have Minneapolis police officers and city officials as part of its clientele, there were also some Minneapolis state senators, community leaders, as well as private citizens.
This automatically created a tricky situation for Jewish Jess and her company. Most of their potential acquisition’s clients could very likely have their private information floating around on the Dark Web. By the time cyber criminals decide to commit fraud using those private data, the clients would have become the Atlanta-based financial organization’s clients.
That could only mean bad news: unlimited lawsuits and bad PR.
Doxxed
On Monday morning, June 1st, Jewish Jess got up very early to meet with one of her contacts on The Hub Forum, an underground Dark Web forum where users review other Dark Web marketplaces, buy and sell cryptocurrencies, and discuss cybersecurity. The meeting was with a 22-year old professional hacker from Sakhalin, a mountainous island located in Russia’s far east region, about a work-related project she was working on, which was unrelated to the ongoing George Floyd protests. As soon as she logged onto the forum’s lobby, she noticed a post that had “Minneapolis”, “protests” and “doxxed” in the same sentence, and that grabbed her attention instantly.
A click on the post’s title took her to a live chat session that had at least 18 other hackers contemplating what to do with a cache of “fresh” private data that had recently been “collected in Minneapolis”.
That just confirmed Jewish Jess’s worst nightmare. The unlimited lawsuits and bad PR will now be a real possibility.
Federal Assistance
The Minneapolis Division of the FBI is located in Brooklyn Center, a suburb in the city’s northwest — a 5-floor, 3-building office complex on the corner of Humboldt Avenue and Freeway Blvd. As soon as the news of George Floyd’s murder got out on Monday, May 25th, the FBI opened an investigation into the case and released statements asking the public for any helpful information. Their investigation would run concurrently with the ongoing investigation by the Minnesota Bureau of Criminal Apprehension (BCA), and in addition, the FBI requested anyone with digital media — photos or videos — that could be relevant to the case to post them to fbi.gov/MinneapolisTips.
When Jewish Jess stumbled upon that Dark Web chat room referencing the Minneapolis doxxing incident, she contacted her manager at work to figure out what to do with that information. After a nearly 2-hour meeting with other key members of her team, two Directors, and her company’s Chief Information Security Officer (CISO), they all agreed to forward the information to the FBI. She looked up the website of the FBI Minneapolis Division and found the page for reporting digital media information relating to the George Floyd case.
—
As of Friday, June 5th, both websites of the City of Minneapolis and the Minneapolis Police Department were still down, with Greg and his team working round the clock trying to get them back to normal operations. Understandably, there was mounting pressure from all angles, which was becoming unbearable by the minute, in addition to the multiple concurrent obligations his company had to fulfill for their client, regardless of what was going on in the news — contractual, legal, financial, express, moral, absolute, and so on.
By late afternoon that Friday, Greg’s team decided to contact the FBI Cyber Investigative Squad located in the FBI Minneapolis Division office complex, as well as the National Cyber Investigative Joint Task Force, the primary U.S. agency responsible for coordinating cyber threats investigations. That official request for federal assistance took the edge off just a little bit, so to speak, and allowed Greg and his team to be able to report something to their own company leadership, as well as their clients.
—
For Jewish Jess and her cybersecurity risk assessment, it just means there was more work to do. Her company’s leadership team and the Minneapolis RIA firm would now have to pivot sharply away from their current negotiating position in a whole new different direction.
Conclusion — Moving Forward
On Sunday, June 7th, the Minneapolis City Council passed a resolution to begin the process of abolishing the Minneapolis Police Department “and creating a new, transformative model for cultivating safety in Minneapolis.” That afternoon, members of the city council walked onto a stage at Powderhorn Park to support members of an advocacy group — Black Visions Collective (BLVC), who were calling for the end of the Minneapolis Police Department. On that stage were nine city council members — council President Lisa Bender, Vice President Andrea Jenkins, Alondra Cano, Phillippe Cunningham, Jeremiah Ellison, Steve Fletcher, Cam Gordon, Andrew Johnson and Jeremy Schroeder.
All over the country, efforts to defund police departments have been gaining momentum for a while. On Wednesday, June 3rd, Los Angeles Mayor Eric Garcetti pledged to cut $100 million to $150 million from its nearly $2 billion annual police budget to redirect to black communities. New York City Mayor Bill de Blasio also pledged to cut the city’s police funding for the first time, following 10 straight nights of mass protests against police violence.
Also on Sunday, Acting Homeland Security Secretary Chad Wolf said during an interview on “Fox News Sunday” that calls to defund police were a “political statement,” and that slashing police budgets would harm law enforcement oversight and leadership.
In Washington DC, congressional Democrats are expected to roll out sweeping police reform legislation on Monday, June 8th, following nearly two weeks of sustained protests against police violence. The legislation, called the Justice in Policing Act of 2020, includes an array of measures aimed at boosting law enforcement accountability, changing police practices and curbing racial profiling.
The legislation is sponsored by Rep. Karen Bass (Democrat, CA), who chairs the Congressional Black Caucus, Rep. Jerrold Nadler (Democrat, NY), chairman of the House Judiciary Committee, Senator Cory Booker (Democrat, NJ) and Senator Kamala Harris (Democrat, CA). It was not clear whether Republicans in Congress or President Trump would back the bill.
The House Judiciary Committee has planned a hearing for Wednesday, June 10th, the first on police issues since the protests broke out. The Senate Judiciary Committee has a hearing slated for Tuesday, June 16th.
—
—
—
Additional Readings:
George Floyd protests
List of George Floyd protests in the United States
List of George Floyd protests outside the United States
Racism in the United States
George Floyd protests in the United Kingdom
Killing of George Floyd
Shooting of Ahmaud Arbery
Shooting of Philando Castile
Shooting of Tamir Rice
Shooting of Trayvon Martin
Shooting of Jeremy McDole
Shooting of Alton Sterling
Shooting of Andy Lopez
Death of Sandra Bland
Death of Jonny Gammage
Death of Jonathan Sanders
Driving while black
Black Lives Matter
Shooting of Breonna Taylor
Death of Eric Garner
2015 Baltimore protests
Ferguson unrest
Human rights in the United States
Timeline of the civil rights movement
Timeline of African-American history
Lists of killings by law enforcement officers in the United States
Niagara Square police violence incident
Police brutality in the United States
King assassination riots
List of incidents of civil unrest in the United States
Post–civil rights era in African-American history
Long, hot summer of 1967
1992 Los Angeles riots
Gypsy cop
Police brutality against Native Americans
Rough ride (police brutality)
Hands up, don’t shoot
I can’t breathe
Racial profiling
Police use of deadly force in the United States
