with Tonya Riley
Online accounts claiming to be associated with the hacking group Anonymous are trying to help protests against police brutality that are unfolding across the nation.
But their efforts may be more flash than substance.
The accounts claimed credit for stealing and spreading a batch of alleged email addresses and passwords from Minneapolis police officers, though it is highly unlikely that Anonymous members actually hacked police computer systems.
An unofficial Facebook page affiliated with the group posted an ominous video of someone in its signature Guy Fawkes mask pledging to expose the alleged dirty secrets. A rudimentary cyberattack temporarily forced the police department’s website offline, adding to speculation over the group’s involvement.
The efforts are aimed at retaliation against the department over the killing of George Floyd, a black man whose death in the custody of the Minneapolis police has sparked demonstrations and clashes between protesters and authorities in cities across the nation.
The return to the spotlight is reminiscent of the shadowy hacktivist group’s heyday between 2008 and 2013, when its loose coalition of members attacked the Church of Scientology, partnered with WikiLeaks to spill information about a private intelligence firm and helped Arab Spring protesters in Tunisia stay online amid government efforts to silence them.
But it is far from clear whether this marks a real resurgence for the group.
So far, recent activities associated with the group have been fairly unsophisticated. The emails and usernames that they claimed came from the police department were probably compiled from information in several previous data breaches that the hacktivists could have easily found online, said Troy Hunt, a Microsoft executive who runs a site that tracks data breaches.
Hunt described the leaked data on Twitter as “almost certainly fake.” Among other clues, many of the passwords were so simple and guessable that it’s highly unlikely any accounts run by a police department or other city agency would have accepted them, he said.
Hunt speculated that the phony claims were gaining traction online because people outraged at Floyd’s death simply wanted them to be true.
Thirdly, this is getting traction because emotions are high; public outrage is driving a desire for this to be true, even if it’s not. Hash-tagging it “Anonymous” implies social justice, even if the whole thing is a hoax.
— Troy Hunt (@troyhunt) May 31, 2020
The cyberattack that brought down the police department’s website over the weekend was also an easy and low-skill operation, as I reported Monday.
Anonymous hacks once grabbed headlines, but the group has splintered and members have fled in recent years.
That’s largely due to the group breaking up into different divisions over political disagreements, and frustration that its hacks were often ineffective at effecting change, IBM’s X-Force threat intelligence division found in a 2019 report summarized by ZDNet.
Hacktivism has been declining overall since 2015, the report found.
Significant data breaches from Anonymous and related groups has dropped about 95 percent since 2015. There were only five such breaches in 2017 and two in 2018, IBM found.
But what the group lacks in hacking power, it’s making up for in social media influence.
The Facebook post that pledged to expose the Minneapolis Police Department’s “many crimes to the world” has been viewed more than 3 million times. That’s far more than the page’s other recent videos. A tweet promising to “intervene if and when it becomes necessary” if the Trump administration imposes harsh penalties on people arrested at protests was liked more than 200,000 times.
Gabriella Coleman, a McGill University professor who has written extensively about Anonymous, told Vice’s Lorenzo Franceschi-Bicchierai that the viral spread is “unlike anything I’ve seen.”
In a bizarre twist, a lot of the recent sharing of Anonymous posts came from fans of Korean pop music, Coleman noted.
–> Some interesting perspectives that provide a cultural (and not disinfo) twist on what may be going on https://t.co/LNJ5oDpIEr
— Gabriella “Biella” Coleman (@BiellaColeman) June 1, 2020
Because Anonymous is such a loose collective, it is unclear how many people claiming membership have any true affiliation.
The group also has a history of exaggerating its activities and claiming that members stole data that was freely available.
In February 2019, for example, an offshoot of the group called “Operation Death Eaters” said it had stolen secret files belonging to Jeffrey Epstein, the billionaire who was arrested on federal charges of alleged sex trafficking of underage women.
In fact, the allegations the group published largely came from public court documents, as CyberScoop’s Jeff Stone reports.
Misinformation about widespread communications outages in D.C. caused mass confusion on Twitter.
The hashtag #DCblackout appeared to originate from an account that had just three followers, but within hours it had generated half a million tweets, Craig Timberg, Elizabeth Dwoskin and Fenit Nirappil report. D.C. officials confirmed there was no communications blackout that they were aware of.
Twitter removed hundreds of “spammy accounts” using the hashtag during its investigation, Twitter spokesman Brandon Borrman said. “We’re taking action proactively on any coordinated attempts to disrupt the public conversation around this issue,” he said.
The hashtag appears to have gotten early support from fake users, including several that normally tweet about Korean pop music, Darren Linvill, an assistant professor of communication at Clemson University who studies social media misinformation, told my colleagues. When other Twitter users tried to dispute the phony accounts, it only accelerated its popularity.
The rapid-fire spread of the misinformation highlights Twitter’s ongoing difficulties with checking misinformation in real time and keeping it off its trending-topics tab. That could be particularly dangerous given the role social media has played in accelerating protests and police reaction, experts say.
Pennsylvania officials are preparing for an Election Day racked by protests and confusion.
Protests over the death of George Floyd are threatening to close polling places there even as many residents who wanted to vote by mail to avoid polling places haven’t received their ballots, Amy Gardner reports.
“This was already a difficult task with the pandemic, and the current events have only made that difficult task harder,” said Nick Custodio, a deputy city commissioner.
Today’s primary election will also be a major test for new voting machines in some Pennsylvania counties, Reuters’s Julia Harte reports.
Efforts to surge voting by mail during the pandemic will be tested in numerous states holding primaries today. States that vote today and have tried to make it easier for residents to vote by mail include Maryland, Rhode Island, Montana, South Dakota and the District of Columbia.
Meanwhile, President Trump is ramping up his war against vote-by-mail, which he has claimed without evidence will lead to widespread fraud.
His campaign is partnering with the Republican National Committee to organize a host of legal challenges against the practice, particularly in key swing states, Amy Gardner, Shawn Boburg and Josh Dawsey report. “The move reflects the recognition by both parties that voting rules could decide the outcome of the 2020 White House race amid the electoral challenges posed by the coronavirus pandemic,” my colleagues report.
A bipartisan group of lawmakers is rolling out a bill to improve privacy protections for coronavirus contact-tracing apps.
The proposal, spearheaded by Sen. Maria Cantwell (D-Wash.), is designed to ensure that Americans can participate in contact tracing without sacrificing their personal data, Tony Romm reports.
The bipartisan bill would require companies developing contact-tracing applications to work with public health authorities. It also requires the companies to obtain consent before they begin location tracking.
The bill takes a much harder line on regulating contact-tracing technologies by employers and private businesses, which are largely exempt under an alternative bill introduced by Republicans last month. It would also grant the federal government more power to punish companies that build the apps for privacy abuses and data breaches.
Experts warn the government prepare now for how future pandemics might stress the nation’s cybersecurity protections.
Top priorities for the Cyberspace Solarium Commission include requiring stricter cybersecurity protections for internet-connected devices and creating a stronger system to thwart disinformation on social media. The group of lawmakers, former government officials and private sector leaders is co-chaired by Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.).
The recommendations come in a coronavirus-themed addendum the group is releasing today to a far more detailed report it launched in March. That effort slipped out of public view as the coronavirus pandemic worsened. Now the group is hoping the difficulties the government has faced in responding to the pandemic will improve their appetite for protecting against a major cyberattack before it comes.
Two Chinese companies are urging the Federal Communications Commission not to revoke their licenses to operate in the United States.
Pacific Networks Corp. and ComNet filed a 92-page briefing with the agency disputing claims that they’re beholden to the Chinese Communist Party and represent security risks for the United States, Reuters reports.
China hawks have called on the agency to revisit the approvals it granted the company more than a decade ago.
More international news:
Attempts by hackers to steal personal information via mobile phones are on the rise as people use their devices more during the pandemic.
There was a 37 percent increase worldwide in phishing attacks against mobile phones managed by companies and other organizations between the fourth quarter of 2019 and the first quarter of 2020, according to the mobile security firm Lookout.
Government agencies saw some of the greatest increases, with such attacks roughly doubling during the year.
Some cybersecurity pros expressed solidarity with Facebook employees who staged a virtual walkout over the company’s decision not to fact check some of President Trump’s posts as Twitter has done.
React Core’s Dan Abramov:
The React Core team is joining the Facebook employee walkout in solidarity with the Black community.
Facebookʼs recent decision to not act on posts that incite violence ignores other options to keep our community safe. We implore the Facebook leadership to #TakeAction. pic.twitter.com/0i33nNQTLN
— Dan Abramov (@dan_abramov) June 1, 2020
- Sen. Tom Cotton (R-Ark.) will testify in front of the British Parliament’s defense subcommittee on the security of 5G today.
- The House Judiciary Committee will host a hearing on protecting the right to vote during the coronavirus pandemic at 10 a.m. Wednesday.
- The RSA Conference will host a webcast on nation-state cyberthreats and the 2020 election on Thursday at 4 p.m.
Secure log off
John Oliver breaks down Trump vs. voting by mail on “Last Week Tonight.”