Decrypted: DEA spying on protesters, DDoS attacks, Signal downloads spike

This week saw protests spread across the world sparked by the murder of George Floyd, an unarmed Black man, killed by a white police officer in Minneapolis last month.

The U.S. hasn’t seen protests like this in a generation, with millions taking to the streets each day to lend their voice and support. But they were met with heavily armored police, drones watching from above, and “covert” surveillance by the federal government.

That’s exactly why cybersecurity and privacy is more important than ever, not least to protect law-abiding protesters demonstrating against police brutality and institutionalized, systemic racism. It’s also prompted those working in cybersecurity — many of which are former law enforcement themselves — to check their own privilege and confront the racism from within their ranks and lend their knowledge to their fellow citizens.


DEA allowed ‘covert surveillance’ of protesters

The Justice Department has granted the Drug Enforcement Administration, typically tasked with enforcing federal drug-related laws, the authority to conduct “covert surveillance” on protesters across the U.S., effectively turning the civilian law enforcement division into a domestic intelligence agency.

The DEA is one of the most tech-savvy government agencies in the federal government, with access to “stingray” cell site simulators to track and locate phones, a secret program that allows the agency access to billions of domestic phone records, and facial recognition technology.

Lawmakers decried the Justice Department’s move to allow the DEA to spy on protesters, calling on the government to “immediately rescind” the order, describing it as “antithetical” to Americans’ right to peacefully assembly.

DDoS attacks target both police and protesters

New data released this week by networking giant Cloudflare showed there was a spike in cyberattack activity, not only against government departments but also those fighting racism and prejudice.

DDoS attacks pummel websites and online systems with vast amounts of junk traffic, overloading the systems and forcing them offline.

Cloudflare said the number of distributed denial-of-service (DDoS) attacks on government sites were up by close to 2x and by almost 4x against military sites. But it also saw the number of cyberattacks against anti-racism organizations go from almost none in April to an increase of 1,120x in May.

A spike in cyberattack traffic against U.S. anti-racism organizations protected by Cloudflare’s security technology. (Image Credits: Cloudflare)

“As we’ve often seen in the past, real world protest and violence is usually accompanied by attacks on the internet,” said Cloudflare’s CEO Matthew Prince and CTO John Graham-Cumming in a blog post.

In all, Cloudflare said it blocked about 116 billion malicious requests over May 30-31, the first weekend of protests. That accounts to about 10x the number of Google searches made every second.

How to protest safely and privately

Peaceful protesting is a constitutional right for Americans — it’s right there in the First Amendment. But police have used tear gas, rubber bullets and “kettling” tactics that put protesters in harm’s way. It’s also not just the DEA conducting surveillance on protesters, even if they’re doing nothing wrong.

CNET, Motherboard and The Markup all have guides explaining how protesters can stay safe, protected and keep their information private as they exercise their right to assembly. These guides will walk you through ways to protect yourself from online harassment, profiling or retaliation.

Google makes it easier to use a security key on an iPhone

Search giant Google rolled out a new feature that makes it easier to use a security key on your iPhone.

Security keys are small hardware devices that you plug in to your phone or computer instead of receiving a two-factor authentication code. By Google’s own data, security keys offer near-perfect security against some of the most advanced kinds of cyberattacks.

Google said this week that iPhones running the latest software can now support a greater range of security keys. Now users can simply tap an NFC-enabled security key against the back of your iPhone without having to plug it in.


“2020 is a pretty good year to cover your face.”

That’s Moxie Marlinspike, founder of end-to-end encrypted messaging app Signal, which this week rolled out a new feature that makes it easier to blur people’s faces from within the app.

Signal added the new feature this week to help “support everyone in the street right now,” even as millions defy social distancing rules put in place by state and local governments in response to the coronavirus pandemic.

It’s not the only effort that’s out there. TechCrunch noted a few other examples of hackers and developers rushing to support their fellow citizens with face-blurring and photo anonymizing apps and tools.


In the security startup world this week:

Cloud and virtualization giant VMware has acquired Lastline for an undisclosed sum. TechCrunch exclusively reported the news on Thursday. A source familiar with the deal said some 40% of the startup’s staff would be laid off in the deal. Neither VMware nor Lastline commented on the report.

Inky has raised $20 million in its Series B round, led by Insight Partners. Inky is a decade-old startup that first focused on improving email, but then pivoted toward anti-phishing and email security.

And, Israel cybersecurity think tank Team8 has raised $104 million to take on a number of major cybersecurity and enterprise bets. The firm is spinning out its own VC arm to invest in Series A and Series B startups in not just cybersecurity but also artificial intelligence, data science and enterprise companies.

Send tips securely over Signal and WhatsApp to +1 646-755-8849.