How Canadians are keeping Black Lives Matter website online

When civil society groups are targeted with denial of service attacks intended to silence their messages online, a Montreal not-for-profit called eQualit.ie has emerged as the first line of defence

A Montreal not-for-profit is thwarting denial of service attacks intended to silence civil society groups

Protesters hold a banner during a demonstration in Berlin, on July 10, as protest over the deaths of two black men at the hands of police. (Wolfram Kastl/AFP/Getty Images)

After a rash of cyberattacks on the Black Lives Matter website earlier this year, the rights group went looking for a new hosting provider — and protection from future attacks. A group of tech-savvy engineers and researchers at a Canadian not-for-profit answered the call for help.

The Black Lives Matter website had been repeatedly targeted by online attackers intent on taking its website offline — and in April, they finally succeeded, with what is commonly known as a distributed denial of service (DDoS) attack. 

Although these types of attacks can often be prevented, mitigation can also be costly — and some mitigation companies have even dropped clients who have been the target of unusually large attacks. 

A service called Deflect, developed by the Montreal-based not-for-profit eQualit.ie, has offered select groups like Black Lives Matter another option — one that director Dmitri Vitaliev says is not only free, but aligned with the values of the groups it protects. 

In other words, eQualit.ie is keenly aware of the importance of keeping its clients' sites online no matter how large the attack.

Fighting censorship

Founded in 2006, eQualit.ie develops "digital tools and services to help protect human rights in the digital age," according to Vitaliev. Deflect is one of eQualit.ie's flagship projects, and was designed to help civil society organizations — such as Black Lives Matter, but also independent journalists — keep their infrastructure online when under attack.

"Several years ago we noticed this trend of using various forms of cyberattacks — but in particular DDoS attacks — as a way of censoring these websites," Vitaliev said.

The internet — and social media in particular — has emerged in recent years as crucial tools for independent media, humans rights organizations and activist groups worldwide seeking to spread their messages and organize supporters.

In turn, attackers have come up with new ways to try to silence the activities of such groups online.

"The specific targeting that characterizes recent DDoS attacks (on networks supporting reproductive rights, Palestinian rights and the rights of people of colour) highlights this type of online attack as part of the arsenal being used to quash response and social change movements," read a statement from Black Lives Matter after a particularly intense series of attacks in July.

'Mob mentality'

In a new report released last week, eQualit.ie found that, over a seven-month period, the Black Lives Matter website was attacked more than a hundred times — almost every day — a number that Vitaliev says was "definitely the highest we've ever seen against a single client."

The attacks were amplified by multiple users who joined in response to " callouts  made on social media and covert channels."

Though the attacks were relatively sustained throughout the year, the biggest attacks by far came on July 10 and Oct. 13, in which attackers flooded the Black Lives Matter website with an unusually large amount of traffic that had been bounced off legitimate sites.

These attacks harnessed bugs in popular web-based content management systems such as WordPress and Joomla, allowing a relatively small number of malicious machines to amplify their attacks by bouncing them off innocent websites in rapid succession toward the intended target, in what's called a reflection attack.

Vitaliev said that one of the large attacks may be tied to a user by the name of "bannedoffline," who has also participated in large attacks on other websites, including an attack on cybersecurity researcher and journalist Brian Krebs that at the time was billed as the largest DDoS attack to date.

The report also found that, in many cases, the attacks were amplified by multiple users who joined in response to "callouts made on social media and covert channels."

It was this "mob mentality" that Vitaliev believes contributed to the severity of some of the attacks. 

Lean operations

In all, 12 people work at eQualit.ie, of which eight work either full or part-time on Deflect, which receives about three million visitors to the sites it protects each day.

The infrastructure costs around $3,000 a month, according to Vitaliev, which is only about five per cent of eQualit.ie's monthly budget for salaries and other projects — a lean operation compared with much larger commercial protection services.

Vitaliev's hope is that, in addition to the service it provides, the information it has released about the attacks on the Black Lives Matter website will also help to expose and dissuade future attackers.

"We believe that the purpose of our project is to thwart the ambitions of the adversary and at the same time to aid the advocacy efforts of the target," he said, "so this is why we are going public with this."

About the Author

Matthew Braga

Senior Technology Reporter

Matthew Braga is the senior technology reporter for CBC News, where he covers about how data is collected, used, and shared. If you have a tip, you can contact this reporter securely using Signal or WhatsApp at +1 416 316 4872, or via email at matthew.braga@cbc.ca. For particularly sensitive messages or documents, consider using Secure Drop, an anonymous, confidential system for sharing encrypted information with CBC News.