Vicious Hack Sends Abortion Fundraisers to Court

BOSTON (CN) – After a cyberattack disrupted their signature fundraising event, six abortion-access advocates brought a federal complaint to hold the unknown hackers liable.

The National Network of Abortion Funds is the lead plaintiff and notes that it organizes an online fundraiser every year called the National Abortion Access Bowl-a-Thon for its 40 organizations across the country.

Filed in Boston on March 28, with attorneys from the Matorin Law Office in nearby Wellesley and the firm C.A. Goldberg in Brooklyn, New York, the complaint describes a DDoS attack against the Bowl-a-Thon in April 2016.

Short for denial of service, the DDoS attack involved one or more hackers implanting malicious code within the fundraising application run by nonparty Blue Sky Collaborative.

And though the cyberattack sowed massive panic in the final 10-day stretch of the fundraiser, the NNAF, as the lead plaintiff abbreviates its name in the complaint, notes that the end goal of the hackers was more insidious.

By gaining administrative access to Blue Sky using a malicious JavaScript attack, the hackers were able to harvest the names, mailing addresses, email accounts and phone numbers of 2,705 NNAF participants and 14,333 donors.

The NNAF says the hackers infected 1,054 profile pages and came away with 435 credit card numbers.

A week earlier, the cyberattack began with a series strange comments on Bowl-a-Thon registrant pages, followed by new accounts named for “Adolph Hitler.”

On April 12, as the Bowl-a-Thon fielded what the complaint calls “absurdly large offline donations from registered participant accounts,” a Twitter account called @matthewjames began trolling the NNAF’s Twitter.com account @abortionfunds.

“The tweets congratulated NNAF on ‘passing the $830 trillion mark,’” according to the complaint, “and added, ‘you’re gunna [sic] make little boys and girls a complete thing of the past!’”

That’s when the “Adolph Hitler” accounts sprang into action.

“Over the next couple of hours, the Bowl-A-Thon website appeared to receive $66 billion in fraudulent donations during a distributed denial of service attack (DDoS) which then caused the Bowl-A-Thon website to crash altogether,” the complaint states.

Not content just to disable the fundraising site, however, the NNAF says the hackers worked later that night to send “donors deeply disturbing racist, anti-Semitic, and misogynistic emails.”

“The email sent by ‘Adolph Hitler’ contained the following message,” according to the complaint, “‘I believe that the Aryan race is the Master Race; the purest human genetic strain currently available. Consequently, it tickles me to fund abortions for the lower races, such as the Negroes and the Jews. There is no longer any need to send these parasites to my concentration camps – they willingly slaughter their own young if given enough money to afford the ope [sic] I am indebted to feminism and this new opportunity it has provided to cleanse our future generations. Keep it up, NNAF!’”

Before dawn on April 14, the cyberattack escalated.

“From an account named info@nnaf.org Defendant(s) sent a spoofed email to hundreds of Bowl-a-Thon registrants,” the complaint states. “The email consisted of a picture of a fetus with the message: ‘I hope I grow up big enough to go bowling someday.’”

The NNAF says its expenses related to the hack are still growing.

In addition the the $200,000 bill from a crisis-security firm and attorneys, the NNAF says it had to build a new front-end website, and set up secure hosting and a security audit for the website, at a cost of more than $50,000.

In addition to hurting the ultimate goal of improving abortion access, the NNAF says its member funds lost hundreds of thousands of dollars in donations and had to shell out substantial fees, time and resources to address the attack and restore goodwill with their donors.

“The attack had profound and harmful effects on the relationship between NNAF and its member funds,” the complaint states. “NNAF risked losing the trust and confidence of member funds in the network due to the attack on the fundraising platform where the funds had been engaging existing and new supporters. Inviting abortion funds to participate in Bowl-a-Thon again the following year was very difficult for NNAF knowing that they were being targeted or that they might risk another attack.”

In addition to violations of the Computer Fraud and Abuse Act, the complaint alleges one count under the Freedom of Access to Clinic Entrances Act.

The NNAF says the individual behind the @matthewjames Twitter post may have bear primary responsibility for the attack.

“Upon information and belief, Davis is a religious anti-abortion activist with a background in technology and coding,” the complaint states. “Davis was believed to live in Florida, although the Twitter account states ‘Sapporo, Japan’ in its user profile. A website, www.davismj.me, states that Matthew James Davis is a ‘core team member’ at Aurelia. The website www.Aurelia.io states that Aurelia is ‘a JavaScript client framework for web, mobile and desktop that leverages simple conventions to empower creativity.’”

Davis has not responded to an email seeking comment.

%d bloggers like this: