Breach Notification , Cybercrime , Fraud Management & Cybercrime
Reports: GiveSendGo Breach Involves Freedom Convoy DonorsPlatform Was Collecting Funds for Demonstrations Against COVID-19 Mandates
GiveSendGo, a Christian crowdfunding website that had become the go-to platform for donors supporting the Canadian "Freedom Convoy" protests, went offline on Monday following a reported cyberattack in which donor information was allegedly leaked.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The news comes amid a coordinated protest among truckers - since dubbed the "Freedom Convoy" - against mandatory COVID-19 restrictions. Truckers have blocked Canadian border entrances, a tactic the government said presents danger and has delayed supply chains.
Distributed Denial of Secrets, aka DDoSecrets, a nonprofit whistleblower site for news leaks, reportedly obtained the leaked donor information.
At the time of publication on Wednesday, the GiveSendGo site had been restored. The platform did not immediately respond to Information Security Media Group's request for comment.
But in a statement posted to its Twitter account on Tuesday, GiveSendGo wrote: "Sunday evening, February 13th, GiveSendGo was attacked by malicious actors attempting to eliminate the ability of its users to raise funds." In the breach, the platform added, a hacker "distributed the names and emails of the donors of the Freedom Convoy campaign." The platform says no credit card information was leaked and no money was stolen.
GiveSendGo said its security team shut down the site to prevent "further illegal actions" and performed "many security audits" to ensure its safety prior to restoration.
The company reportedly aimed to fight a Canadian court order requiring it to cease disbursing Freedom Convoy donations, a cause that has pulled in millions of dollars, according to The Daily Mail.
On Sunday, the GiveSendGo site reportedly redirected to the URL "givesendgone.wtf," which displayed a clip from the Disney movie "Frozen" with a note admonishing donors, according to Mikael Thalen, tech reporter for The Daily Dot, who wrote that the "names and emails of roughly 92,000 donors to the Freedom Convoy" had been leaked.
Reached for brief comment on Tuesday, Distributed Denial of Secrets confirmed with ISMG that the timeline of events surrounding the breach "seems correct."
Earlier this month, Ontario Premier Doug Ford called for an end to the "occupation" of the city, citing alleged aggressive behavior, according to NPR. Meanwhile, according to the same report, popular crowdsourcing platform GoFundMe had also confirmed it would refund or redirect funds raised by demonstrators. The platform ceased its funding efforts citing a violation of its terms of service.
On the alleged data breach, security practitioners say that hacktivism cases - which the GiveSendGo case outwardly appears to be - can be complex.
Alex Ondrick, who heads security operations at the firm BreachQuest, tells ISMG that "the situation raises questions about the role of cybersecurity in public policy, and those who donated to the Freedom Convoy are now vulnerable to 'doxing.'"
Others say the incident was "typical hacktivism at work."
"The GiveSendGo site hack was clearly an act of hacktivism. It was essentially a denial-of-service launched against a site and cause that the attackers had an ideological difference with," says Perry Carpenter, a board member for the National Cyber Security Alliance and chief evangelist and strategy officer for the firm KnowBe4.
In response to the protests, Canadian Prime Minister Justin Trudeau has invoked the country's Emergencies Act, which allows his government to monitor suspicious transactions and even freeze the bank accounts of Freedom Convoy protesters, including related crypto assets.
In a press conference on Monday, Deputy Prime Minister Chrystia Freeland confirmed that the government planned to broaden the nation's terrorist financing rules to cover crowdsourcing platforms and cryptocurrencies.
And Trudeau on Monday said that the move would supplement provincial and territorial capacity to address "blockades and occupations." Trudeau said the scope of the measures would be "time-limited, geographically targeted, and reasonable and proportionate to the threats they are meant to address."
He added: "This is about keeping Canadians safe, protecting people's jobs and restoring confidence in our institutions."
The measure, he continued, would help address demonstrations in Ottawa, at Ambassador Bridge - which connects Detroit, Michigan, with Windsor, Ontario - and elsewhere.
"We cannot and will not allow illegal and dangerous activities to continue," the prime minister said.
He said financial institutions will be authorized to render services to address the situation, "including by regulating and prohibiting the use of property to fund or support illegal blockades."
The measure, according to Trudeau, would reinforce the "principles, values and institutions that keep all Canadians free."
Standard Not Met?
Taking to Twitter in response, the Canadian Civil Liberties Association wrote: "The federal government has not met the threshold necessary to invoke the Emergencies Act. This law creates a high and clear standard for good reason: the Act allows government to bypass ordinary democratic processes. This standard has not been met."
The Freedom Convoy movement has reportedly amassed over $19 million in funds, though not all of it has reached protesters, according to CoinTelegraph.
Instead, groups such as HonkHonk Hodl raised 22 bitcoins, or nearly $1 million, through the Tallycoin BTC fundraising platform, for the efforts, according to the same report.
And according to U.S. political publication The Hill, the demonstration has been praised by conservatives in the U.S., including Sen. Rand Paul, R-Ky.