Extortionists have embraced a new type of high-tech “fundraising” that involves hacking into companies’ servers and holding their data hostage for money. But in a new twist, the bandits are demanding the money for charity, not themselves.
Nearly 200 companies are estimated to have been targeted since March by the anonymous rogues, who fancy themselves not as criminals but as anti-capitalist reformers out to level the playing field for the poor and disenfranchised. To get their data back, victims are given the option of providing proof they donated to an approved charity or sending money directly to the group, which claims it will donate the money for them.
But nonprofits that receive tainted money risk having their reputations sullied in a public relations nightmare and would likely be forced to surrender the booty if caught, which arguably should serve as a fresh reminder about the perils of accepting something that seems too good to be true.
The Robin Hood cyberattacks thus far appear largely aimed at users of Zimbra, an online workplace messaging and collaboration tool whose users began complaining in online forums two months ago about system compromises and ransomware issues. The ransomware gang’s activities finally came to light when a WikiLeaks-style website for corporate secrets revealed the group’s recent hack of an Indonesian-Swiss mining conglomerate. The attackers have since pledged to steer away from targeting companies in Africa, Latin America “and other colonized countries” and to instead target those in the United States, Russia and Europe “excluding Ukraine as they’re dealing with enough shit at the moment.”
“Unlike traditional ransomware groups, we’re not asking you to send us money,” the hackers wrote in a recently republished ransom message. “We just dislike corporations and economic inequality. We simply ask that you make a donation to a non-profit that we approve of. It’s a win-win, you can probably get a tax deduction and good PR from your donation if you want.”
The hacktivists went on to defend their activities as a form of asymmetrical class warfare and vowed to “steal back what we can,” even as they acknowledged their targets might have done nothing wrong themselves. “Anyways we don’t care, we have as much sympathy for them as they have for us,” they wrote. “They can pay and get their files decrypted, or not and get them leaked… That’s the power of a riot, the power of a union, the power of general strikes, of collective action, of sabotage, of fire, and of hacks.”
These cybercriminals are apparently among the first to claim altruism as their sole motivation, but they’re not the first who’ve tried to put a positive spin on their activities by claiming to share some of the loot with charity. Two years ago the DarkSide ransomware group, believed to be based in Eastern Europe, did the same after orchestrating a cyberattack on Colonial Pipeline, resulting in the shutdown of the East Coast’s chief fuel supply conduit for several days. After finding itself in the FBI’s crosshairs, the group issued a “press release” touting its support for charity and promise to vet its targets more “ethically” in the future. A year earlier, the group issued a similar statement announcing it had donated $20,000 in Bitcoin to Children International and The Water Project charities, both of whose leaders later vowed not to accept the money.
Charities accepting cryptocurrency donations could be particularly susceptible to getting drawn into such schemes, believes Tech Impact CEO Patrick Callihan. Nonprofit recipients of these ill-begotten gains would likely not be criminally liable themselves, assuming they received the funds unknowingly and were not complicit. But they “may well be forced to return the money,” said attorney Jeff Tenenbaum, whose Washington, D.C. firm advises hundreds of nonprofits across the country.
Just what charities can do proactively to guard against such scenarios is less clear. For all of them, it probably makes sense to be leery of large dollar gifts that don’t pass the smell test, but “I don’t know what they could do except to screen their large donors to the extent possible,” Tenenbaum said.
Nonprofits could be at risk not only of receiving dirty money but could also make tempting targets themselves, particularly large organizations that have outdated cybersecurity and technology but multimillion dollar budgets that hackers might wish to “redistribute” to other charities. “I think all nonprofits are targets, certainly ‘wealthier’ ones,” Callihan told The NonProfit Times. “Hackers often do their homework and have a sense, probably based on 990 data, as to what the organization can absorb as a potential loss for a ransom amount.”
The state of security for the nonprofit sector remains a continuing concern for this reason. “I think that nonprofits with large budgets are already at risk for cyberattacks because they likely have data that is worth an organization paying to retrieve and the budget to pay,” concurs Amy Sample Ward, CEO of NTEN. Still, the potential list of corporate targets is likely as long or longer.“I think the Robin Hood phenomenon is one that predates the internet and will surely continue to be part of society so long as we live in an inequitable world,” Ward told The NonProfit Times. “Ultimately, nonprofits and philanthropies are part of the capitalist system that groups like this wish to address but have access to different power and roles in that system, making them less of an important target and more of a vehicle for change.”
NPT remains dedicated to supplying breaking news, in-depth reporting, and special issue coverage to help nonprofit executives run their organizations more effectively.
©
NPT Publishing Group