Authorities are investigating interference with police radio communications, websites and networks used by law enforcement and other officials during recent U.S. protests over the death of George Floyd in Minneapolis.
Although the efforts to disrupt police radios and take down websites in Minnesota, Illinois and Texas aren’t considered technically difficult hacks, federal intelligence officials warned that law enforcement should be ready for such tactics as protests continue.
Authorities have not yet identified anyone responsible or provided details about how the disruptions were carried out. But officials were particularly concerned by interruptions to police radio frequencies during the last weekend of May as dispatchers tried to direct responses to large protests and unrest that overshadowed peaceful demonstrations.
During protests in Dallas on May 31, someone gained access to the police department’s unencrypted radio frequency and disrupted officers’ communications by playing music over their radios, according to a June 1 intelligence assessment from the U.S. Department of Homeland Security.
Dallas police did not respond to questions about the incident.
The assessment, which was obtained by The Associated Press, attributes the Dallas disruption to “unknown actors” and does not say how they accessed the radio frequency. It warned that attacks of various types would likely persist.
“Short-term disruptive cyber activities related to protests probably will continue — various actors could be carrying out these operations — with the potential to use more impactful capabilities, like ransomware, or target higher profile networks,” the assessment warns.
The assessment noted similar problems with Chicago police’s unencrypted radio frequencies during large downtown protests on May 30 followed by reports of arson, theft and vandalism. Chicago police also have not said how the radio frequencies were accessed, but an official with the city’s Office of Emergency Management and Communications told the Chicago Sun-Times that the tactic was “very dangerous.”
Police around the country have encrypted their radio communications, often arguing that it’s a way to protect officers and block criminals from listening in on widely available phone apps that broadcast police radio channels. But media outlets and local hobbyists have been frustrated by the changes, which also prevent them from reporting on issues pertaining to public safety.
The Department of Homeland Security issued a separate warning this week reporting that personal information of police officers nationwide is being leaked online, a practice known as “doxxing.” According to the report obtained by the AP, information shared on social media included home addresses, email addresses and phone numbers.
Law enforcement agencies have been targeted by online pranksters or hackers in recent years, including by some who claimed to be motivated by on-the-ground protests against police tactics. For example, the hacking collective Anonymous claimed responsibility for the defacement of local police departments’ websites in 2012 as protesters clashed with officers during the Occupy Wall Street movement.
Individuals who self-identified as being part of the collective also claimed to have accessed dispatch tapes and other Ferguson Police Department records in 2014 after a white police officer shot and killed Michael Brown, an 18-year-old black man.
Like other government entities, law enforcement agencies in recent years have been frequently targeted by ransomware attacks, in which a perpetrator virtually locks up a victim’s computer files or system and demands payment to release them.
The prevalence of cyberattacks — which can cause physical damage or far-reaching disruption — and less severe online trickery, such as stealing passwords, has given law enforcement agencies more experience at fending off efforts to take down their websites or access critical information. But hackers adapt too, and governments with fewer resources than private companies often struggle to keep up, said Morgan Wright, chief security officer for the cybersecurity company SentinelOne.
“The biggest concern they have right now is the safety of their communities, the safety of their officers,” Wright said of how law enforcement agencies view cyberthreats amid large demonstrations and unrest. “But if you look at what underpins everything we use to communicate, collaborate and operate, it’s all technology.”
As large protests gathered steam after the May 25 death of Floyd, a handcuffed black man who died after a white Minneapolis police officer used his knee to pin his neck down for several minutes, Minnesota Gov. Tim Walz said state networks had been targeted. He described the activity as a “a very sophisticated denial of service attack.”
But experts said the strategy of bombarding a website with traffic is common and doesn’t always take a high level of skill, counter to Walz’s description. Minnesota’s Chief Information Officer Tarek Tomes later said state services weren’t disrupted.
But the efforts got a lot of attention, partly due to unverified online claims that Anonymous was responsible after years of infrequent activity. The decentralized group largely went quiet in 2015 but is still known globally based on headline-grabbing cyberattacks against Visa and MasterCard, the Church of Scientology and law enforcement agencies.
Twitter users also made unverified claims that Anonymous was behind recent intermittent outages on the city government’s website in the Texas capital of Austin. Their posts indicated that the disruption was retribution for police officers shooting a 20-year-old black man in the head with a bean bag during a May 31 protest outside of police headquarters.
The injured protester, identified by family as Justin Howell, remained hospitalized Wednesday in critical condition.
The city’s IT department was looking into the site’s issues, but a spokesman said Monday that he couldn’t provide any information about the cause. He said the website was still experiencing a high volume of traffic.
“You should have expected us,” an account purporting to be Anonymous’ posted on Twitter. It also warned that “new targets are coming soon.”
The collective’s approach — anyone can act in its name — makes it difficult to verify the recent claims of responsibility. But Twitter accounts long affiliated with Anonymous shared them, said Gabriella Coleman, a professor at McGill University in Montreal who has studied the Anonymous movement for years.
People with more advanced and disruptive hacking skills often drove peak instances of attention for Anonymous, and it’s not clear whether that type of activity will resume, she added.
“There’s a lot of things going on in the background, people are chatting,” Coleman said. “Whether or not it materializes is another question. But certainly people are kind of aroused and talking and connecting.”