Cyber Crime

Cyber Criminals Are Threatening Abortion Access


The anti-choice movement has a new vicious tactic: terrorizing repro-rights fund-raising efforts online. Will the Supreme Court decide a cyber attack is on par with a physical one?



This summer, the Supreme Court will decide NIFLA v. Becerra, a case about whether crisis pregnancy centers must identify that they do not provide health services by installing signs outside their facilities. In addition to raising questions about free speech, the case has also incurred vast discussion about the internet and its role in increasing the dissemination of dangerous, false claims about abortion and other reproductive-health services.

The web has certainly played a role in empowering the reproductive-justice movement with making it easier to disseminate information about protests and actions and telemedicated abortion, and, crucially for low-income women seeking abortion services, launch online fund-raising campaigns. Yet the internet also has enabled a new breed of extremists to obstruct access without having to face women in person outside clinics, or even reveal their identities.

A lawsuit filed by the National Network of Abortion Funds (NNAF) last month has revealed a new tactic coming from the anti-choice movement, inciting violence through coordinated cyber crime and hacking.

Since 2009, NNAF and its member funds across the country host a Bowl-a-thon, the organization’s biggest annual fund-raising effort. The Bowl-a-thon helps the nonprofit in its ultimate mission: addressing financial barriers to abortion access. Currently, 32 states restrict public funding of abortion with few exceptions. Despite the objective legality of the procedure, the stigma and politicization of women’s health have yielded laws that treat it differently from all other legal medical services, leading to the utter necessity of nonprofit funding of abortion.

The Bowl-a-thon raises between 25 to 50 percent of NNAF’s collective annual budget through a series of local and virtual events with the goal of not only raising money, but also engaging and building lasting relationships with new supporters.

In April 2016, the National Network of Abortion Funds’ annual Bowl-a-thon was reaching its busiest period across the country when communications director Jenni Kotting said she and her co-workers were alerted to suspicious online activity. It started with concerning texts from representatives of abortion funds participating in the event, saying they had been notified that their donation webpages had been flagged as being not secure. Within days, it escalated into a nightmare of billions of dollars of fake, backdoor donations; the shutdown of donation pages; disturbingly racist and anti-Semitic emails sent via the online fund-raising platform from “Adolph [sic] Hitler”; and stolen emails, credit-card numbers, and billing addresses.

The hacking and cyber attacks took place over the course of several days, but NNAF staff were forced to spend the next two months cleaning up the mess, securing their online presence and helping affected donors and funds, all while continuing to maintain a lucrative event that is pivotal to their ability to facilitate abortion access.

“This was not the same as the other attacks we see, this was not the same as folks expressing their freedom of speech,” said Nilofar Ganjaie, a board member of the Northwest Abortion Access Fund (NWAAF), whose donations page had been compromised by hackers. “This was far more brazen: This was a professional cyber crime. I felt personally attacked, and even felt this level of personal responsibility,” she said. “I had sent this link to all my friends and family who were putting their personal information into a website—credit card numbers, first and last names, billing address, all that sort of thing—and then that information was potentially compromised.”

Now, two years later, NWAAF is one of several co-plaintiffs in a lawsuit filed by NNAF this March. (Other co-plaintiffs: the Eastern Massachusetts Abortion Fund, the Missouri-based Gateway Women’s Access Fund, Kentucky Health Justice Network, and Cleveland-based Preterm Access Fund.)

“We refuse to accept that our organization deserves fewer protections than any other entity that is affected by cyber crime,” Ganjaie said of the lawsuit.

NNAF is suing multiple anonymous John Does in the district court of Massachusetts for violating the Computer Fraud and Abuse Act, a cybersecurity law that makes it a crime to access protected computers and web pages without authorization, and, notably, the Freedom to Access Clinical Entrances (FACE) Act, which had been introduced in the Senate and signed into law by President Bill Clinton in 1994, in response to growing and increasingly threatening anti-abortion protests outside clinics. It is intended to protect patients and health-care providers against threats of force, and obstruction or damage of reproductive-health facilities

In light of the methods hackers used to infiltrate and hijack NNAF’s digital fund-raising platforms, the reasons for citing CFAA are obvious. According to the lawsuit, hackers—including suspected perpetrator Matthew James Davis—“placed malicious code” within fund-raising pages hosted by Blue Sky Collaborative, and later used cross-site scripting, or “XSS,” in the browsers of visitors to the NNAF fund-raising website. Hackers used javascript to “infect [visitors’] profiles, and present users with a fraudulent donation form,” which resulted in gaining access to names, contact information, credit card numbers, and more.

Davis is expected to be a perpetrator of the hacking, because his Twitter account @matthewjames sent a tweet congratulating NNAF on “passing the $830 trillion mark,” adding, “you’re gunna [sic] make little boys and girls a complete thing of the past!” within minutes of the hacking.

According to the lawsuit, investigation of Davis revealed he is “a religious anti-abortion activist with a background in technology and coding.” His website says that Davis is a “core team member” at Aurelia, a company that provides JavaScript client framework.

Kotting called the lawsuit a “novel use” of the FACE Act. “We have a standing here because we are people who aim to provide access to reproductive-health services, and any barriers to doing so caused by damage or destruction, which we feel qualifies under the FACE Act,” she said.

NNAF’s lawsuit is groundbreaking because, as Kotting noted, use of FACE highlights the inextricable connection between “online and offline violence” in the realm of abortion access, and brings crucial legitimacy to the term “cyber violence,” which may differ from protests physically taking place outside of clinics, but can be equally harmful. This is the first time FACE is being used to identify cyber crime and obstruction of online efforts to facilitate abortion access as bearing the same consequences of physical protests.

While the FBI oversees and investigates cyber crime in addition to physical attacks and threats, the bureau has yet to address cyber crime threatening abortion providers and groups like NNAF. In 2015, following the release of illegally obtained, fabricated videos of Planned Parenthood “selling baby parts” by anti-abortion extremists, the FBI released a warning about increased “criminal or suspicious incidents will continue to be directed against reproductive health care providers, their staff and facilities.” (Last year, the anti-abortion activists behind the videos were charged with 15 felonies.)

Somer Loen, a San Francisco–based reproductive-justice advocate and web producer, is a coordinator of three hackathons for reproductive justice in the last two years. The hackathons she helps host were inspired by NNAF’s experiences in 2016, when Loen had been a bowler for a fund-raising team in Sacramento, and their donations page had also been compromised. Loen thinks adapting the FACE Act to recognize cyber attacks is a necessary step in acknowledging how technology is used in many ways to obstruct abortion access.

“When the FACE Act was created, the internet obviously wasn’t where it is today, and while the methods of keeping people from accessing these clinics have changed, the principle and the effect is still the same,” she said.

Loen also pointed out how the rampant spread of false information facilitated by the internet can have the effect of “physically redirecting people who need services.”

“A big part of the way we communicate is through the internet now, and so crisis pregnancy centers’ whole goal is to prevent people who are trying to get abortions. They’ve really successfully positioned themselves as legitimate looking clinics online, and they’ve also really successfully advertised as abortion clinics online,” she said. “Using the FACE Act in the case really recognizes the internet’s growing role in whether women are able to access abortion. Hacking can be the use of force.”

Most of the fraudulent donations, which exceeded $66 billion within a couple hours, were made by “Adolph Hitler.” Over the next couple days, in addition to an email showing a picture of a fetus and bowling ball that read, “I hope I grow up big enough to go bowling someday,” another email sent to many Bowl-a-thon registrants from “Adolph” said: “I believe that the Aryan race is the Master Race; the purest human genetic strain currently available. Consequently, it tickles me to fund abortions for the lower races, such as the Negroes and the Jews. There is no longer any need to send these parasites to my concentration camps—they willingly slaughter their own young if given enough money to afford the [operation]. I am indebted to feminism and this new opportunity it has provided to cleanse our future generations. Keep it up, NNAF!”

Kotting said references to Hitler in the emails and donations were particularly concerning because “there’s a history of anti-abortion violence in person, at clinics,” she said. This is especially resonant in light of an uptick in organizing and activity among neo-Nazis and white nationalists such as the violent protest in Charlottesville last summer, which resulted in many injured and one dead.

“When things get really intense in the online space and people are being attacked there, we already know that anti-abortion extremists may also use violent tactics and have attempted murder and actually murdered people,” Kotting said. “So there’s an indication there that made us feel really unsafe.”

Kotting also noted how violent attacks on abortion access online or offline are, if not encouraged, then dangerously commodified, by rhetoric from politicians and influential figures like Kevin Williamson, a conservative thinker recently fired from The Atlantic for his advocacy of the death penalty for those who have abortions.

Language and anti-choice talking points equating abortion to murder seemed to motivate Robert Dear, the gunman who shot three dead at a Colorado Planned Parenthood in 2015, claiming to be a “warrior for the babies”—the same year the illegal videos were released. NNAF’s lawsuit also comes amid an alarming trend of increased violence and threats toward abortion clinics: In 2017, the Feminist Majority Foundation reported 34.2 percent of surveyed clinics experienced  “severe violence or threats of violence” in the first half of 2016, from 19.7 percent from the entirety of 2014, and higher, even, than the previously highest rate of 24 percent from the entirety of 1995.

In parts of the country where abortion access is especially limited and the climate hostile, the impact of the 2016 hacking episode felt particularly severe. Most of Kentucky is a desert for reproductive-health care; the state is one of seven in the country with only one clinic, and its clinic is located near the Indiana border, prompting women in other parts of Kentucky to travel out-of-state for abortion care. Kentucky is also one of 11 states in the country that prohibits insurance coverage of abortion in all private plans, and the sixth poorest state in the country. According to Kentucky Health Justice Network’s Meg Sasse Stern, clients seeking funding for abortion have been on the rise in recent years since 2016, when the state elected the rabidly anti-choice Matt Bevin as its governor. The Bowl-a-thon is a crucial fundraiser, and any dollar gained—or lost, through being shut down by hackers—matters.

“In Kentucky, we are always on the defense when it comes to sustaining access to abortion care and bodily autonomy,” KHJN’s support fund director Stern said. “Whether the threats, attacks, judgments, and restrictions are happening in the legislature, the courtroom, the sidewalk, or online, we know that our survival depends on a constant readiness to protect ourselves and others.”

The lawsuit brings attention to a critical truth: Online targeting and harassment are so prevalent that a hostile internet landscape is something most people working in reproductive-health have long accepted as part of the job. The cyber attack on a major abortion access fund-raiser is new—it’s blatantly illegal where “free speech” has always been cited to minimize the online harassment and hate speech people working in reproductive health are accustomed to. But ultimately, it stems from how the internet enables the mass dissemination of hate without consequences and accountability through anonymity.

“Unfortunately, I think all folks working in reproductive health access work are all too familiar with internet attacks. Harassment and threats, in general, is something we’re far too used to,” Ganjaie said.

Kotting also said that NNAF’s We Testify program, which supports people of color who have had abortions in sharing their stories to help change culture and policy around abortion access, draws a shocking level of online harassment. Because of it, the program offers “emotional support” and efforts such as organizing retreats and conventions and issuing takedown notices for abusive content posted about members online to protect their privacy and safety.

“Any time an abortion storyteller is in the media, they can encounter levels of bullying, harassment and doxing that would truly shock anyone,” she said. “People are being called a murderer, they’re receiving rape and death threats, their photos are being shared, people are looking up their family addresses, and all the racist, misogynist, transphobic and otherwise bigoted diatribes is completely overwhelming and traumatizing.”

According to a report from last month by Amnesty International, a quarter of women surveyed from eight countries, including the U.S. and U.K., said they had experienced online abuse or harassment at least once; a third of women polled in the U.S. said they had. Fifty-nine percent of women who experienced abuse or harassment said the perpetrators were complete strangers. Specific to NNAF’s lawsuit against defendants who are anonymous, Kotting said a major goal of the lawsuit is “de-anonymizing” cyber violence, which is largely enabled by anonymity.

“Not knowing the identity or identities of the attackers was a driving reason for filing the lawsuit so that we could make a strong statement that attackers, whether online or offline, should not be able to hide or remain anonymous,” she said. “Were they to remain anonymous, the very real threat against our work and safety would not end.”

According to the same Amnesty International report, this issue disproportionately affects women of color and other marginalized groups; a 2016 survey of 1,017 adults found 55 percent of those who said they experienced online harassment were women, and people of color were more likely than white respondents to say they had experienced harassment. According to Ganjaie, “The antis tend to target people that fall at the identity margins when we’re talking about identities,” she said. “Women of color looking for abortion access are more susceptible to anti-abortion extremist attacks online, and that’s very apparent.”

But tech and abortion rights aren’t always at odds.

Previous hackathons Somer Loen has hosted in the last two years have seen the inception of apps and other projects to boost safety for abortion clinics and volunteer services, make laws around abortion in different areas more digestible and accessible, and even help undocumented minors access abortion, and help those seeking the procedure identify fake clinics in their communities. Some experts in the tech field may align themselves with the anti-choice movement, but others may bring the same expertise and dedication to protecting and expanding abortion access.

“There’s another side to the coin—you can also crowdsource the truth,” she said. “There’s a lot of great projects being worked on, but at the end of the day, I still believe the strongest resource we have in reproductive rights is still our community.”

Loen looks forward to the next hackathon for reproductive justice this June in Texas.

The lawsuit notes the cyber attack “shut down the Bowl-a-thon fund-raiser, costing NNAF and its member funds hundreds of thousands of dollars in lost donations, substantial fees, time, and resources to address the attack and the loss of goodwill from its donors and member organizations.” A year after the incident, in 2017, the Bowl-a-thon raised $1.7 million, breaking its previous record of $940,000 from 2016—the year the hacking took place.

In addition to the ways tech is being used to prop up abortion rights and expand access and education, Ganjaie thinks large-scale attacks on abortion access can have the effect of unifying and rallying pro-choice advocates and supporters.

“We were able to hold people’s feet to the fire, like, ‘Look, this is really a serious issue, this is something that really needs your attention, that really needs to be funded. This is how vigilant the antis are,’” she said. “I would draw a similar comparison to the 2016 election, where the people were sort of stagnant in their support for whatever issue it was they care about before, but now we tend to see huge movements of activism. When the attacks weren’t as obvious and eminent, people grow a little stagnant.”

A month after filing the precedent-setting lawsuit, NNAF and its network are wrapping up the 2018 Bowl-a-thon, which ends on April 30. As the organization approaches $1 million in fund-raising at the end of this year’s Bowl-a-thon, Kotting says abortion funds are invigorated to overcome hate-fueled attacks.

“The level of threat against us is rising, and there’s new forms of threats—but it just makes us want to fight harder,” she said.

AN INDEPENDENT FREE PRESS HAS
NEVER BEEN MORE IMPORTANT.

Your financial support helps DAME continue to cover the critical policies, politics social changes impacting woman and their allies.