Pussy Riot

Pussy Riot is a global feminist art and activist collective using art, performance, and direct action to challenge authoritarianism and human rights violations, particularly by the Russian government. Due to their activism, members face constant threats, including physical and digital attacks.

"We organize exhibitions, public installations, and digital campaigns. From staging anti-Putin performances to building art that intervenes in media narratives, we continue to amplify voices that authoritarian regimes would rather silence.” says John Caldwell, Manager and Digital security specialist for the organization.

In 2023, Pussy Riot founder Nadya Tolokonnikova was placed on Russia’s most wanted list for her political resistance, including outspoken challenges to Putin, as well as financial support to Ukraine. Pussy Riot’s website and social media accounts were frequently targeted by cyberattacks, ranging from low-effort trolls to state-funded cybersecurity units. This included DDoS attacks, phishing, credential stuffing, bot crawlers, and brute-force attempts. These attacks often coincided with major political actions or releases.

“Our members have been jailed, beaten, poisoned, and our friends have been murdered. In addition, there have also been active digital campaigns and narratives aimed against us.” - Nadya Tolokonnikova, Founder

Before joining Project Galileo, Pussy Riot spent significant time addressing security issues instead of focusing on their activism. Their website and social media platforms were frequent targets, resulting in occasional takedowns. The group endured a wide array of digital threats, ranging from social engineering tactics like catfishing schemes to sophisticated technical assaults such as DNS attacks. These constant security challenges significantly hampered their ability to communicate and organize, detracting valuable time and resources from their core mission of artistic activism.

When the organization joined Project Galieo, they implemented DDoS mitigation, rate-limiting Zone-level Web Application Firewall rules. The WAF accurately detected their tech stack (PHP and WordPress) and enabled the right features without extra setup. The tool acted as a “force multiplier,” allowing their team to operate more efficiently despite limited resources. Additionally, to address significant email spam issues, with volumes exceeding 100 per day, Pussy Riot implemented Cloudflare Turnstile which proved more effective than Google reCAPTCHA in preventing spam.

The nature of Pussy Riot’s work has meant the organization is frequently on the receiving end of hostile and adversarial cyberattacks, with these spikes in traffic and DDoS attacks often culminating after the publication or performance of the group’s art, and any subsequent media coverage. As a result of this, the group is unable to share publicly the extent of the threats and malicious traffic they receive. The threat landscape for human rights defenders is constantly growing everpresent, and under the umbrella of Project Galileo, organisations such as Pussy Riot can sustain their operations without fear of being knocked offline.

“It’s a big relief knowing our site is secure, and that we have tools that large enterprise companies use. That gives us peace of mind to focus on art and activism instead of these details.”