Attack on Hong Kong's internet infrastructure a form of terrorist warfare
Erwin Huang is baffled by the government's apparent inaction after a potentially devastating attack on Hong Kong's internet infrastructure
Hacking is common today, yet the scale, tactics and duration of the cyberattacks on the Occupy Central civil referendum platform were unprecedented. It is estimated that the week-long attack involved thousands of computers and even at one point directly attacked the .hk internet infrastructure.
The raids were mainly distributed denial-of-service attacks that are designed to overload a server in a short period of time. It is as if many people are trying to visit the same website, making it impossible for real users to visit, thus "denying service". During the early part of the week, the servers were hit three billion times in a few hours.
Denial-of-service attacks require a large number of "zombie" computers, or botnets. Most of these have been infected by viruses and controlled ahead of the attack. In fact, most people don't know their computers are being remotely controlled. They can be computers or computing devices such as smartphones and even cheap set-top boxes.
During the week-long attack, the hackers shifted tactics from overloading the target website to hitting the whole .hk network. Such an attack threatens every website or service with this suffix, including government services, financial institutes, health care and emergency systems. If the .hk network infrastructure is compromised or overloaded, the consequences are unthinkable. An attack of this sophistication and size should be considered terrorist warfare.
As a director of the Hong Kong Internet Registration Corporation, the administrators for .hk I helped defend Hong Kong's internet infrastructure. I was surprised by the sophistication of the attacking parties, and find the silence and indifference of the Hong Kong government most unnerving.
In today's world, the internet is a necessity. Yet even a week after the incident, the government has not commented on this dangerous and unprecedented attack. Are the police investigating? No official has come forward to give advice to citizens, or talks of contingency plans if the network should fail. If our networks are down, the consequences could be much worse than our roads being blocked by the Occupy Central campaign.
Fortunately, a group of unsung heros, both individuals and companies like the start-up CloudFlare, worked night and day to defend .hk They deployed thousands of servers around the world and filtered out attacks (mostly from the US, mainland China and Russia). Competing network vendors and service providers worked together to exchange intelligence to protect our lifestyle and businesses.
We should preserve this spirit and build a defend.hk alliance for the future, emphasising prevention and better coordination within industries, government and the public. Maybe we need a cyber warning signal, not unlike the typhoon signals that are understood so well.
Whatever the reason for the attack, it is pathetic to resort to global acts of terrorism to stop the people from voicing their opinion.
Almost 800,000 people voted, digitally and physically, one of the largest turnouts in Hong Kong's history, to defend our core values and thus .hk.
Erwin Huang is chairman of the Hong Kong Information Technology Federation