• Sat
  • Nov 1, 2014
  • Updated: 6:32am
Occupy Central
NewsHong Kong

Cyberattacks against Occupy Central poll traced to mainland firms’ computers in Hong Kong

IT expert traces IP addresses, and blames the enterprises for up to 40pc of security breaches

PUBLISHED : Monday, 23 June, 2014, 5:30pm
UPDATED : Tuesday, 24 June, 2014, 2:47pm

Up to 40 per cent of cyberattacks on the website used to run Occupy Central's unofficial plebiscite on electoral reform came from computers registered to mainland firms in Hong Kong, said an IT expert who advised the poll's organisers.

But it was possible the firms were unaware their computers were involved, as they may have been controlled by hackers, said Young Wo-sang, convenor of the Internet Society of Hong Kong's security and privacy working group.

Dr Chan Kin-man, a key organiser of the civil disobedience movement - which has vowed to blockade Central if the government fails to offer a satisfactory reform proposal - said the findings had fuelled Hongkongers' worries that Beijing was the ultimate hacker of the system.

The 10-day so-called referendum, allowing Hongkongers to pick their preferred reform proposal from a shortlist of three, faced over 10 billion distributed denial-of-service attacks shortly after it launched for pre-registration on June 13, knocking the system offline for periods.

Young said many attacks appeared to have come from computers in Hong Kong registered to mainland firms. "After tracing the IP addresses, we have found that 30 to 40 per cent of them were registered by mainland enterprises," he said.

Cyberattack on Occupy Central poll is 'most sophisticated onslaught ever seen'

Young has been advising the University of Hong Kong's public opinion programme - commissioned by Occupy to handle the poll - on security. He said the poll team had passed its information to police and urged them to locate the real culprit.

Last night police said they were still investigating.

More than 720,000 votes have been cast, including 48,000 at 15 polling stations on Sunday.

In Beijing, a mainland official joined the debate, saying the voting system was unprofessional based on his first-hand attempts to cast a vote.

Zhang Hong, a researcher with the Cyber Security Research Institute under the Ministry of Industry and Information Technology, said he voted twice on Sunday despite not being a Hong Kong permanent resident. He said he logged on to the online voting system using a false Hong Kong address and two Hong Kong cellphone numbers with the help of a friend in the city, and two Hong Kong ID numbers generated online.

"The credibility of the voting system is doubtful due to the technical loopholes," he said.

Zhang said he had tried to vote online eight times and succeeded twice.

"The system makes it impossible to verify whether all the votes are from qualified voters."

He tested the system "out of curiosity", and concluded the poll result was contaminated.

"[The voting] is merely self-serving. It is interesting for those who have no technical background but left us professionals speechless," he said.

Zhang also questioned people who said the cyberattacks were from mainland companies.

"It is not difficult to remove one's footprint from the internet. The attacker could easily hide their identity and then launch the attack," he said. "It is far-fetched to accuse the mainland authorities."

In response, Chan said Occupy had tried to prevent any dishonest voting. "I am particularly concerned that even mainland officials have failed to realise that using others' identities is in fact an offence under the city's laws," Chan said.

He urged people to vote at polling stations if they feared their identities were being used dishonestly online.



Related topics

For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive



This article is now closed to comments

So Mr. Zhang just admitted to wire fraud in public.
Then I hope the Hong Kong police will uphold the Basic Law and issue a warrant for his arrest.
Unfortunately it just shows the complete disregard for the law which we can expect from Mainland officials. Remember Tongzhi, the Party comes before the Law.
hackers leaving a trace...get a brain or at least think twice.
The statistic of attacks “30 to 40 per cent of them were registered by mainland enterprises“ is litterally pointless! What about the other 70 to 60 per cent, what does that mean?
Seriously, if the point is to sabotage this voting arrangement, would they not submit 7 to 8 million fake IDs to vote on "Abstain"? This way, it will render the voting absolutely unbelievable and people will not know what to believe. Is this not more effective than a denial of service attack? This is an amazing display of psychological warfare. Every move is an interesting one.
May Peace Prevail on Earth.
if it's a single letter prefix, there are 26 million possible combinations, if it's a double letter prefix, there are a possible 676 million combinations.
They don't re-use ID Numbers, so there are also many numbers for the deceased that could be used as well.
as expected !!
a few days ago Jimmy Lai claimed it was the work of mainland hackers, would scmp call him to verify his source.
This story merely confirms his statement.
40% of the cyberattack could be traced to mainland owned Hong Kong companies. What can be deducted directly from this fact? We can only say these companies' IT security is rather poor that their computers have been turned into zombies to carry out the DDOS attacks for some big brother(s) behind. Yet, it's not sufficiently enough to deduce the fact that the master mind must be from the mainland government or government related. One has to explained, why 40% rather than 100%? Or, for a master piece quality attacks, why not 0% so that the taint wouldn't stick to the mainland's side. We can only deduce someone did not like the poll. But this someone could just be anyone.
Very disgusted with this OC group. To execute as they called the "monumental DDOS" attacks require hundreds and thousands (or millions to of computers to bring down HKU's system) through a vast network of botnet implantation. DDOS attacks make infinite requests to a website to bottleneck others from visiting. To say ten and hundreds of computers in Chinese companies in Hong Kong had done the job is ludicrous. Either they don't know what they are talking about and blindly blame China, or they are lying through their teeth. But then, many Hong Kongers believe anything that is deemed popular.




SCMP.com Account