• Wed
  • Oct 29, 2014
  • Updated: 11:24pm
Occupy Central
NewsHong Kong

Cyberattack on Occupy Central poll is ‘most sophisticated onslaught ever seen’

Head of cybersecurity firm trying to keep unofficial referendum going says bid to crash it is gigantic, and coming from around the world

PUBLISHED : Tuesday, 24 June, 2014, 2:19pm
UPDATED : Wednesday, 25 June, 2014, 3:23am

The cyberattacks on the web platforms used to run Occupy Central's unofficial referendum on political reform originate from almost every country in the world, says the head of a US-based cybersecurity firm that has been holding off attempts to crash the voting system.

CloudFlare chief executive Matthew Prince said yesterday the variety of methods used in the cyberattacks made them the most sophisticated ever seen. But he was confident his team would keep the system working until the 10-day poll closes on Sunday.

"[The attackers] continue to use different strategies over time," Prince said. "It is pretty unique and sophisticated."

Besides flooding the site with overwhelming amounts of data and encrypted requests, the hackers also directly attacked CloudFlare's upstream provider as well as the website popvote.hk

The number of requests - 300 gigabits of information per second at its peak - made it one of the largest cyberattacks in history, according to Prince.

The high-level attacks, lasting about 15 minutes each time, recurred every few hours, he said.

The IT expert said the hackers used compromised computers - which allowed them to be remotely controlled - to launch the attacks from virtually every country in the world.

It was hard to determine whether a state could have been involved in organising such a large-scale cyberattack, he said.

CloudFlare was one of three firms offering technical support to the Occupy poll of views on how the 2017 chief executive election should be carried out.

But the unprecedented scale of the intrusion - more than 10 billion denial-of-service attacks - overwhelmed the servers of the other two companies, Amazon Web Services and UDomain, shortly after the system opened for pre-registration on June 13.

The two firms then withdrew their participation in the project. CloudFlare was the only security expert left to protect Hongkongers' chance to vote around the clock, Prince said, adding that his team managed to filter out many attacks before they reached the voting system.

The Occupy vote was one of the hundreds of websites offered free support by CloudFlare as part of Project Galileo, the company's mission to defend politically and artistically important projects.

"We think it is important that … an individual would not be able to knock [a website] offline worldwide just because they don't agree with that content," Prince said.

But he stressed that CloudFlare was not a political organisation and did not take sides.

"Our job is to protect the internet and we do that regardless of what political messages are uploaded," Prince said, adding that the websites they protected covered topics across the political spectrum, from the Middle East to Latin America.

By midnight, 738,233 Hongkongers had cast their votes for reform proposals from a shortlist of three in the referendum. Of the total votes, 688,206 were cast via popvote.hk or the PopVote smartphone app, with the rest cast at polling stations.



Related topics

For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive



This article is now closed to comments

The media should rename the “occupy Central’s unofficial referendum” as “occupy Central’s unofficial Gallup Poll”.
How About
Putting aside all positions I’d think this is by far the political (cyber) mystery of the decade worthy of more investigative effort, so it’s somewhat disappointing with these known unknowns and unknown unknowns:
1) On the popVote site : 40% of the China-HK computers were used in the DDoS attack, this meant they were botnet or not? And what does that mean? 40% meant located here in HK whilst 60% botnet is located elsewhere, again what does this mean?
2) If Cloudfare isn’t yet able to intelligently tell us anything, shouldn’t SCMP or the HKP approach Booz Allen Hamilton for a view?
3) Back to Apple Daily’s website- there was the time lapse of DDoS attack to be explained, and Jimmy Lai’s accusation within 24 hours of the DDoS attack came from China, do we have anything on those yet?
More votes means more secret funding from the US to those who organize the vote. Once HK is destroyed, those who started the mess will leave in a hurry, with the money they received from the evil nations.
Dai Muff
Those creating the mess are already educating their kids abroad and shipping their money abroad. And most of them are in the mainland.
So many of the commentators here seem to think that expressing their opinions is important. I agree. I also agree that 700,000 votes cannot be translated into the opinions 1.3billion. We in Hong Kong never suggested that 1.3billion people should be asked, but we will mostly agree that a vote in China should be allowed. The referendum could have just one question; Do you want the Communist Party to rule China? Go ahead if you've got the b***s and ask everyone that question, but of course you don't and won't. You CCP sympathizers don't care one jot for what the Chinese people want, you only care about what you want. Selfish to the core.
I see that the usual suspects are still bent out of shape over the turnout. After more than 700K, that ship has sailed. They should save their breath for the next pertinent issue, which is the actual result of the referendum.
Off course the C.h.o.g.e. Communist Party is behind the cyberattacks. C.h.o.g.e.s just naturally have a criminal mindset. That's why the U.S. told Huawei to fxkcoff.
i wonder how this system can detect if i am NOT permanent resident and voting?
Furthermore, I wonder if the system could prevent someone from voting repeatedly
Dai Muff
Asked and explained. Read up.
Meanwhile you'd better start making up reasons why all the people on the street next Tuesday are optical illusions.




SCMP.com Account