Occupy Central

Cyberattack on Occupy Central poll is ‘most sophisticated onslaught ever seen’

Head of cybersecurity firm trying to keep unofficial referendum going says bid to crash it is gigantic, and coming from around the world

PUBLISHED : Tuesday, 24 June, 2014, 2:19pm
UPDATED : Wednesday, 25 June, 2014, 3:23am

The cyberattacks on the web platforms used to run Occupy Central's unofficial referendum on political reform originate from almost every country in the world, says the head of a US-based cybersecurity firm that has been holding off attempts to crash the voting system.

CloudFlare chief executive Matthew Prince said yesterday the variety of methods used in the cyberattacks made them the most sophisticated ever seen. But he was confident his team would keep the system working until the 10-day poll closes on Sunday.

"[The attackers] continue to use different strategies over time," Prince said. "It is pretty unique and sophisticated."

Besides flooding the site with overwhelming amounts of data and encrypted requests, the hackers also directly attacked CloudFlare's upstream provider as well as the website popvote.hk

The number of requests - 300 gigabits of information per second at its peak - made it one of the largest cyberattacks in history, according to Prince.

The high-level attacks, lasting about 15 minutes each time, recurred every few hours, he said.

The IT expert said the hackers used compromised computers - which allowed them to be remotely controlled - to launch the attacks from virtually every country in the world.

It was hard to determine whether a state could have been involved in organising such a large-scale cyberattack, he said.

CloudFlare was one of three firms offering technical support to the Occupy poll of views on how the 2017 chief executive election should be carried out.

But the unprecedented scale of the intrusion - more than 10 billion denial-of-service attacks - overwhelmed the servers of the other two companies, Amazon Web Services and UDomain, shortly after the system opened for pre-registration on June 13.

The two firms then withdrew their participation in the project. CloudFlare was the only security expert left to protect Hongkongers' chance to vote around the clock, Prince said, adding that his team managed to filter out many attacks before they reached the voting system.

The Occupy vote was one of the hundreds of websites offered free support by CloudFlare as part of Project Galileo, the company's mission to defend politically and artistically important projects.

"We think it is important that … an individual would not be able to knock [a website] offline worldwide just because they don't agree with that content," Prince said.

But he stressed that CloudFlare was not a political organisation and did not take sides.

"Our job is to protect the internet and we do that regardless of what political messages are uploaded," Prince said, adding that the websites they protected covered topics across the political spectrum, from the Middle East to Latin America.

By midnight, 738,233 Hongkongers had cast their votes for reform proposals from a shortlist of three in the referendum. Of the total votes, 688,206 were cast via popvote.hk or the PopVote smartphone app, with the rest cast at polling stations.