Threat Of Our Times: Ddos Attacks Against Hong Kong Protesters

Threat Of Our Times: Ddos Attacks Against Hong Kong Protesters
Threat Of Our Times: Ddos Attacks Against Hong Kong Protesters

Protests in Hong Kong have been ongoing for over half a year now as the populace makes its feelings known about potential laws regarding extradition agreements between the city and mainland China. Beyond the political impacts of these events, the case demonstrates the use of cyberattacks as a means for a government to handle foreign policy.

Throughout the course of the protests, websites only tangentially associated with the protest have been targeted by Distributed Denial of Service (DDoS) attacks intended to disrupt these protests. The use of DDoS attacks against services not directly associated with the protests demonstrates the importance of deploying DDoS protection for all organizations since anyone could potentially be a target of such an attack.

The Great Cannon Used Against Hong Kong Protesters

The Hong Kong protests have been the target of multiple DDoS attacks over the last year. In August 2019, the LIHKG social media platform was targeted by a DDoS attack using the Great Cannon DDoS tool.

The Great Cannon tool takes an unusual approach to building a botnet for performing DDoS attacks. Most DDoS botnets, like Mirai, take advantage of cheap cloud computing or the plethora of insecure Internet of Things (IoT) devices running with weak, default passwords to build up the computing power needed for the attacks.

The Great Cannon, on the other hand, uses man-in-the-middle (MitM) attacks against desktop computer users to build a DDoS botnet. Chinese users visiting insecure HTTP connections have malicious JavaScript injected into the served content by the Great Cannon tool. This malicious JavaScript turns them into DDoS bots which then send traffic to the target of the attack. In this case, the target was the LIHKG social media site, which is similar to Reddit. The site was being used by the protestors to coordinate their efforts, and the attack was intended to destroy this coordination, making the protests less effective and impactful.

Targeting Telegram

However, this attack against LIHKG was not the first time that the Chinese government used a DDoS attack to attempt to disrupt protests in Hong Kong. In June of that year, Telegram experienced a DDoS attack that is also attributed to the Chinese government.

Telegram is an encrypted messaging app that enables users to set up channels that can broadcast messages to an unlimited number of recipients. This combination of security and reachability made it an ideal choice for organizers of Hong Kong-based protests to coordinate with participants. However, the use of Telegram as a tool for organizing these protests made it a target of a DDoS attack on June 12, 2019. The service received a truly huge amount of malicious requests, rendering it incapable of properly responding to legitimate requests from its users.

An internal investigation by the Telegram team determined that the vast majority of the requests originated from IP addresses allocated to China. This, in combination with the fact that the attack coincided with the Hong Kong protests, resulted in the Telegram team attributing the attack to the Chinese government.

While discussing the attack, the CEO of Telegram stated that this is not the first time that the company has experienced “state-level” DDoS attacks, and that these attacks typically coincide with protests occurring in Hong Kong. This pattern indicates that the use of DDoS as a means of implementing foreign policy is likely to continue, and that Telegram, and similar sites, must deploy protections against these threats.

Implications of the Hong Kong DDoS Attacks

While these DDoS attacks do not have the cyber-physical impacts of the attacks that cut off power in the Ukraine, they represent the clear use of cyberattacks as a tool for foreign policy. The timing and attribution of these attacks has caused them to be (correctly or not) attributed to the Chinese government’s attempts to interfere in the governance of Hong Kong.

Beyond the political impacts of these attacks, they also demonstrate that every organization is a potential target of a cyberattack. For example, Telegram offers end-to-end encryption of messages sent on its platform. Theoretically, this means that the organization does not have the capability to read the messages being sent on its platform.

As a result, the company may have been targeted by a DDoS attack without any knowledge of the reason behind it. While, in this case, Telegram was aware of the circumstances, this may not always be the case. As DDoS attacks become increasingly affordable and cybercriminals continue to offer DDoS as a service, any organization could be targeted by a DDoS attack without warning.

Protecting Against DDoS Attacks

Unlike other common types of cyberattacks, DDoS attacks do not require an organization to make a mistake to be vulnerable. A DDoS attack does not take advantage of an employee clicking on a malicious link in a phishing email or an unpatched vulnerability in an Internet-facing web application.

Instead, DDoS attacks degrade or destroy access to a service by overwhelming it with more malicious requests than it is capable of processing. As demonstrated by the attacks against LIHKG and Telegram, these attacks can be extremely effective, even against large organizations with significant network infrastructure.

Defending against these types of attacks requires organizations to deploy strong DDoS prevention solutions. These tools filter out malicious requests while allowing legitimate ones to pass through, enabling an organization’s web presence to remain online even in the face of state-level DDoS attacks.

About the author


Jitender Sharma

Founder of The Next Hint, Inc. and Publisher on Google News. Spent 25,000 hours in Business development and Content Creation. Expert in optimizing websites according to google updates and provide solution-based approach to rank websites on Internet. My aspirations are to help people build business while I'm also open to learning and imparting knowledge. Passionate about marketing and inspired to find new ways to create captivating content.
Follow him on Linkedin and Twitter

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

Subscribe us

Please wait...
Want to be notified when our article is published? Enter your email address and name below to be the first to know.