The Chinese regime has launched an offensive against a popular online forum used by Hong Kong protesters in an effort to undermine the ongoing pro-democracy movement that seeks an autonomous Hong Kong, AT&T Cybersecurity has found.
From Behind the Great Firewall
Dubbed the ‘Great Cannon,’ distributed denial of service (DDoS) attacks work by intercepting traffic from China-based servers and inserting malicious Javascript to millions of internet users, and then hijacking those users’ connections to bombard a targeted site with traffic causing the victim’s server to crash.The malicious code sends repeated requests to the LIHKG home page in an attempt to cripple it. The code also targets several dozen memes and websites that appear on LIHKG, most likely in an attempt to make the number of requests received by LIHKG blend in with “normal traffic.”
The requests also go so far as to direct LIHKG to unnecessarily process remote memes to a new size before they are served to the user—draining the server’s computational resources.
However, according to AT&T Cybersecurity researcher Chris Doman, these hijacking activities are unlikely to succeed, owing to the robust anti-DDoS service LIHKG has in place and some bugs in the malicious code.
Doman said it was “disturbing” to see the renewed use of such cyber weapons that are “again causing collateral damage to U.S.-based services.”
In a post dated Aug. 31, LIHKG reported that it had suffered from “unprecedented DDoS attacks in the past 24 hours,” with more than 1.5 billion total requests and a maximum of over 6.5 million unique visitors per hour, which led to internet congestion and overload.
Attacks on Telegram
Earlier on June 12, Telegram’s Pavel Durov had reported a “state-actor-sized” DDoS attack with majority of IP addresses coming from China. June 12 was the day that around two million Hongkongers took to the streets demanding the local city government withdraw a controversial extradition bill that was seen to be eroding Hong Kong’s rule of law free from the control of the Chinese Communist Party.Other Cyber Attacks
On Aug. 31, 2017, Great Cannons took aim at a New York-based Chinese language news website Mingjing News. AT&T Cybersecurity said it has continued to observe attacks over the past year, and noted that the Javascript code in the Aug. 31 attack against LIHKG was “very similar” to that used to target Mingjing News.In the same month, GreatFire, the nonprofit that dedicates itself to monitor and counter the Chinese regime’s internet censorship, also experienced multiple similar attacks. The organization said the requests totaled to as many as 2.6 billion per hour—about 2,500 times higher than normal levels.