abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Article

6 Sep 2019

Author:
Jane Li, Quartz

Hong Kong protestor site accused Baidu and Qihoo of cyber attacks; cybersecurity expert said attacks initiated by Chinese websites were unlikely

“A Hong Kong protester site says cyber attacks against it piggy-backed off China’s Baidu”, 2 September 2019

… LIHKG, the de facto online headquarters for protestors, who use the website to exchange tips and comments about the movement, said it came under an “unprecedented” distributed denial of service, or DDoS, attack on Aug. 31, with the episode leading to denied access to the website for some of its users. DDoS is a form of cyber attack that floods a targeted machine or server with so many requests the system gets overloaded and can’t fulfill some or all legitimate requests from actual users.

“We have reasons to believe that there is a power, or even a national level power behind to organize such attacks as botnet from all over the world were manipulated in launching this attack,” the website, which is run by anonymous operators, announced in a post…

The forum identified two Chinese websites as being among those involved in the attack, including Baidu Tieba, an online forum under Baidu, the largest search engine in China, and qihucdn.com, which some LIHKG users believe belongs to Qihoo360, a Chinese internet security firm. Baidu declined to comment, while Qihoo360 did not reply to a request for a comment.

K, a cybersecurity expert… said his diagnosis shows the attacks were unlikely initiated by Baidu and the other Chinese websites themselves. Rather, he suspects the attacks happened because the websites were perhaps “compromised” through some malicious Javascript inserted in their content delivery network (CDN), a system of distributed servers that deliver pages and other web content to users. According to K, the “compromised” scripts could effectively lead to the computers of anyone that visits the affected Chinese websites to launch the DDoS attack on LIHKG.

It is unclear whether Baidu or Qihoo is aware of the issue, or which organization might have inserted malicious scripts into the servers, he added…[Also referred to Telegram, Twitter, Github]

Timeline