Cyber Incident Victim: Online Democracy Poll
Date:
Jun 2014
Location:
Hong Kong
Summary
A sophisticated distributed denial of service (DDoS) attack targeted an unofficial online democracy poll in Hong Kong, overwhelming the platform with a peak traffic volume of 300Gbps—potentially one of the largest such attacks observed. The assault utilized a novel HTTPS flood technique focusing on TLSv1/DES-CBC3-SHA encryption to maximize computational strain, described as highly advanced. Cloudflare mitigated the attack using preemptive DNS sinkholes after receiving advance warnings, diverting malicious traffic away from the victim's infrastructure. The poll, which gathered over 680,000 responses regarding political representation, restricted access to Hong Kong residents to reduce server load. While perpetrators remained unidentified, the incident highlighted threats to platforms challenging established political processes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2014, a Hong Kong-based online democracy poll known as PopVote.hk experienced a large-scale distributed denial-of-service (DDoS) attack during its operation. The unofficial poll, which aimed to gauge public sentiment on Hong Kong’s electoral system, attracted approximately 680,000 participants over a weekend. The poll represented a direct challenge to Beijing’s authority, as it allowed residents to express preferences for political representatives outside the official 1,200-member committee tasked with candidate selection. Cloudflare, the cybersecurity firm protecting the site, reported that the attack began before the poll closed and continued into the following Monday. The company’s CEO, Matthew Prince, characterized the incident as one of the largest and most sophisticated DDoS attacks observed at the time, with traffic peaking at 300 gigabits per second (Gbps) and potentially exceeding that volume. Attackers employed a Layer 7 HTTPS flood targeting the TLSv1/DES-CBC3-SHA encryption protocol, a method designed to maximize computational strain on servers by exploiting resource-intensive cryptographic processes.
Cloudflare mitigated the attack using DNS sinkholes after receiving advance warnings about the impending assault. These sinkholes redirected malicious traffic away from both Cloudflare’s infrastructure and the PopVote.hk servers, preventing the attack from overwhelming the target. The company’s proactive measures ensured the poll remained accessible to Hong Kong residents throughout the voting period, though access was restricted to users within the region to reduce server load. The incident highlighted the political tensions surrounding Hong Kong’s electoral reforms, as Beijing had proposed introducing universal suffrage by 2017 at the earliest. No attribution for the attack was disclosed in available reports. The website concluded its polling operations as scheduled despite the sustained assault, with Cloudflare continuing defensive actions for at least 24 hours after polls closed.