Category Archives: DDoS

Anonymous sets its sights on the World Cup

Posted on by

The hacker collective Anonymous has launched a series of attacks on World Cup sponsors and other affiliates, stealing data and taking over websites.

On Thursday, Anonymous took credit for taking down sponsor Yingli Solar, a Chinese solar power company, as well as breaching the network of Globo TV Brasil, Brazil’s largest television network, and publishing employee details online.

The group has also targeted a number of Brazilian governmental bodies, including the Ministry of the Environment and the Military Police of Sao Paulo State.

On Friday, Anonymous used a DDoS attack to bring down the 2014 World Cup site for several hours. Later that day, the group bragged about its alleged conquests: “Anonymous 145 x 0 FIFA.”

The hacks have been publicized under hashtags including #OpMundial2014, #OpWorldCup, and #OpHackingCup.

The cyber security company Symantec, which tracks cyber attacks, issued a notice on the eve of the World Cup warning potential targets of likely ploys, “including ‘run-of-the-mill’ distributed denial of service (DDoS) attacks, phishing/spear-phishing emails, intrusion and data-theft attempts, vulnerable software exploration, web application exploits, and possibly website defacement.”

Anonymous has been vocal about its plans to disrupt the World Cup. In February, several alleged Anonymous members told Reuters that they planned to go after sponsors as well as the Brazilian government during the tournament, noting that the massive audience would serve as a useful stage to protest the expense of the World Cup games—estimated at $14 billion—in a country where many citizens still lack access to basic services.

In May, Anonymous hackers broke into the Brazilian Foreign Ministry’s computers and leaked confidential emails. Stating that the group had “a plan of attack,” one hacker told Reuters that World Cup sponsors would be Anonymous’s prime targets, naming Coca Cola, Budweiser, and Adidas.

Despite the longstanding threats, Brazil was widely seen as a sitting duck for hackers, in large part because of its aging telecommunications infrastructure. “I don’t think there is much they can do to stop us,” one hacker told Reuters.

Last June, hackers replaced the FIFA World Cup homepage with a video showing protesters marching against public transit fare increases, which spurred mass protests around the country. In the video, the protesters, who chant “sem violencia” or “without violence” throughout, eventually encounter a line of police officers, who respond with rubber bullets and tear gas. That month, the UN High Commissioner for Human Rights called on Brazilian authorities to rein in their use of force against peaceful demonstrators. In March of this year, officials in Rio de Janeiro and Sao Paulo announced the rollback of the cities’ respective fare increases.

DDoS Attacks in Hong Kong Target Pro-Democracy Websites

Posted on by

Between Friday, June 13, and Wednesday, June 18, Hong Kong suffered two DDoS attacks aimed at pro-democracy sites.

The targets—one, the site of civil society group “Occupy Central with Love and Peace”, the other newspaper Apple Daily—both seek to advocate for universal suffrage in Hong Kong.

Since 1997, when Hong Kong’s period under British control ended and the city-state came under Chinese rule, many of its top officials have been elected by a small group of Beijing loyalists. Occupy Central advocates for a civil referendum that would shift voting power away from these Beijing loyalists and to Hong Kong’s citizenry, allowing them the right to vote in elections that determine who will be Hong Kong’s Chief Executive. Recently, Occupy Central, with the help of Hong Kong University’s Public Opinion Programme (HKUPOP), planned to run an online public opinion poll between June 20 and 22 to vote on a referendum on constitutional reforms.

Google’s Digital Attack Map, June 10, via Global Voices Advocacy.

Occupy Central’s three web hosting services suffered violent DDoS attacks; due to the fallout of the incident, only one of these services, Cloudflare, still supports the voting system. As a proposed workaround to the voting system’s susceptibility to attacks, Hong Kong University’s Public Opinion Program is now considering using telephone lines instead, a weak alternative to the online platform.

Google’s Digital Attack Map, June 14, via Global Voices Advocacy.

The second target of the attacks, Next Media’s Apple Daily, is an independent Hong Kong newspaper often critical of Beijing. Its founder, Jimmy Lai, is a vocal supporter of Occupy Central. Apple Daily has encouraged its readers to vote on Occupy Central’s referendum.

The attacks were separately orchestrated. That said, Next Media chairman Jimmy Lai suspects that mainland Chinese hackers, eager to suppress Hong Kong’s emerging democratic impulses, wanted to silence two of the city’s most audibly pro-democracy voices through these attacks.

The attacks aren’t limited to Apple Daily and Occupy; they come in a long line of incidents in which pro-Beijing forces, working online, have tried to suppress groups within Hong Kong that are working toward greater democracy. In anticipation of the June 4 anniversary of the Tiananmen Square protest in 1989—an anniversary that sparked wide censorship across mainland China—the website of the Hong Kong Alliance in Support of Patriotic Democratic movements was also taken offline by sustained DDoS attacks.  In October 2013, Global Voices Advocacy anticipated that malicious hacking of civic groups and activist communications like those of Occupy Central would surge approaching July. A similar DDoS attack occurred on HKUPOP’s servers in March 2012, shortly after HKUPOP held mock elections for the city’s Chief Executive.

Occupy Central and Apple Daily’s founders both feel that Beijing loyalists are undoubtedly behind the attacks, given the subversive, pro-democratic nature of both sites in the wake of increasing tensions between Hong Kong’s pro-democracy supporters and the mainland Chinese government. That said, no particular hacking forces have come forward and taken responsibility for the attacks.