The website of Taiwan’s Presidential Office was hit by an “overseas DDoS attack” earlier today, according to reports, with traffic 200 times greater than usual taking the site offline for 20 minutes.
The attack occurred just hours ahead of US House of Representatives Speaker Nancy Pelosi’s scheduled visit to Taiwan, the first by an elected US official in 25 years.
The DDoS attack occurred at 17:15 Taipei Standard Time (10:15 BST), according to local reports.
A spokesperson for Taiwan’s Presidential Office said it is strengthening monitoring to ensure the security and stable operation of key infrastructure in the wake of the attack.
“In the face of continuous compound information operations by foreign forces, government agencies will continue to strengthen monitoring to maintain national information and communication security and the stable operation of key infrastructure,” said Zhang Dunhan.
There have been no reports of any group claiming responsibility for the attack. A researcher at the SANS Technology Institute told the Reuters news agency that is likely to have been perpetrated by Chinese hacktivists, not the country’s government.
The attack was launched from machines with IP addresses from China’s commercial internet, said Johannes Ullrich, and did not match the usual methods of Chinese government hackers.
Pelosi’s visit has sparked outrage among both the government and social media users in China. Before the start of her tour, China’s President Xi Jinping warned the US “not to play with fire” and ambassadors threatened “grave consequences”. Meanwhile, most trending topics on Weibo, the Chinese Twitter-like service, reportedly relate to Pelosi and her visit to Taiwan.
Reports suggest many users were upset about the “provocation” and the possibility it will lead to a war between China and the US over Taiwan.
Speaker Pelosi is scheduled to arrive in Taiwan this evening and hold meetings with officials tomorrow.
The return of the political DDoS attack
Although often more of a nuisance than a genuine disruption, politically motivated DDoS attacks have made a comeback in recent times. Research by Russian security company Kaspersky detected 4.5 times as many DDoS attacks in 2022 as last year, largely as a result of the war in Ukraine.
“The amount of ‘smart’ or advanced and targeted attacks also showed a notable growth of 81% compared to the previous record from Q4 2021.” Kaspersky found. “Examples include a site mimicking the popular 2048 puzzle game to gamify DDoS attacks on Russian websites, and a call to build a volunteer IT army in order to facilitate cyberattacks.”
In recent months, Russia-aligned cybercriminal group Killnet has launched DDoS attacks on Ukraine’s allies Lithuania and Romania.
In May, Iran-linked hackers launched a “politically” motivated DDoS attack on the Port of London Authority website.
Ed Macnair, CEO of cybersecurity provider Censornet, described DDoS as a type of “protest attack” that most organisations recover from, but said in the case of Taiwan there is concern it could be “a warning shot of a future cyberattack”.
While it isn’t clear exactly what form this will take, Macnair told Tech Monitor that “when cyberwarfare intensifies, national infrastructure is a more likely target for nation states. More severe disruption can be caused by targeting energy, transport, or communications infrastructure.”
China has launched DDoS attacks in the past. In 2017 a Chinese state-sponsored hacking group launched the biggest DDoS attack of the time against Google. It lasted more than six months and reached a peak of 2.5Tbps in increased traffic and originated from four Chinese ISPs.