PopVote, CloudFlare trump DDoS attack

Popular events on the Internet tend to jam channels solid. Rugby Sevens tickets, collectible dolls, what-have-you...when popularity spikes, cyberdemand overwhelms servers. Massive e-tailers like Amazon or Taobao, for example, use scalability at high levels when their traffic spikes during seasonal events.

But the recent attempt to gather public opinion on PopVote.HK--an electronic platform built by the University of Hong Kong--seems to have topped the table. The survey, which collected votes via physical polling stations as well as mobile and web platforms, was a non-binding referendum organized by Occupy Central and open to Hong Kong residents. "It is a referendum held by a civic group on how the 7.2 million people in Hong Kong, a former British colony, will elect their head of government," wrote the New York Times in an article.

Massive attack

What happened? "In the week before the scheduled start of the referendum, a website developed with local universities to accept online votes received billions of hits in an apparent denial-of-service cyber-attack," wrote The Economist. According to Matthew Prince, CEO and co-founder of San Francisco-based CloudFlare--the content delivery network handling the PopVote survey--a DDoS (Distributed Denial of Service) attack aimed at the PopVote.HK site topped 300Gbps. "The independent Chinese-language newspaper Apple Daily...was also taken down by cyber-attacks in the run-up to the referendum," wrote The Economist.

Both the mobile apps and website were nonfunctional...for awhile. "Organizers said beforehand that they'd be satisfied with 100,000 votes," wrote The Christian Science Monitor. But the online vote total exceeded 760,000. And tens of thousands voted at physical polling stations.

One of those voters was 25-year-old financial analyst Natalie Cheng, who came to vote with her friends, wrote the BBC. Unable to successfully cast a ballot online because of heavy traffic and a continuing cyber attack, she decided to visit a polling center. But most Hong Kong netizens were able to vote online, thanks to some from Cloudflare.

Countering the DDoS attack

The company's founder and CEO Matthew Prince said it was the most sophisticated attack yet seen, in a story from The Register.

"This may well have been the largest attack we, or anyone else, have ever seen," said Prince in the Register story. "It definitely was the most sophisticated."

Cloudflare says it set up a series of DNS sinkholes that stonewalled the attack traffic so it never reached CloudFlare or PopVote.HK. "Since we had advanced warning the attack was coming, we'd put in place measures to sinkhole traffic in certain regions so it never hit our network," said Prince.

CloudFlare: Hong Kong office in the offing?

This entire story has a superb coda. CloudFlare CEO Prince tweeted this on June 20: "Were thinking of opening @CloudFlare's Asian office in Singapore. After all the love tonight, thinking maybe Hong Kong instead."

Online vox populi referenda draw international press attention to Hong Kong, and demonstrate capability in handling massive DDoS attacks. Perhaps a good strategy for Hong Kong to convince MNCs to site their offices here rather than Singapore is to hold more such referenda.

Join the CSO newsletter!

Error: Please check your email address.

Tags University of Hong Kongnew york timesonline safetysecurityCloudFlareinternet

More about Amazon Web ServicesAppleBBC Worldwide Australasia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stefan Hammond

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts