Biggest Cyber Attack in History Hits Websites Supporting Occupy Hong Kong protests
Websites supporting the pro-democracy protesters in Hong Kong have been hit with a series of DDoS attacks which have been described as the largest in history. Bobby Yip/Reuters

A series of cyber attacks against websites supporting Occupy Central protestors in Hong Kong have been described as the biggest cyber attacks ever recorded.

Over the last few months two independent news websites which have been covering the Occupy Central protests which began in September following the announcement of a decision by China's Standing Committee of the National People's Congress on proposed electoral reform.

The websites, Apple Daily and PopVote, have been vocal supporters of the pro-democracy protests and even carried out mock chief executive elections for Hong Kong. Cloudflare, a company which is employed to protect websites against distributed denial of service attacks, has revealed thatsince June, these two websites have been bombarded by attacks of unprecedented size.

According to Matthew Prince, CEO of Cloudflare, the attacks have hit 500 gigabits per second (Gbps), which tops attacks in February of 400Gbps that were at the time the biggest in internet history.

According to Prince, who was speaking to Forbes: "[It's] larger than any attack we've ever seen, and we've seen some of the biggest attacks the Internet has seen."

Last year a DDoS (distributed denial of service) attack on the anti-spamming group Spamhaus was declared the "biggest in the history of the internet" peaking at 300Gbps.

Who is behind the attacks?

Considering the nature of the websites targeted, the finger of blame for these attacks would point naturally at the Chinese government, but Prince says we shouldn't be so quick to rush to judgement:

"It's safe to say the attackers are not sympathetic with the Hong Kong democracy movement, but I don't think we can necessarily say it's the Chinese government. It could very well be an individual, or someone trying to make the Chinese government look bad."

DDoS attacks work by overwhelming servers hosting the victims' websites with so much traffic that people genuinely trying to visit the site are unable to do so.

The attackers have been taking advantage of the core infrastructure of the internet by carrying out DNS reflection and amplification attacks to achieve such large volume attacks.

"We're seeing over 250 million DNS requests per second, which is probably on par with the total DNS requests for the entire Internet in a normal second," said Prince.

DDoS amplified

A reflection attack sees the attacker spoof the IP address of the victim and send a packet to a server on the internet which will reply immediately. Because the source IP address is forged, the remote internet server replies and sends the data to the victim, overwhelming the victim's system and knocking them offline.

What makes reflection attacks really powerful is when they are also amplified.

Cloudflare explains: "When a small forged packet elicits a large reply from the server (or servers). It means that an attacker with a relatively small amount of bandwidth can generate a huge amount of potential traffic to flood the victim's website."

In February, one security expert suggested that DDoS attacks of this type could reach as high as 800Gbps by 2015. Tim Keanini, chief technology officer at Lancope said: "The reason these attacks are getting larger is the simple fact that the pipes are getting larger. At these rates, you are limited by the capacity of some transit link to the victim. The bigger the pipes, the greater the volumetric attack."