A Hong Kong protester site says cyber attacks against it piggy-backed off China’s Baidu

Be careful.
Be careful.
Image: Reuters/Kacper Pempel/Illustration
We may earn a commission from links on this page.

Hong Kong protestors have managed to keep their largely leaderless movement going for the past three months partly through their savvy use of technologies, including messaging apps like Telegram and  social media platforms such as Twitter. This has apparently also drawn the attention of those who don’t quite agree with the demonstrators.

LIHKG, the de facto online headquarters for protestors, who use the website to exchange tips and comments about the movement, said it came under an “unprecedented” distributed denial of service, or DDoS, attack on Aug. 31, with the episode leading to denied access to the website for some of its users. DDoS is a form of cyber attack that floods a targeted machine or server with so many requests the system gets overloaded and can’t fulfill some or all legitimate requests from actual users.

“We have reasons to believe that there is a power, or even a national level power behind to organize such attacks as botnet from all over the world were manipulated in launching this attack,” the website, which is run by anonymous operators, announced in a post on Sunday (Sept. 1).

While the forum did not identify which country was the “national-level power,” it said part of the attacks “were from websites in China.” According to some of its users, when internet users visit these websites, they “will automatically and constantly send request to LIHKG at the background” to launch the attack, the forum said.

The forum identified two Chinese websites as being  among those involved in the attack, including Baidu Tieba, an online forum under Baidu, the largest search engine in China, and, which some LIHKG users believe belongs to Qihoo360, a Chinese internet security firm. Baidu declined to comment, while Qihoo360 did not reply to a request for a comment.

K, a cybersecurity expert from Information Security on Ground, a local Facebook page aimed at enhancing people’s awareness of online privacy, said his diagnosis shows the attacks were unlikely initiated by Baidu and the other Chinese websites themselves. Rather, he suspects the attacks happened because the websites were perhaps “compromised” through some malicious Javascript inserted in their content delivery network (CDN), a system of distributed servers that deliver pages and other web content to users. According to K, the “compromised” scripts could effectively lead to the computers of anyone that visits the affected Chinese websites to launch the DDoS attack on LIHKG.

It is unclear whether Baidu or Qihoo is aware of the issue, or which organization might have inserted malicious scripts into the servers, he added.

This is not the first time China has been suspected of involvement in large-scale DDoS attacks, once again indicating the gap between the country’s ambition to have more of a say on cyberspace and the suspicion the global community has toward it. In June, when the Hong Kong protests against a controversial extradition bill had just started to take off, messaging app Telegram said it was under a DDoS attack. At the time, Telegram CEO Pavel Durov said the IP addresses behind the attack were coming mostly from China—and that this isn’t the first time “state actor-sized” attacks had happened during protests in Hong Kong.

The attack on LIHKG also reminds many of a similar DDoS attack on Github, the world’s largest community for developers, in 2015. Some cybersecurity experts said at the time that certain web traffic to sites using analytic tools provided by Baidu were hijacked to instead swamp two pages hosted by Github, with one being an anti-Chinese-censorship page and the other a site that hosts links to mirror sites of the Chinese edition of the New York Times.