Attacks on Taiwan websites likely work of Chinese 'hacktivists' - researchers

Hooded an holds laptop computer as cyber code is projected on him in this illustration picture
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network after a cyber attack, the company said on Friday. REUTERS/Kacper Pempel/Illustration/

TAIPEI/WASHINGTON, Aug 2 (Reuters) - Digital attacks against Taiwanese government websites ahead of U.S. House of Representatives Speaker Nancy Pelosi's arrival in Tapei on Tuesday were likely launched by Chinese activist hackers rather than the Chinese government, a cybersecurity research organisation said.

The website of Taiwan's presidential office was targeted by a distributed denial of service (DDoS) attack on Tuesday and was at one point malfunctioning, the office said in a statement. read more

Access to the website was restored within about 20 minutes of the attack, the statement said. Taiwanese government agencies were monitoring the situation in the face of "information warfare," a spokesperson later added.

A government portal website and Taiwan's foreign ministry website were also temporarily taken offline on Tuesday.

In a statement, the foreign ministry said both websites had been hit with up to 8.5 million traffic requests a minute from a "large number of IPs from China, Russia and other places".

The attacks were ongoing, the statement added.

DDoS attacks work by directing high volumes of internet traffic towards targeted servers in a relatively unsophisticated bid by so-called "hacktivists" to knock them offline.

"These are uncoordinated, random, moral-less attacks against websites that Chinese hacktivists use to get their message across," said Johannes Ullrich, Dean of Research at the SANS Technology Institute, a cybersecurity education and research organisation.

"Usually it continues for a few days, but they often lose interest within a week. Many of the attacks are motivated by what is written in the Chinese press," Ullrich added.

The disruptive digital blitz came from hundreds of thousands of IP addresses, tied to devices registered within Chinese commercial internet space, Ullrich said.

A similar cohort of Chinese IP addresses had been scanning the internet for low level, easily exploitable vulnerabilities since Friday, he added, and did not match the usual activity carried out by Chinese government hackers.

Reporting by Yimou Lee in Taipei and Christopher Bing in Washington Writing by James Pearson; Editing by David Gregorio and Sandra Maler

Our Standards: The Thomson Reuters Trust Principles.

Thomson Reuters

Award-winning reporter covering the intersection between technology and national security with a focus on how the evolving cybersecurity landscape affects government and business.