A few of the Taiwan government's websites were targeted with DDoS (distributed denial-of-service) attacks this week, during the same time that U.S. House Speaker Nancy Pelosi visited the country.
The attacks targeted at least four sites, including that of President Tsai Ing-wen, the National Defense Ministry, the Foreign Affairs Ministry, and the Taiwan Taoyuan International airport, according to NBC News.
A spokesperson for Taiwan's president shared this message on Facebook:
"Presidential Palace Spokesperson Chang Tun-Han said on the evening of the 2nd that from about 17:15 this afternoon, the official website of the Presidential Palace was attacked by an overseas DDoS attack, and the attack traffic was 200 times that of normal days. However, after being disposed of by the Presidential Palace, normal operations have resumed within 20 minutes.
Zhang Dunhan said that in the face of continuous compound information operations by foreign forces, government agencies will continue to strengthen monitoring to maintain national information and communication security and the stable operation of key infrastructure."
Security researchers consider DDoS attacks to be relatively minor compared to other types of cyberattacks, as they are easy to execute and don't leave too much lasting damage. It is often difficult to identify the threat actor(s) behind the attack.
The timing of this attack is of particular interest, as Pelosi is the highest ranking U.S. official to visit the country in 25 years. It has also been widely reported that China vehemently opposes Pelosi's visit to the country, calling it a "serious violation" that "infringes upon China's sovereignty and territorial integrity," according to the Chinese Foreign Ministry.
The Global Times, a state-owned newspaper in China, said that "These moves, like playing with fire, are extremely dangerous. Those who play with fire will perish by it."
The Chinese military has also stated it would be conducting exercises and training in the six regions surrounding Taiwan.
Could the DDoS attack have originated from China? Maybe.
Casey Ellis, Founder and CTO at Bugcrowd, shares his perspective:
"While the PRC is more than capable of this type of attack, DDoS is fairly unsophisticated and somewhat brutish, and it's not a tool they are known to deploy. Given the sensitivity of the current environment and the need for strategic and tactical caution, I'd guess that this almost certainly wasn't the PRC.
DDoS is notoriously difficult to attribute and easy to execute. It entails causing a fleet of computers, under the attacker's control (commonly referred to as a botnet), to flood a target with various types of traffic. DDoS is a lot like what happened to remote workers early in the pandemic when their house was suddenly full of people streaming video all day and their internet connection 'died' as a result.
Fundamentally, the internet can be thought of as a system of pipes, and DDoS works by filling the target pipe so full of garbage traffic that legitimate traffic is unable to get through. While simplistic, DDoS is difficult to fully prevent because it all comes back to whether the pipe is big enough to handle the traffic involved in the attack as well as normal traffic. So, by adding more traffic an attacker can always theoretically obtain their objective of denying access to the target."
Have any thoughts on the situation between the U.S., Taiwan, and China and how it relates to cybersecurity? Discuss in the comments below.