Taiwan Defense Ministry says DDoS incident briefly took down network after Pelosi visit
Taiwan’s Ministry of National Defense said its network was taken offline by a distributed denial-of-service (DDoS) incident for about two hours following a visit to the island from U.S. House Speaker Nancy Pelosi.
The attack started shortly after Pelosi left the island. Chinese government officials were furious about the visit – the first by a high-ranking U.S. official in 25 years – arguing that it violated the country’s “one China” policy.
In a statement, Taiwan’s Ministry of National Defense said the DDoS attacks began around 11:40 p.m. local time and ended around 12:30 a.m.
The ministry said it was working with other agencies and the President’s office to defend the government’s information security infrastructure.
The Wednesday night attack came after several websites run by the government of Taiwan were disrupted ahead of Pelosi’s visit on Tuesday. DDoS attacks flood targeted sites with junk traffic, making them unreachable.
Chang Tun-Han, a spokesperson for Taiwanese President Tsai Ing-wen, said at around 5 p.m. local time on Tuesday, the website of the president’s office was hit with an “overseas DDoS attack” that surged traffic levels to 200 times their normal size.
In addition to the attacks on the website for the president, experts noted that the websites for the National Defense Ministry, the Foreign Affairs Ministry and the country’s largest airport, Taiwan Taoyuan International were also affected.
The Foreign Ministry later told Reuters that the websites saw 8.5 million traffic requests per minute from a “large number of IPs from China, Russia and other places.”
Screens at Taiwan Railways Administration’s (TRA’s) Xinzuoying Station and Jhushan Township Office were allegedly vandalized with messages calling Pelosi an “old witch.”
Johannes Ullrich, Dean of Research at the SANS Institute, said in a blog post on Tuesday that his team was seeing a “slight increase in scans for ‘nuisance vulnerabilities’ like Word Press from Chinese consumer IP addresses” ahead of Pelosi’s visit. But he noted that the DDoS attacks were relatively minor, something several other experts echoed.
Bugcrowd founder Casey Ellis said it is likely the DDoS attacks were not launched by the Chinese government, calling it “fairly unsophisticated and somewhat brutish.”
“It’s not a tool [the Chinese Government] is known to deploy,” he said, adding that it is almost impossible to trace DDoS attacks to their source.
Others saw it as one arm of a coordinated response by the Chinese government to Pelosi’s visit. Last Friday, Chinese leader Xi Jinping warned U.S. President Joe Biden about Pelosi’s trip, allegedly saying “Those who play with fire will perish by it.”
Taiwanese officials told Reuters that several Chinese warships crossed the Taiwan Strait median line repeatedly and 11 ballistic missiles were fired into the country’s waters.
Tan Kefei, spokesperson of China’s Ministry of National Defense, said the exercises were explicitly about Pelosi’s trip and were meant to reiterate that they will “never leave any room for any form of ‘Taiwan independence’ activities and external interference.”
On the sidelines of a Southeast Asia conference of foreign ministers in Cambodia on Thursday, Chinese Foreign Minister Wang Yi did not hold back in his condemnation of Pelosi’s trip, calling it “manic, irresponsible and extremely irrational behavior.”
Vice News reported that hackers associated with the Anonymous hacking group launched a counter attack on the website of China’s Heilongjiang Society Scientific Community Federations, defacing it with racist memes and criticisms of the Chinese government.