Taiwanese government sites disrupted by hackers ahead of Pelosi trip

Several websites run by the government of Taiwan were disrupted by distributed denial-of-service (DDoS) attacks hours before U.S. House Speaker Nancy Pelosi became the first high-ranking U.S. official in 25 years to visit the country.

Chang Tun-Han, a spokesperson for Taiwanese President Tsai Ing-wen, said at around 5 pm local time on Tuesday, the website of the president's office was hit with an “overseas DDoS attack” that surged traffic levels to 200 times their normal size. 

The spokesperson said the websites were restored 20 minutes after the attack started but as of Tuesday afternoon EST, the English website for the president only shows the word “OK” in the top left corner. 

In addition to the attacks on the website for the president, experts noted that the websites for the National Defense Ministry, the Foreign Affairs Ministry and the country’s largest airport, Taiwan Taoyuan International were also affected. 

The websites for the National Defense Ministry and the Foreign Affairs Ministry were accessible on Tuesday afternoon EST but the website for Taiwan Taoyuan International was still unresponsive.

Taiwan’s National Defense Ministry and Foreign Affairs Ministry did not respond to requests for comment. 

Taiwan's Ministry of Foreign Affairs website is having DNS issues in some regions. That's not your typical DDOS that causes that. pic.twitter.com/7CsMUxlzsL

— Peter (@daokedao1234) August 2, 2022

Zhang Dunhan, another spokesperson for President Tsai Ing-wen, said in a statement that government agencies will "continue to strengthen monitoring to maintain national information and communication security and the stable operation of key infrastructure" as it faced "continuous compound information operations by foreign forces."

On Friday, Chinese leader Xi Jinping warned U.S. President Joe Biden that Pelosi’s trip to Taiwan was a violation of the country’s “one China” policy.

"Those who play with fire will perish by it. It is hoped that the U.S. will be clear-eyed about this," Xi allegedly told Biden, according to a transcript China’s foreign ministry provided to Reuters.

Pelosi landed in Taiwan on Tuesday morning and released a statement denying that the trip violated China’s rules.

“Our visit is one of several Congressional delegations to Taiwan – and it in no way contradicts longstanding United States policy, guided by the Taiwan Relations Act of 1979, U.S.-China Joint Communiques and the Six Assurances,” Pelosi said.

“The United States continues to oppose unilateral efforts to change the status quo.”

Our delegation’s visit to Taiwan honors America’s unwavering commitment to supporting Taiwan’s vibrant Democracy.

Our discussions with Taiwan leadership reaffirm our support for our partner & promote our shared interests, including advancing a free & open Indo-Pacific region.

— Nancy Pelosi (@SpeakerPelosi) August 2, 2022

The Chinese military flew 20 military planes into Taiwan's airspace about an hour after Pelosi’s plane landed. 

Johannes Ullrich, Dean of Research at the SANS Institute, said in a blog post on Tuesday that his team was seeing a "slight increase in scans for 'nuisance vulnerabilities' like Word Press from Chinese consumer IP addresses" ahead of Pelosi's visit.

"Not much at this point. Monitor and be ready for a DDoS attack. In particular, if your website or company has a higher profile in China or is associated with the US government (this includes contractors, related organizations, and news sites reporting about the visit)."

Ullrich said he did not consider the DDoS on the website of the president to be a "huge" attack and added that it was "likely within the capabilities of a few hacktivists getting together."

"A more organized 'government-sponsored' DDoS attack would likely involve tools like 'Great Cannon' (sometimes also called red-ion-cannon) that can harness a much larger attack power," he said, warning defenders to be ready for DDoS attacks if their website or company "has a higher profile in China or is associated with the US government (this includes contractors, related organizations, and news sites reporting about the visit)."