Several Taiwanese government websites were attacked by cyber-attacks that appeared to originate from China and Russia during a visit by US House Speaker Nancy Pelosi. The attacks hit at least four websites of President Tsai Ing-wen, the Ministry of National Defence, the Ministry of Foreign Affairs and also the country’s largest airport, Taiwan Taoyuan International.
Taiwan’s Ministry of Foreign Affairs said that the attacks on the websites, as well as on the government’s English portal, were linked to Chinese and Russian IP addresses, which aimed to access these domains up to 8.5 million times per minute. Taipei has accused Beijing of increasing cyberattacks since the election of President Tsai Ing-wen in 2016, who considers the island a sovereign state and not part of China. Officials have said in the past that government agencies face about five million cyberattacks and probes a day. Also, in 2020, Taiwanese authorities said Chinese hackers penetrated at least 10 Taiwanese government agencies and gained access to about 6,000 email accounts in an attempt to steal data.
On Thursday, China, which claims self-governing democratic Taiwan as part of its territory, began its most extensive military exercises around the island. Taiwan’s defence ministry also said its website was down for an hour at around midnight on Wednesday due to a distributed denial-of-service (DDoS) attack.
Distributed denial of service, or DDoS, results in website outages, in which hackers direct large numbers of computers to visit a website simultaneously, overwhelming it with traffic and making it inaccessible. Cybersecurity experts consider DDoS attacks to be minor compared to other types of cyberattacks because they require minimal skills or infrastructure, and generally do not cause lasting damage and are relatively simple to carry out. However, they do have the advantage of the difficulty of identifying the perpetrator behind this type of attack.
Despite China’s hostile gestures and public statements about Pelosi’s visit, which has since left Taiwan, some experts have suggested that the incident looks less like a coordinated government response and more like the work of sympathetic “hacktivists.” Although state-sponsored hackers sometimes carry out DDoS attacks, such attacks are also often the calling card of hacktivists, said John Hultquist, vice president of intelligence analysis at Mandiant, a cybersecurity firm. “It’s a way for nationalists of any background to express themselves. It doesn’t necessarily indicate any broader coordination or state actor,” Hultquist said. On the contrary, Hultquist said that Chinese state hackers are much more likely to conduct cyber espionage. So far, his company has not seen evidence that this wave of attacks is directly related to Pelosi’s visit, he said.
What’s troubling about this case is the growing cyber capabilities on China’s side. If Beijing decides to use a kinetic force against Taiwan in the future, it will most likely be accompanied by a massive cyberattack aimed at causing chaos and weakening the island’s defences. DDoS attacks can also be expected to be used in peacetime, as it is difficult to trace the identity of the hackers and thus impossible to stop them.
Although such attacks are an international problem, there is no international response. Consequently, unless a strategy is developed to detect the identity of hackers better, hacking attacks will continue to increase and threaten the security and stability of the states.
Photo credit: Taiwan Ministry of Foreign Affairs handout