Cyber attacks and political events: The case of the occupy central campaign

Abstract

Occupy Central was a Hong Kong civil disobedience campaign that began in September 2014 with the goal of forcing Mainland China to allow Hong Kong to implement genuine universal suffrage as demanded by Hong Kong residents. The campaign initially encouraged citizens to block the Central District, Hong Kong’s financial center. However, as the campaign evolved, large protests were organized all over Hong Kong. While vigorous clashes occurred between Occupy Central protesters and police officers on the streets of Hong Kong, cyber attacks were launched quietly by supporters of both sides against each other’s assets. The cyber weapons included mobile applications with malware for surveillance, tools for launching distributed denial-of-service (DDoS) attacks and sophisticated phishing emails with advanced persistent threat functionality. This chapter presents information about cyber attacks related to the Occupy Central campaign and classifies the attacks based on their purpose, techniques, targets and propagation. Based on the attack classification and timeline, a framework is provided that helps predict attack patterns and behavior in order to prevent or mitigate attacks launched during similar political events.