Distributed Denial of Service ‘DDoS’ attack stymies vote in Miss Hong Kong beauty contest

Residents of the island, a Special Administrative Region of China, are up in arms after plans for a popular vote in the Miss Hong Kong beauty pageant were sidelined by a distributed denial-of-service attack that knocked the voting system offline.

The attack on Sunday evening swamped systems used for the vote with millions of bogus votes – far more than contest organizers had anticipated. Organizers were forced to cancel the online vote and ask the pageant judges to elect the winner themselves, according to a story in The Standard.

Hong Kong Station TVB issued a statement on Monday apologizing for the wrinkle in the first ever Idol-style vote for the island’s beauty queen, putting the blame on audience reaction that was more “warm” than expected.

The voting snafu forced organizers to throw the decision to the pageant judges, who chose a winner based on the three finalists overall performance. (Isn’t that how it’s supposed to work, anyway?)

According to a story in The Standard, however, the “overly warm” response from viewers was, in fact, a DDoS attack against the pageant’s Microsoft Azure cloud-based voting system that flooded the servers with millions of votes, knocking them offline.

The RC station planned for around half a million viewers to vote during a 10-minute slot Sunday evening, but actual traffic far exceeded that, according to TVB’s deputy director for foreign affairs Tsang Sing-ming, who is quoted by the media.

Another station official, TVB general manager Cheong Shin-keong, is quoted saying that the extra traffic was “deliberately made” and that the station had hired an outside firm to investigate.

The controversy over the apparent DDoS attack was exacerbated by the judges’ decision to choose contestant Carat Cheung Ming-nga as the next Miss Hong Kong, rather than Tracy Chu Chin-suet, the public’s favorite, who was second runner-up, The Standard reported.

A related contest to give a Mini Cooper car to an online voter, selected at random, was cancelled after the voting system went down.

Immediately after the vote, Hong Kong’s Communications Authority was flooded with more than 400 complaints on Monday about the aborted voting.

The incident was a black eye for Microsoft, as well. That company partnered with TVB, lending its Azure cloud based infrastructure to host the voting system. Outraged viewers also left comments on TVB’s webpage, castigating the station for its mistake, for its reliance on Microsoft and – not least – for picking the wrong gal.

Once a British colony, Hong Kong transferred to China in 1997 and has been run as one of two Special Administrative Regions ever since, following a “one government, two systems” policy under which residents enjoy greater freedom of expression and political voice than their countrymen on the Chinese mainland.

However, that system is slowly changing, with the Communist Party slowly exerting control over more facets of life on the island.

In July, thousands of citizens took to the streets to protest changes to Hong Kong’s public schools and school curriculum that was seen as emphasizing Communist Party orthodoxy and downplaying Hong Kong’s unique history.

Hong Kong being Hong Kong, the parallels between the aborted Miss Hong Kong vote and the island’s larger political context weren’t lost on viewers. “Prove in Hong Kong does not have universal suffrage!” wrote one viewer on the TVB website.

For fast DDoS protection against your e-commerce site click here.

Source: http://nakedsecurity.sophos.com/2012/08/28/ddos-hong-kong-beauty/

Comments are closed.