Two weeks ago, Matthew Prince, the chief executive of San Francisco tech company CloudFlare, had no clue that people in Hong Kong were preparing to hold a controversial online referendum on democratic reforms. By Thursday night, half a world away from the southern Chinese city, he found himself on the front lines of a battle to defend the nonbinding, unofficial vote from sabotage. Amazon Web Services and Hong Kong’s UDomain had initially been onboard to support and protect the voting website. But at the last minute, both bowed out, saying the expected size of the cyberassault could affect their other customers. That was a somewhat worrying sign for Prince and team, whose small, 5-year-old company specializes in making websites run more quickly and smoothly and preventing disruptions and recently launched a pro bono service for situations just like this.
People vote Sunday in a polling station in an unofficial referendum on democratic reform in Hong Kong. (Kin Cheung / Associated Press)
Going it alone, Prince and about 20 employees gathered in their office near 3rd and Townsend streets and girded for a test of their wits and ingenuity. As Friday morning broke in Hong Kong and the 10-day vote began, the fight was on.
The website, popvote.hk, was being flooded with requests that look like legitimate users trying to call up or contact the site. The queries were being sent by armies of commandeered computers, known as botnets, around the world. At the height of the assault, more than 200 million requests were coming in every second, Prince said – a clear bid to overwhelm the site and knock it offline.
“It was easily one of the largest the Internet has ever seen, on any metric,” Prince said in a phone interview, adding that the attacker or attackers kept changing strategies. “It felt like there was an intelligent adversary on the other side that was not just trying one technique but adopting new techniques to try to find ways around our mitigation efforts.”