PopVote: Assessing the Risks of DDoS

PART - B
POST THE ATTACK OF 2012
To ensure future attacks do not cripple POP vote, POP established an IT advisory group and spent half an year improving the
system

Moved the system to a cloud Changed the programming

service provider to improve language to improve scalability
traffic management

Implemented more data security Used modular designs to

and safety measures strengthen system usage

The new year vote 2014 went smoothly. But Robert Chang and Jazz Ma expected massive cyber attacks in the June voting.
They worked closely with the IT advisory group and thought they were well prepared for cyber attacks.
SECURITY IMPROVEMENTS
POP outsourced the system to 3 international companies

CLOUD HOSTING VIA CONTENT

DELIVERY NETWORK  A mock vote was carried out between 12:00 on 13th June and 21:00 on
18th June to familiarize the public with the voting process. This mock
vote was intended to be pre-registration for the 22nd June vote.

CLOUD BASED PROTECTION SERVICES  The mock vote was only for voting using mobile applications and did not
apply to the website voting platform

 During the voting period, the e-voting platform allowed access to only
local(HK) networks
DOMAIN NAME SERVER
MOCK VOTE
• The mock vote started at noon on 13th June. It worked very well for the first 30 hours
and successfully registered 20,000 users. Then the DDOS attacks started

• The DDOS on CloudFlare started on 14th June. Eventually, CloudFlare added a rate limit
to popvote.hk (to decrease amount of traffic and control network congestion)

• AWS Route 53 was added as another DNS Service provider. On 15th June, the DNS of
AWS recorded over 10 billion requests in 20 hours

• In a day, the DDOS attack to CloudFlare reached the scale of 75 gigabytes per second at
peak

• The peak DDOS attack to Udomain was 10gb/second and it consumed most of
Udomain’s Internet bandwidth

• By 16th June, the DNS of AWS had recorded over 100 billion requests
The Aftermath
On July 16, after suffering continuous DDOS attacks for about 20 hours, on a scale
rarely seen, AWS and Udomain decided to suspend services provided to POP vote

AWS stopped DNS services and Udomain ended its web application firewall
AAAAA[[[
services and only redirected the traffic without inspection

CloudFlare continued service but it had set a rate limit and allowed a limited number
AAAAA[[[
of requests per time slot to reach its DNS servers

As a result, the mobile application platform provided only partial services on 15th
and 16th June. Requests exceeding the rate limit, no matter legitimate or not were
AAAAA[[[
unable to reach the e-voting platform