Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) is very concerned about the recent emergence of 「One-Click DDoS Attack」 activity. The attack organizers attempt to lure the general public to participate in cyber attacks to paralyze the targeted websites.

The attack organizers recruited the volunteers in different social network sites to participate the cyber attacks activity targeting some websites in Hong Kong. In order to encourage more participation, they specifically crafted some web pages hosting automatic attack script. Participants without technical knowhow can just click the provided URLs to launch the attack script in his computer to participate in the cyber attacks.

According to the observations of HKCERT observation, these "One-Click DDoS Attack" URLs were circulated in social network sites, forums and instant messenger. We have reported to the related web hosting service providers to follow up. In October 8, the hosting providers had removed 7 reported pages.

Figure 1: 「One-Click DDoS Attack」 URLs circulating in social network sites, forums and instant messenger.

The impact of 「One-Click DDoS Attack」 web page

In an Internet connected environment, the participants just click the URL to execute the automatic attack web page on the computer, tablet PCs or smartphones. The web browser run attack script embedded in the web page automatically to launch a denial of service attacks against the target websites. The attack organizer (required to ) creates an individual web page for each target.

Figure 2: Screen of 「One-Click DDoS Attack」 web page

According to HKCERT's test result, opening a "One-Click DDoS Attack" web page would use the visitor's own IP address to conduct the attack. Law enforcement can trace the source of attack easily. When we run the attack script for 10 seconds, we had generated 1,000 requests to a target website. If the participants open multiple pages simultaneously, the number of generated requests will be multiplied. When a large number of participants open the attack web page at the same time, it will generate a huge number of requests, which when exceeding the maximum loading of the web server, will ultimately crash the targeted website.

Avoid participating in cyber attacks

HKCERT reminds the public that cyber attacks is a criminal offence. We advise the public to take the following measures to avoid participating in cyber attacks:

• Do not open URL from unknown sources

• Do not forward known「One-Click DDoS Attack」web page URL

• Do not join cyber attack activity groups

If you have security incident report or enquiry, please contact HKCERT Hotline: +852 8105-6060 or Email [email protected]