Posted on June 14, 2019 at 10:08 AM
Telegram Under Attack: Chinese Hackers Hit the Messaging App with DDoS
For days now, Hong Kong had seen massive unrests as the people once again stood up against their government. This time, the demonstrators are protesting a new law that is allegedly going to put the municipality under the direct control of the authoritarian government of mainland China. The people see this as a potential disaster that must not come to pass, and so they have taken matters into their own hands once again.
After hitting the streets in the largest protest in the last four years, the demonstrators had to use every tool at their exposal in order to battle the government. Considering the massive levels of online surveillance in the country, that also meant finding a way to communicate and organize themselves without the government knowing all of their plans.
To that extent, protestors once again turned to Telegram, a popular encrypted messaging service that is serving users from all corners of the world. However, similarly to last time when the app was used for a similar purpose — it once again started seeing difficulties.
Telegram under attack
Soon after becoming the demonstrators’ main way of secure communication, Telegram was once again hit by a wave of DDoS (Distributed Denial of Service) attacks. The attack was reported by the service via Twitter on June 12th, warning that users in the Americas, as well as in some other regions, might experience connection issues.
The company then went on to describe what DDoS attacks are, using quite a colorful example. According to them, during the attack, their servers got ‘GADZILLIONS’ of garbage requests which prevent them from processing the real requests for information. They gave an interesting example of ‘an army of lemmings’ that just ‘jumped the queue at McDonald’s in front of you — and each is ordering a whopper.’
The service continues the comparison by saying that ‘The server is busy telling the whopper lemmings they came to the wrong place — but there are so many of them that the server can’t even see you to try and take your order.’
The colorful explanation describes the attacks rather well, and Telegram then continued by explaining that hackers tend to use botnets for these attacks, explaining what they are in the same colorful tone. After several hours of dealing with the attacks, however, the service reported that things have stabilized.
This was not the first time
While DDoS attacks have grown to become a constant threat on the entire internet, and every website and service on it, this is not the first time that Telegram has been in this situation. The service is able to determine some details regarding each such attack, and they share a lot of similarities with the attack experienced during another Chinese protest four years ago.
Back then, the country was also going through internal issues where the people stood up against their government, as China started cracking down on the country’s human rights lawyers. As one of the best ways to communicate without being spied on by government surveillance agencies, people turned to Telegram back then, as well.
The government quickly realized what was going on, so they banned the app’s web version from multiple servers in different regions. That included Beijing, Yunnan, Heilongjiang, Inner Mongolia, and Shenzhen. Meanwhile, the country forced the lawyers to make public confessions about trying to hide information and their messages through the use of Telegram. The country also came up with a story of the lawyers using the app for conducting attacks on the government, as well as the Communist Party.
Back then, Telegram’s executive, Pavel Durov, decided not to go against the country, and so he did not comment on the potential identity of the attackers. This time, however, Durov appears to have had enough. He openly stated that the IP addresses used in the attack originated from China. Further, he pointed out that such large attacks, consisting of 200-400 Gbps of junk requests were coming only when there are protests in Hong Kong, and when they use Telegram for communication.
His explanation covered the previous cases when this had happened, as well as this one.