Subscribe
About
  • Home
  • /
  • Security
  • /
  • Telegram DDOS attack linked to Hong Kong protests

Telegram DDOS attack linked to Hong Kong protests

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 13 Jun 2019
The DDOS attacks are believed to have originated ‘mostly’ from China.
The DDOS attacks are believed to have originated ‘mostly’ from China.

Telegram Messenger says it has recovered from a ‘powerful’ distributed denial of service (DDOS) attack that hit its platform yesterday, and confirmed that all user data is safe.

On Twitter the company told its followers about the attack, adding that Telegram users in the Americas and some users from other countries might experience connection issues.

“Imagine that an army of lemmings just jumped the queue at McDonald's in front of you – and each is ordering a whopper. The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order,” Telegram said.

Pavel Durov, founder and CEO of Telegram, said he believed the attacks originated ‘mostly’ from China. "Historically, all state actor-sized DDOS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception.”

Bypassing surveillance laws

Yesterday, protesters gathered outside government headquarters in Hong Kong to oppose a government plan that would allow extraditions to China. For the most part, the protests were organised on messaging apps, including WhatsApp, Signal and Telegram.

The South China Morning Post reported the role these platforms played in protests, and said the administrator of a Telegram group was arrested for conspiracy to commit public nuisance.

Telegram enables users to create groups of up to 200 000 people or channels for broadcasting to unlimited audiences. In addition, it enables encrypted messages to be sent and is seen as a secure way to communicate, while bypassing China's strict surveillance laws.

A level of sophistication

Mark Skilton, professor of Practice at Warwick Business School, said: "This type of attack is government censorship using cyber tools to block Internet traffic. In this case it was massive overwhelming traffic noise targeting Telegram servers and networks to slow down the service.”

‘Imagine that an army of lemmings just jumped the queue at McDonald's in front of you – and each is ordering a whopper’.

He added that Telegram’s strong encryption is no defence against the traffic-level protocols and volume of traffic experienced.

"To stop this type of attack would need new technology to block adversaries' traffic before the network, something that is not possible if the Chinese government control and have access to that network currently. What typically happens is alternative telecoms networks might be used. But I suspect those too would be targeted for a full scale attack.”

Skilton said it is unknown if this attack was a full wide-scale Internet attack or if it was a complete network-wide attack, and that it appears as if a level of sophistication was used to target the Telegram.

“This may be a symptom of a more advanced distributed 'denial of service' acting as a swarm of attacks against specific targets,” he concluded.

Share