in

Telegram blames China for DDoS attack during HK protests

telegram logo ddos

Updated July 18th, 2019

Telegram pointed the finger at Chinese state-sanctioned actors yesterday after a distributed denial of service (DDoS) attack overwhelmed its servers as protests were taking place in Hong Kong.

“We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues,” the encrypted messaging service said in a tweet sent on June 12 at 4:20 a.m. ET. Almost an hour later, at 5:15 a.m. Telegram issued an update on Twitter saying that the situation had stabilized, at least for the moment.

After a Twitter user asked if Telegram could identify the source of the fake DDoS traffic, Telegram CEO Pavel Durov replied via his own personal Twitter account that the offending IP addresses were based primarily in China.

An autonomous territory of China, Hong Kong has experienced civil unrest following the introduction last March of proposed legislation that would make it easier to extradite suspected criminals from Hong Kong to mainland China and other Chinese territories. Citizens of the city see the law as a way for China’s authoritarian government to exert control over the region.

Protesters are often known to use services like Telegram to organize their efforts in a manner free from government oversight, but a crippling DDoS attack would deny them access to such tools.

“Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception,” tweeted Durov.

“Telegram CEO Pavel Durov isn’t crazy for suspecting the Chinese government is targeting Telegram,” said Paul Bischoff, privacy advocate at Comparitech.com, in emailed comments. “It wouldn’t be the first time that China has weaponized botnets… to target websites with DDoS attacks,” he added, referring to a wave of attacks against GitHub in 2015 that experts say targeted pages containing content or links to content that was banned in China.

Bischoff said Telegram users who are unable to access the service should “try using a VPN to connect to a few different countries so that your connection to Telegram goes through a server that’s not under attack. Some VPNs even enable you to use Telegram from within mainland China, where it is normally censored.”

“This type of attack is government censorship using cyber tools to block internet traffic,” said Mark Skilton, professor of practice at Warwick Business School. “This was not a specific technology, but a distributed network attack on the internet ISP and NSP network providers. The strong encryption inside the Telegram app had no defense against the traffic level protocols and volume of traffic.

“To stop this type of attack would need new technology to block adversaries’ traffic before the network, something that is not possible if the Chinese government control and have access to that network currently. What typically happens is alternative telecoms networks might be used. But I suspect those too would be targeted for a full-scale attack,” continued Skilton, who researches and consults on cybersecurity. “However, we don’t know if it was a full wide-scale internet attack or if it was a complete network-wide attack. It seems some sophistication was used to target the Telegram app and user service. This may be a symptom of a more advanced distributed ‘denial of service’ acting as a swarm of attacks against specific targets.”

What do you think?

71 points
Upvote Downvote

Written by Kofi Anash

hack

Darknetstats Got Hacked – Culprit Dark.fail

codes hacked

Spirit AeroSystems confirms cyberattack on its subsidiary