Telegram accuses China for DDoS attacks against its servers following recent protests

The Telegram messaging service was recently a victim of a DDoS cyber-attack that affected the platform in several regions of America and Europe. Currently, the company points to China as the origin point of the attack, claiming that it was the Chinese government’s answer to Hong Kong protests.


Pavel Durov, Telegram’s C.E.O. and founder, revealed that the attack mainly originated from Chinese IP addresses, which suggests that the Chinese government could be behind it, aiming to sabotage protesters in Hong Kong. “The attack’s IP addresses are mainly located in China. Historically, the State-size (200 to 400 GB of garbage) DDoS attacks we have dealt with before have coincided with protests in Hong Kong coordinated via Telegram,” he said.

The attack was made by a network of bots, automated tools that infect legitimate accounts and can saturate the servers that support services, such as apps, through an immense amount of fake requests. Despite the attack, Telegram assured everyone that “the situation seems to be under control,” and that, given the nature of the attack, only the servers capabilities were affected, meaning that user data remains safe.


Millions in Hong Kong are protesting against their political leaders due to the proposed amendments to an extradition law that would allow someone arrested in Hong Kong to be tried somewhere else, including continental China. Many see this as a threat to the territory’s fundamental civic liberties and rights.


Given the situation, Telegram has become a key tool during the protests. Users have taken advantage of the service’s encryptions, as well as those of other platforms, in order to communicate without being spied on by the government.


When Geng Shuang, speaker for the Ministry of Foreign Affairs, was asked about Durov’s claims regarding China being the attack’s point of origin, he claimed ignorance. “What I can tell you is that China has always been against any type of cyber-attack. China is also victim of those,” said Geng in a pres conference in Beijing.


This isn’t the first time the messaging platform has suffered this type of attack. Four years ago, the company faced another similar situation, just when the Chinese government started attacking human rights attorneys.


Back then, Telegram’s web version was also blocked in Beijing, Mongolia, Heilongjiang, Shenzhen and Yunnan. The motive behind the block, according to government sources, was the people’s use of Telegram to coordinate attacks against the government and the communist party.


That wasn’t the only time Telegram’s servers were blocked by authoritarian governments. In Russia, for example, the app was blocked after refusing to share data with the government.


The Telegram team hadn’t made any declarations after the last cyber-attack from China. However, this time Pavel Durov, the company’s C.E.O., announced the link between the Chinese players and the DDoS attack on Twitter.


A DDoS attack doesn’t aim to weaken the security of stored data in selected servers. Instead, it seeks to turn services off. Still, the company made sure that the stored user data remains safe.


However, famous web app security expert Richard Hummel said it is no easy feat to point at the Chinese government as the ones to blame for the attack. “In a DDoS attack, hackers usually fake the IP addresses in order to better hide themselves, as it happened in the Telegram attack,” said the expert.

According to experts at the International Institute of Cyber Security (IICS) Telegram was able to reestablish full services late Wednesday, commenting that an enormous amount of badly configured devices were used to attack a specific IP address.


Telegram, which has over 200 million users all over the world, had already warned that users in the U.S.A. and other countries had already experimented connection issues.


Chinese protests


During 79 days, thousands of Umbrella Movement participants wearing black faced tear gas and rain. The young citizens gathered in the streets some days ago to protest a proposed law that would allow extradition to continental China. In order to organize themselves, the protesters used Telegram.


Hong Kong police also seemed better equipped in their efforts to disperse the crowd, in order to avoid a repeat of the 2014 pro-democratic protests in which dozens of students and lawmakers sat on the street for long stretches of time.


With a complete anti-riot team, pepper spray, tear gas and rubber bullets and even bean bags were used against the crowd, making it harder for them to stay in one place.


The police claim to have shot around 150 rounds of tear gas in the previous Wednesday’s hand-to-hand attacks, almost twice the amount of the 87 rounds used against the Umbrella Movement.

Democratic team The People’s Human Rights’ Front helped coordinate the movement against the new proposed law. However, no obvious leaders could be identified in Wednesday’s protests. A large amount of demonstrations seem to have been started by people inviting others over through instant messaging apps.


The Telegram messaging app topped Apple’s list of apps used in Hong Kong this past Wednesday. Fearing spies, protesters started using the encrypted messaging platform in order to share updates and coordinate tactics.


Many Hong Kong protesters cover their digital tracks by deactivating their phones’ GPSs, paying with cash and deleting their social media in order to avoid anyone taking legal action against them. Most of them are young people who have been raised in a digital world and are aware of the danger that comes with online spies. For Ben, a masked 25-year-old office worker, the extradition law means a destruction of public liberties. “Though we avoid radical actions (such as speaking about China online), they can still detect us with their spies,” he explained.


In the protests of these last two days, many participants wore masks, glasses, helmets or hats in order to protect themselves against gas and bullets, but also to avoid being identified.


Another recent change was the fact that many users exchanged WhatsApp for Telegram’s encrypted messaging, as it offers better cyber-protection and allows for the coordination of larger groups.


Hong Kong enjoys a certain autonomy and liberties that do not exist in continental China, but the ever-present and invasive Chinese spying tech, which uses facial recognition, has made the people of Hong Kong more careful, says Bruce Lui, a speaker at Hong Kong Bautista University’s school of journalism.


People’s mistrust towards China has increased after a number of government critics disappeared, including a team of editors and a multi-millionaire, all who would later turn out to have been arrested.

Comments are closed.

Suscríbete a nuestro boletín y recibe en tu bandeja de entrada las últimas noticias sobre Seguridad de la Información. #SomosCiberSeguridad