DDoS attack on Telegram coincided with Hong Kong protests
13 June 2019
Social networking giant Telegram announced Wednesday that it suffered a massive DDoS attack that forced its server to go offline and according to the company’s founder Pavel Durov, the attack was carried out by Chinese agencies in response to massive protests taking place in Hong Kong.
The DDoS attack took place early on Wednesday and Telegram was quick to announce it, reassuring users that their server was under immense pressure but no user data was compromised as a result of the attack.
“We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues,” the company announced on Twitter before explaining how a DDoS attack works in layman terms.
“A DDoS is a “Distributed Denial of Service attack”: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper. The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.
“To generate these garbage requests, bad guys use “botnets” made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa.
“There’s a bright side: All of these lemmings are there just to overload the servers with extra work – they can’t take away your BigMac and coke. Your data is safe. For the moment, things seem to have stabilized,” it said in a series of tweets.
IPs used in DDoS attack on Telegram are located in China
Pavel Durov, the founder of Telegram, then explained in a short tweet that most of the IP addresses used in the DDoS attack on Telegram were located in China. He said he was not surprised by the timing of the attack as most large-scale DDoS attacks (200 Gbps to 400 Gbps in size) coincided with large-scale protests by Hong Kong citizens against China’s intent to take greater administrative control over Hong Kong’s affairs.
Many news portals have reported that Telegram is the platform of choice for democratic activists in Hong Kong as the platform offers greater privacy and end-to-end encryption, allowing them to coordinate activities on the platform while escaping law enforcement action.
Earlier this week, hundreds of thousands of Hong Kong residents took to the streets to protest against an extradition bill that would pave the way for Hong Kong citizens to be extradited to China to face the law. The protests resulted in a brutal response by police forces that left 72 people hospitalised.
However, things stabilised recently after Hong Kong government officials agreed to postpone debate on the extradition law. If Durov is to be believed, the DDoS attack on Telegram was sponsored by Chinese agencies to cause major downtime and thereby prevent Hong Kong activists from coordinating more protests.
Telegram’s web version is already banned in many Chinese regions such as Shenzhen, Yunnan, Beijing, Inner Mongolia, and Heilongjiang and the company’s Asia Pacific server suffered a similar large-scale DDoS attack in July 2015 that impacted 30 percent of traffic in Asia.
The 2015 DDoS attack coincided with a major Chinese government crackdown on human rights lawyers who were labelled “anti-government” and were accused of coordinating protests and other illegal activities on Telegram.
“We know nothing for sure, so we do not make any accusations. One thing is certain: somebody powerful in Asia is unhappy. We have never seen DDoS of such scale and efficiency before. And we’ve seen a lot,” Durov told Tech Crunch following the attack.