Telegram App DDoS from China Hinders #612strike Protest

Telegram, the encrypted messaging app, has come under sustained denial-of-service attack. The DDoS was traced to IP addresses in China.

It’s widely believed this is an attempt to disrupt citizen protests in Hong Kong, which are being coordinated using Telegram’s messaging group feature. The so-called #612strike protesters are against new Chinese extradition laws, saying they threaten Hong Kong’s status as an autonomous region.

And it’s not the first time, neither. In today’s SB Blogwatch, we worriedly watch.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Wings for Dreamers.


People’s Republic vs. the People

What’s the craic? Les lutins de Agence France-Presse écrivent, “Telegram CEO pins cyber-attack on China”:

 Encrypted messaging service Telegram suffered a major cyber-attack that appeared to originate from China, the company’s CEO said … linking it to the ongoing political unrest in Hong Kong. Many protesters in the city have used Telegram to evade electronic surveillance and coordinate their demonstrations.

China’s foreign ministry and cyberspace administration did not immediately respond to … requests for comment. … Hong Kong is not behind China’s Great Firewall, which heavily restricts internet access in the mainland – where Telegram is blocked.

The current protests were sparked by fears that [a] proposed law would allow extraditions to China and leave people exposed to the mainland’s politicised and opaque justice system.

In case you missed the background, Gareth Corfield quips, “No Telegram today, protestors”:

 Chat app Telegram has reportedly been DDoS’d, with its downtime coinciding with protests in Hong Kong against repressive new Chinese laws. [It] said the outage lasted for around an hour.

A century of British colonial rule left Hong Kong with laws and customs rooted in the democratic tradition, in stark contrast to the Chinese mainland. Locals are determined to maintain these in the face of authoritarian communist China, which took over the former colony in 1997.

Inevitably, governments have seen [Telegram] as a direct threat.

Time for a colorful metaphor? Telegram’s social media team—@telegram—explains with a zombie/burger analogy:

 A DDoS is a “Distributed Denial of Service attack”: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a Whopper. The server is busy telling the Whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.

To generate these garbage requests, bad guys use “botnets” made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the Whopper lemmings just might be your Grandpa.

Feeling a touch of déjà vu? Jonathan Shieber reminds us why—“Telegram faces DDoS attack in China… again”:

 This isn’t the first time. … Four years ago, a similar attack struck the company’s service, just as China was initiating a crackdown on human rights lawyers in the country. … The company’s web version of its app was blocked from servers in Beijing, Inner Mongolia, Heilongjiang, Shenzhen and Yunnan.

At the time, a lawyer involved in human rights cases was made to confess on state television about his involvement in the malfeasance and lawyers’ use of Telegram to hide messages from surveillance. According to the state-run newspaper China Daily, lawyers were using the Telegram app for “attacks on … government.”

With more on that, Cory Doctorow outlines “Hong Kong’s #612strike protest movement”:

 Hong Kong’s previous mass-protest uprisings … were ultimately smashed by the state through a combination of violent suppression and electronic surveillance, greatly aided by the hierarchical structure of the protest movements. … But the latest eruption … has learned from the mistakes of the past.

The #612strike movement has a flat, self-organizing structure that emerges deputies who take on functional roles (like keeping lookouts for cops planning kettling operations, which surround protesters with fencing and keep them locked down while they are identified and/or arrested), that is augmented by the use of encrypted Telegram chats. … This third wave of networked protests seem close to realizing the promise of … a collaborative, networked protest movement devoted to mutual aid.

The protests are motivated by the latest move in China’s encroachment into Hong Kong’s cherished independence. … The council is now set to allow for extraditions to the mainland for people accused of political crimes.

But was it China? Graham Cluley outlines the circumstantial evidence—“DDoS attack … linked to Hong Kong protests”:

 That’s one of the theories in circulation. … Smartphone messaging apps like Telegram and the less well-known FireChat – which creates a mesh network using Bluetooth and peer-to-peer Wi-Fi, allowing users to communicate even when they don’t have a cellular signal or internet access – are currently amongst the most popular downloads in Hong Kong’s iOS app store and were being widely used by protesters.

Of course, it’s important to stress that there’s a big difference between identifying IP addresses used in a DDoS attack, and attributing responsibility for an attack to a particular country. But the sheer scale of the attack has made observers suspect that the attack may have been state-sponsored.

Did someone say “P2P mesh”? Rossi Lorenzo—@snowy_coder—has more:

 I would love to get a distributed version of telegram, protesters could then just open some hidden servers for themselves. Good luck attacking that without closing all internet.

The only protocol I’ve seen with some usability is matrix but it hasn’t got a company like telegram baking it up, it isn’t used much and it isn’t as user friendly as other services. If a company spread the use of distributed and fully encrypted software it would be revolutionary.

And David Gil de Gómez—@ITStudiosi—ponders the inertia of an installed base:

 There are already plenty of decentralized messaging apps based on different protocols and encrypted. But it’s difficult to go against the traction of other systems that were there first.

Ideally it should be open source so it is easily auditable.

So it’s a big deal in Hongkers? edi_guy ’splains why: [You’re fired—Ed.]

 [Imagine] the sheer number of people who came out to protest. The Chinese police estimated 240,000 so I think you have to take that as the absolute basement estimate. Others pegged it closer to 1 million (out of 7 million).

This law allows for immediate extradition to China. Are you in HK and say something the CCP really doesn’t like, whoosh, you are in Bejing before you know it. Which is basically the end of Hong Kong’s semi-autonomous status.

Meanwhile, FDSGSG wonders if the DDoS is all that big:

 While it’s very likely these attacks are related to HK protests, it’s simply not true that Telegram has “traced” this attack to China. “IP addresses coming mostly from China” accurately describes most botnets, this tells us essentially nothing.

200-400Gb/s is mildly sophisticated teenager-sized, but perhaps that’s who the state actors are paying.

And Finally:

Please, Pogo, I want some more


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source:

Featured eBook
Open Source Security: Weighing the Pros and Cons

Open Source Security: Weighing the Pros and Cons

Over the past few years, open source has grown in popularity, especially among developers using open source code in their application development efforts. Open source software offers incredible benefits to enterprises IT and development efforts. Free, available software libraries mean cost savings, easy customization, speed, agility and flexibility for development and IT teams. There are ... Read More
Security Boulevard

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 78 posts and counting.See all posts by richi