Telegram is one of the end-to-end encrypted chat apps out there that offers the same kind of security as iMessage or WhatsApp when it comes to protecting chats and voice communications. It’s also the kind of app that pisses off governments and intelligence services since they can’t get access to the data. But sometimes, it may be more important to block access to Telegram that actually spy on what users are chatting about, to prevent them from coordinating during protests. Telegram claims that’s what happened the other day, when a powerful DDoS attack hit the service, effectively rendering the app useless. And Telegram says it was China that was behind it all.
Telegram explained on Twitter what happened with the app in several countries following the DDoS hit.
A DDoS is a “Distributed Denial of Service attack”: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper. (1/2)
— Telegram Messenger (@telegram) June 12, 2019
To generate these garbage requests, bad guys use “botnets” made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa.
— Telegram Messenger (@telegram) June 12, 2019
Telegram added that user data is still safe, in spite of the disruption of service. The app’s founder then added that the only attacker capable of such a concentrated effort is a nation-state, and that nation-state is probably China:
IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception.
— Pavel Durov (@durov) June 12, 2019
China isn’t the only country that has taken action against Telegram. Russia has previously tried to block the service in the country as a result of Telegram’s failure to turn over encryption keys. Russia’s attacks were not covert, as was the case with China’s DDoS attack, which China isn’t likely to acknowledge.
On the other hand, an administrator to a large Telegram group in Hong Kong was arrested on Tuesday for allegedly conspiring to commit a public nuisance. So there’s clearly an interest from authorities with what happens to Telegram. The protests in Hong Kong are noteworthy, Bloomberg explains, as citizens are voicing their concerns about new legislation that would allow extraditions to China.
Hundreds of thousands of protestors took to the streets, and some of them stormed the legislative chamber on Wednesday. In addition to Telegram, which requires an internet connection to work, protestors in Hong Kong are also using Firechat, a peer-to-peer messaging service that works without a Wi-Fi or cellular connection.
Hong Kong protestors aren’t just using apps to protect their privacy and avoid repercussions from the government. They’re also wearing face masks to avoid facial recognition cameras, and they’re avoiding the use of transit cards that can be linked to their identities. Hong Kong’s Legislative Council suspended a review of the bill for the second time on Thursday to avoid more protests, but that doesn’t mean the council will stop pushing it. The city leader wants to pass the law by the end of July.
