A politically motivated DDoS attack was once against linked to a coordinated Chinese operation; this time against the encrypted messaging app, Telegram, and coincides with the protest held in Hong Kong.
A powerful DDoS attack against the encrypted messaging platform, Telegram, was confirmed by the company and said that the attacks are linked to multiple Chinese IP addresses, the official Twitter account of the company confirmed today.
According to the Twitter post made by the company, the powerful “Distributed Denial of Service attack” or DDoS attack was experienced by not only users from China but also by users in the United States and other countries.
Telegram’s official tweet characterized the attack as “your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper.”
Telegram’s CEO and Founder Pavel Durov said in a tweet that most of those queries came from Chinese internet protocol addresses. He confirmed that the encrypted messaging application has received “garbage requests” that subsequently flooded the server, making it difficult for users to connect with it.
“IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception,” wrote Durov in a subsequent Tweet on the matter.
The company said that the “bad guys” used botnets to send their servers with nuisance traffic to compromise their operations. “[The] bad guys use “botnets” made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa,” the tweet reads.
Durov also noted the coincidence of the attack with the brewing tension between Hong Protesters and authorities. The attack “coincided in time with protests in Hong Kong,” where people were coordinating on Telegram groups, Durov said.
Coincidence with Hong Kong protest
The company suspects that the attack was related to the brewing tension in the streets of Hong Kong as protesters storm the highways to call against the legislation, which allows extradition from Hong Kong to China. The controversial bill has seen thousands of Hong Kong citizens in the streets to dispute the said law citing that it could potentially jeopardize the judicial independence of the state.
The controversial extradition law has set foot a robust political opposition from hundreds of thousands of Hong Kong citizens and has ignited violent dispersals from the authorities. Many of the protesters have tried their best to hide their identities by wearing face masks and avoided using public transit cards to protect their identities from being known to the authorities in fears of legal consequences for the protests they are staging. An administrator of a large local Telegram group was arrested Tuesday for allegedly conspiring to commit a public nuisance, the South China Morning Post reported.
According to reports, many of the protesters have coordinated with each other using Telegram. The messaging platform is designed to allow users to send messages protected by end-to-end encryption — the kind authorities can’t intercept easily. Reports suggest that Telegram groups range in size from hundreds of members to tens of thousands.
Politically motivated DDoS attacks linked to Chinese operations
Earlier this year, a DDoS attack against media companies in the Philippines has also been linked to a coordinated Chinese operation. The attack was said to be politically motivated, similar to the Telegram DDoS attack. Alternative media organizations have been targeted by cyber attacks that aim to silence them for their critical news reports against the Philippine government. Different organizations have filed a civil case against groups, and individuals believed to be behind the cyber attacks on their websites.
In a 28-page complaint, several alternative media organizations including Alipato Media Center Inc, Altermidya-People’s Alternative Media Network Inc, Kodao Productions Inc, and Pinoy Media Center Inc, filed a civil case against IP Converge Data Services Inc and Suniway Group of Companies Inc.
The complaint alleges that the cyber attacks carried out by the respondents are “deliberate and organized.” The groups said the cyber attacks “could not have occurred without being orchestrated and well-funded.”
“The attackers employed a wide array of technological means and methods to conduct various forms of DDoS attacks against Plaintiffs’ websites…. Individual defendants, being private individuals who directly or indirectly obstructed, defeated, violated, impeded or impaired Plaintiffs freedom to maintain publications shall be liable to the latter for damages under Article 32(3) of the Civil Code.”