Telegram: Hackers in China Disrupted Service During Hong Kong Protests

In this June 12, 2019, file photo, riot police fire tear gas toward protesters outside the Legislative Council in Hong Kong.

AP Photo/Vincent Yu

AA Font size + Print

In this June 12, 2019, file photo, riot police fire tear gas toward protesters outside the Legislative Council in Hong Kong.

Bogus signals inundated an encrypted-messaging service that helped demonstrators coordinate, the company says.

As Hong Kong police used tear gas and rubber bullets to disperse thousands of protestors on Tuesday, unknown hackers flooded the Telegram encrypted-messaging service with bogus signals, temporarily depriving demonstrators of a key organizing tool. Company officials say the signals came from inside China.

“We’re currently experiencing a powerful DDoS attack,” short for distributed denial of service, Telegram tweeted at 7:20 a.m. Washington time. “Telegram users in the Americas and some users from other countries may experience connection issues.”

Thirty-five minutes later, Telegram tweeted, “For the moment, things seem to have stabilized.”

Later in the day, Defense One asked Telegram founder and CEO Pavel Durov where the attacks originated.

IP addresses coming mostly from China,” Durov responded. “Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram).”

Mark Skilton, a professor of practice at the U.K.’s Warwick Business School, said such attacks are hard to stop when local authorities, in control of network traffic, want them to proceed.

“To stop this type of attack would need new technology to block adversaries’ traffic before the network, something that is not possible if the Chinese government control and have access to that network currently. What typically happens is alternative telecoms networks might be used. But I suspect those too would be targeted for a full scale attack,” Skilton said in a statement. “However, we don’t know if it was a full wide-scale internet attack or if it was a complete network-wide attack. It seems some sophistication was used to target the Telegram app and user service. This may be a symptom of a more advanced distributed ‘denial of service’ acting as a swarm of attacks against specific targets.”

Related: In Cyberspace, Governments Don’t Know How to Count

Related: In California, It’ll Be Illegal to Make Routers With Weak Passwords

Related: The White House National Cyber Strategy: Continuity with a Hint of Hyperbole

The demonstrators were protesting a proposed extradition bill that would allow Chinese authorities in Beijing to extradite people from Hong Kong to the mainland, which many fear could allow the Chinese government to crack down on dissidents currently in Hong Kong.

On the protests themselves, Human Rights Watch wrote that it is “concerned about the police using unnecessary or excessive force against the protesters. While some protester action may warrant police use of force, international human rights standards limit the use of force to situations in which it is strictly necessary.”

Close [ x ] More from DefenseOne