Popular encrypted messaging service, Telegram, was hit with a Distributed Denial of Service (DDoS) attack in Asia.
The company’s founder Pavel Durov said that a massive cyber-attack on his messaging service originated in China, raising questions about whether Beijing tried to disrupt a protest involving thousands of people who were protesting on the streets of Hong Kong.
The company said it experienced a powerful distributed denial of service attack after “garbage requests” flooded its servers and disrupted legitimate communications. “Most of those queries came from Chinese internet protocol addresses,” Durov tweeted. “This case was not an exception.”
Hong Kong is in the throes of political unrest as the Beijing-backed government attempts to force through controversial legislation that would for the first time allow extraditions to China, which protesters fear could be used to squelch government opposition.
The company went on to describe a distributed denial of service attack as when “your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper,” according to Telegram. “The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.” Four years ago, a similar attack struck the company’s service, just as China was initiating a crackdown on human rights lawyers in the country.
Commenting on the attack, Mark Skilton – Professor of Practice at Warwick Business School, who researches and consults on cybersecurity said:
“This type of attack is government censorship using cyber tools to block internet traffic. In this case, it was massive overwhelming traffic noise targeting Telegram servers and networks to slow down the service in what is called ‘denial of service’.
This was not a specific technology, but a distributed network attack on the internet ISP and NSP network providers. The strong encryption inside the Telegram app had no defense against the traffic level protocols and volume of traffic.
To stop this type of attack would need new technology to block adversaries’ traffic before the network, something that is not possible if the Chinese government control and have access to that network currently. What typically happens is alternative telecoms networks might be used. But I suspect those too would be targeted for a full-scale attack.
However, we don’t know if it was a full wide-scale internet attack or if it was a complete network-wide attack. It seems some sophistication was used to target the Telegram app and user service. This may be a symptom of a more advanced distributed ‘denial of service’ acting as a swarm of attacks against specific targets.”