Telegram Hit by Cyber-attack, CEO Points to HK Protests, China

Encrypted messaging service Telegram suffered a major cyber-attack that appeared to originate from China, the company’s CEO said Thursday, linking it to the ongoing political unrest in Hong Kong.

Many protesters in the city have used Telegram to evade electronic surveillance and coordinate their demonstrations against a controversial Beijing-backed plan that would allow extraditions from the semi-autonomous territory to the mainland.

Demonstrations descended into violence Wednesday as police used tear gas and rubber bullets to disperse protesters who tried to storm the city’s parliament — the worst political crisis Hong Kong has seen since its 1997 handover from Britain to China.

Telegram announced late Wednesday that it was suffering a “powerful” Distributed Denial of Service (DDoS) attack, which involves a hacker overwhelming a target’s servers by making a massive number of junk requests.

It warned users in many regions may face connection issues.

Pavel Durov, Telegram’s CEO, said the junk requests came mostly from China.

“Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram),” he tweeted.

“This case was not an exception.”

Telegram later announced on Twitter that its service had stabilised. It also posted a series of tweets explaining the nature of the attack.

“Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you -– and each is ordering a whopper,” it said, referring to the flagship product of Burger King.

“The server is busy telling the whopper lemmings they came to the wrong place -– but there are so many of them that the server can’t even see you to try and take your order.”

China’s foreign ministry and cyberspace administration did not immediately respond to AFP’s requests for comment.

Telegram allows users to exchange encrypted text messages, photos and videos, and also create “channels” for as many as 200,000 people. It also supports encrypted voice calls. It announced last year that it had crossed 200 million monthly active users.

Encrypted messaging apps like Telegram and WhatsApp are preferred around the world by a wide variety of people trying to avoid surveillance by authorities — from Islamic State jihadists and drug dealers to human rights activists and journalists.

Governments in recent years have devoted significant resources to breaching the security features of these apps, according to tech firms and researchers.

Hong Kong is not behind China’s Great Firewall, which heavily restricts internet access in the mainland — where Telegram is blocked.

The city’s special status under its handover agreement allows freedoms unseen in mainland China, but many fear they are under threat as Beijing exerts increasing influence on Hong Kong.

The current protests were sparked by fears that the proposed law would allow extraditions to China and leave people exposed to the mainland’s politicised and opaque justice system.