‘Cyberattack from China’ hit messaging app used by Hong Kong protesters at time of Wednesday’s demonstration, says app’s founder
- Pavel Durov, creator of Telegram app, said on Twitter that attack was mostly executed from IP addresses in China
- App is heavily used by Hong Kong protesters, with administrator of one 30,000-strong group arrested by police on Tuesday night
An encrypted messaging app used by protesters against the extradition bill was subject to a massive cyberattack originating in China on Wednesday as demonstrators gathered outside the Hong Kong government headquarters, according to the app’s creator.
Pavel Durov, founder of Telegram, said in a tweet on Thursday morning that a powerful distributed denial-of-service (DDoS) attack the company experienced on Wednesday was mostly executed from IP addresses in China. DDoS attacks cause servers to be overloaded with so-called junk requests, resulting in connection issues for certain users.
“IP addresses of the attacks mostly came from China. Historically, all state actor-sized DDoS we experienced coincided in time with protests in Hong Kong,” Durov wrote. “This case was not an exception.”
According to app data analytics firm, App Annie, Telegram had been one of Hong Kong’s most downloaded apps this week, coinciding with the large-scale protests by hundreds of thousands of opponents of the controversial extradition bill.
The bill, if passed, would allow fugitive transfers with jurisdictions Hong Kong does not now share extradition rights, including mainland China, where critics worry suspects would not be guaranteed a fair trial.
The proposal prompted a major protest march on Sunday, which was attended by 1.03 million people, according to the organisers, and 240,000 at its peak, according to police.
On Wednesday, tens of thousands of protesters occupied roads outside the city’s legislature and administrative headquarters, and later clashed with police, leaving at least 81 people injured.
How protest technology has evolved since Occupy Central
While Wednesday’s rally did not appear to have any leaders, Telegram has been used by the protesters to coordinate actions, circulating requests in groups on the platform for additional supplies such as protective gear and first aid kits. Some of these groups have tens of thousands of members.
Information security specialist Young Wo-sang believed the timing of the attack was probably aimed at disrupting communications among protesters.
“I suggest users have some backup options for communications,” he said.
IT sector lawmaker Charles Mok said Durov’s claim seemed plausible, but he could not verify it.
“During the protest, I didn’t feel Telegram was particularly slow,” he said adding that mobile internet connections were in general slow because there were too many users gathered together at once.
Why China’s tech-savvy millennials are quitting WeChat
On Wednesday afternoon, Telegram’s official Twitter account said that it had suffered a powerful cyberattack affecting users in the Americas, and that users in some other countries might experience connection issues.
“It could be that the attacks were not specific to Hong Kong alone, but covered a lot of other places,” Mok said.
While there is a common perception that Telegram is a secure messaging app, only secret messages – and not group chats – are encrypted by default, meaning communications can be easily intercepted by hackers.
On Tuesday night, Ivan Ip, the administrator of a Telegram group with 10,000 to 30,000 members, was arrested for conspiracy to commit public nuisance, after police turned up at his home. The basis of the allegations against Ip, who is in his 20s, is that he plotted with others to charge the Legislative Council Complex and block neighbouring roads.
Ip, who was later released on bail, was asked to report to the police in September.
Mok said social media users could in general better protect their accounts by using two-step verification.
“I got notifications of someone trying to log into my Telegram account twice in the past two to three weeks,” he said. “As it needs my verification, I think my account is still safe.”
Hong Kong Information Technology Federation councillor Eric Fan Kin-man warned users to exercise caution with Telegram, as the app exposes their phone numbers to other group members. “I don’t think this is a good choice for people who use the group for social movements,” he said.
