Chinese hackers target Telegram to disrupt Hong Kong protests

Hong Kong Telegram attack

If the protests in Hong Kong against the pro-Beijing government’s plans to allow extradition to Communist China have looked well organised, it is in part down to encrypted messaging services such as Telegram.

Which is no doubt why yesterday, at the height of the protests, Telegram came under a sustained cyber-attack from sources which founder Pavel Durov has confirmed were largely located inside China.

Telegram in Hong Kong

Telegram is banned in Communist China, along with most other western websites and services which refuse to comply with the Communist regime’s intrusive online censorship and surveillance operations.

But this is not currently the case in Hong Kong, which is still, notionally at least, governed separately from Beijing.

Telegram has long been a popular app for protestors which is one of the main reasons why it has been banned in countries like Russia and Iran.

Along with similar messaging services Signal and FireChat, Telegram was trending as one of the most popular downloaded apps in Hong Kong yesterday as people coordinated the protests which succeeded in stopping the Hong Kong legislature from debating the controversial extradition bill.

But authorities were clearly aware of its use. A 22-year old Hong Konger who was administering a Telegram group of more than 20,000 people discussing protest tactics, was arrested by Hong Kong police on charges of conspiracy to commit a “public nuisance crime”. He was subsequently bailed.

Then, at the height of the protests, Telegram took to Twitter to confirm that it was suffering “a powerful DDoS attack”.  A DDoS or Distributed Denial of Service attack is when a company is bombarded with access requests which overwhelm its servers and prevent it from processing legitimate requests.

Telegram successfully fought off the attack and their founder, Pavel Durov later confirmed that the majority of IP Addresses being used for the attack were located in China.

As he noted, “Historically, all state actor-sized DDoS attacks we experienced coincided in time with protests in Hong Kong. This case was not an exception.”

In other words, this is not the first time China has tried to take Telegram offline in this way and it is always when the people of Hong Kong are protesting against the erosion of their rights by their pro-Beijing government that these attacks take place.

European Mobile traffic rerouted through China for two hours

It is unlikely that the Communist regime in China will comment on the DDoS attack and if they did, they would no doubt deny all responsibility and chalk the whole thing up to coincidence.

The thing is there are an awful lot of coincidences when it comes to cyber-breaches linked to China. Take this story about China Telecom for example.

On Thursday 6th June, the Swiss data center colocation company Safe Host suffered a Border Gateway Patrol (BGP) route leak. We won’t delve into the technical detail of what exactly this is here, but they happen on a regular basis and are not usually a big problem.

Most ISPs have safeguards and safety procedures in place which mean they never influence other providers networks. The one exception to this is Communist China’s state-owned ISP, China Telecom.

When the Safe Host leak happened, China Telecom acted to reroute all of Safe Host’s routes through its own network. The result was that for several hours, a large proportion of European mobile data was being rerouted through Chinese servers.

This led to slow connections for many users but also meant that all of their data was passing through servers controlled by a company legally obliged to make all their data accessible to Communist Party authorities.

It is not the first time that China Telecom have been accused of hijacking western internet traffic in this way. Last year, a research paper accused them of regularly hijacking the vital internet backbone of western countries.

It is possible that this issue was a technical error rather than deliberate human interference. But the absence of safeguards and the fact that a problem which would normally take a few minutes to fix went on for hours inevitably raises suspicions.

Use a VPN to stay safe from Chinese surveillance

It is fairly well known these days that if you want to use the internet freely in China, you will need a VPN to do it. VPNs like ExpressVPN and 12VPN are still able to work in China despite the regimes best efforts to block them.

They are also highly advisable for internet users in Hong Kong too. While Hong Kong is still not under the full control of the Chinese Communist regime, it tentacles already reach into most areas of Hong Kong’s society.

It is inconceivable that they do not also have a degree of control over Hong Kong’s internet infrastructure and keeping your online activity secure and private from Communist Party snooping is strongly advised.

But it is not just in their own region where the Chinese Communists are seeking to exert their influence. Their destabilising politics, fake news, and cyber-attacks have affected just about every country on earth and the whole world needs to be aware that, if they can, Communist China will be watching what you are doing online.

David Spencer

Author: David Spencer

David is VPNCompare's News Editor. Anything going on in the privacy world and he's got his eye on it. He's also interested in unblocking sports allowing him to watch his favourite football team wherever he is in the world.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.

ExpressVPN deal