Telegram Traces Cyber Attack to China During Hong Kong Protests(bloomberg.com)
bloomberg.com
Telegram Traces Cyber Attack to China During Hong Kong Protests
https://www.bloomberg.com/news/articles/2019-06-13/telegram-traces-cyber-attack-to-china-amid-hong-kong-protests
44 comments
"Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception."
At a certain point, you have to declare the correlation is actually a causation.
https://twitter.com/durov/status/1138942773430804480?ref_src...
At a certain point, you have to declare the correlation is actually a causation.
https://twitter.com/durov/status/1138942773430804480?ref_src...
That doesn't really change anything I said, pointing out the correlation is very different from tracing the attacks. A better headline for this story would've been "Telegram Faces Cyber Attack During Hong Kong Protests"
FWIW 200-400Gb/s is mildly sophisticated teenager-sized, but perhaps that's who the state actors are paying.
FWIW 200-400Gb/s is mildly sophisticated teenager-sized, but perhaps that's who the state actors are paying.
Correct me if I'm wrong: Telegram has been blocked in China mainland. So if normal Chinese botnets want to DDOS Telegram, they will be blocked by GFW first. So how these botnets succeeded? Does that mean they are "special"?
GFW has many ways of blocking things, I would assume that they just aren't blocking all traffic to telegram IPs.
Pretty sure they are.
Are they actually blocking outgoing packets to the IPs or injecting RSTs or blocking incoming packets from those IPs? I don't have a Chinese connection to test from right now.
My understanding is that it's a heterogeneous system that does different things for different people at different times.
Looks like Wikipedia has some technical details-
https://en.wikipedia.org/wiki/Great_Firewall#Blocking_method...
Looks like Wikipedia has some technical details-
https://en.wikipedia.org/wiki/Great_Firewall#Blocking_method...
> it's simply not true
Please provide us with facts supporting or disputing this claim. Otherwise I might have to assume that you are possibly participating in a disinformation campaign.
Please provide us with facts supporting or disputing this claim. Otherwise I might have to assume that you are possibly participating in a disinformation campaign.
If you suspect I am participating in a disinformation campaign you should email [email protected] rather than post these silly insinuations.
I'm not going to waste my time trying to provide you with facts disputing a claim that has zero supporting evidence behind it in the first place. It is asinine of you to even ask.
I'm not going to waste my time trying to provide you with facts disputing a claim that has zero supporting evidence behind it in the first place. It is asinine of you to even ask.
[deleted]
I run a group of telegram bots for helping to moderate these large telegram groups. A quick look through the logs shows mostly a lot of marijuana for sale in Dutch and a heap of cryptocurrencies preventing spam attacks. Having said that, as the bots are used in hundreds of groups I wonder what analysis I could do on the data.
When I visited Ukraine, a friend pointed out lots of graffiti advertising people that sell drugs on Telegram.
Don’t these methods of selling drugs mean the police can really easily infiltrate/perform a ‘sting’ operation?
How do they verify the buyer and protect themselves from this?
In Ukraine and Russia dead-drops as a method of delivery is common. They also use the postal system just like regular dark web markets, what Telgram groups and contacts replace is the actual market part, reputation scoring and escrow
Interesting. I didn't know what dead-drops were. Here's the wikipedia entry:
https://en.wikipedia.org/wiki/Dead_drop
[deleted]
this is mostly because of reach.
telegram is the defacto communication medium in russia and ukraine.
they don't sell there for one reason or another. it's simply because all their clientele is there. no need to overthink it.
telegram is the defacto communication medium in russia and ukraine.
they don't sell there for one reason or another. it's simply because all their clientele is there. no need to overthink it.
You can probably "trace" most cyber attacks to China. Among all countries, it is comparatively easy for hackers to build a large botnet in China and use it to attack third parties because there are many unsophisticated Chinese internet users.
China could be behind this attack, but tracing IP address is really meaningless here.
China could be behind this attack, but tracing IP address is really meaningless here.
Bloomberg is growingly anti China. Rigorous political-unbiased journalism is hard to find even in the US.
[deleted]
On another note, did any other services go down or have trouble during this period? What other methods of communication are people on the ground in Hong Kong using?
More interesting question is how many of those popular services in HK had good availability during the protests.
Because it would be a pretty good indicator of which ones the Chinese government had already intercepted.
Because it would be a pretty good indicator of which ones the Chinese government had already intercepted.
WhatsApp, Facebook, Gmail etc were all working fine without issue yesterday. The local TV stations were all livestreaming on Facebook and I set up a monitor with Chromecast in the office for my colleagues to keep up to date throughout the day.
Hong Kong isn't inside the GFW.
Hong Kong isn't inside the GFW.
Mostly used Telegram and LIHKG (local forum). Tried to use Firechat but it stopped working properly before we ever needed it.
[deleted]
"IP addresses coming mostly from China" accurately describes most botnets, this tells us essentially nothing about the attackers.