Telegram Suffers DDOS Following Criticism For Enabling Human Rights Lawyers In China

It’s been a whirlwind few days in Asia for Telegram, the encrypted messaging app founded by the colorful co-founder and former CEO of “Russia’s Facebook”, Pavel Durov. After Telegram was briefly booted from the Google Play store after a sticker-related spat with messaging app Line, a major distributed denial of service attack hit Telegram’s servers over the weekend, leading to a loss of service concentrated in Asia.

Now some believe Telegram could be the next messaging app to provoke the ire of China and face a block in the country.

Telegram claimed the DDOS attack left users of its service in Asia Pacific experiencing “slower connection speeds or no connection at all for several hours” over the weekend on Monday. That’s because, the organization claimed, it witnessed a surge in traffic that hit 200 Gbps — “which feels roughly like having 200 billion very random people squeeze into your bus every second,” Telegram explained on its blog.

The company, which delivers more than two billion messages each day and claims 62 million month active users worldwide, said its service was down for five percent of entire user base globally, and 30 percent of traffic affected in Asia specifically.

DDOS attacks are notoriously difficult to track and near impossible to attribute to specific culprits. Telegram believes that the attack — which seems fairly sophisticated since it was evenly distributed across thousands of servers — “is being coordinated from East Asia”.

We’ve noticed a three-fold increase in signups from South Korea in the last two weeks. The last time we were hit by a massive DDoS was in late September, 2014, in the wake of the South Korean privacy scandal when signups from that country spiked as well.

We’ve also heard that some companies are unhappy with our new platform that allows artists to create free custom stickers for the users. Two weeks after its launch we were hit by a lesser DDoS, also aimed specifically at the Asia Pacific cluster.

For those who aren’t aware, Korea is the home of messaging apps Line and Kakao Talk. Telegram claimed Friday that Line filed a complaint related to the use of stickers in the Telegram Android app. Google removed the Telegram app from the Play Store, only to return it hours later once the issue had been settled.

Line declined to comment on its apparent complaint when asked for details by TechCrunch. While the company may have objected to Telegram using its IP, it seems unlikely that the company coordinated the DDOS attack itself.

Someone in China seems a more likely attacker. That’s because, during its sticker skirmish, Telegram picked up a little notoriety of its own in the world’s most populous country.

The service was labeled an “anti-government” tool in a Sunday article in state-run mouthpiece/newspaper Peoples Daily [Google Translate link]. That label was applied after the service was reportedly used by a set of human rights lawyers who were arrested by the government on Friday. They are said to have used the service and its self-destructive messaging feature, to plan protests and generally go about their work with less chance of the government’s eavesdropping.

“We know nothing for sure, so we do not make any accusations,” Telegram founder Pavel Durov told TechCrunch of the DDOS. “One thing is certain: somebody powerful in Asia is unhappy. We have never seen DDoS of such scale and efficiency before. And we’ve seen a lot.”

A lot of factors sure point to China.

There’s the way that the Chinese government dosed GitHub with a days-long DDOS attack because it stored information from internet freedom organization GreatFire that explained how to override censorship in the country.

Then, beyond the fact that human rights lawyers (or ‘dissidents’ in state-run press jargon) were Telegram users, China has a history with messaging apps. Tencent-owned WeChat is too large to be shut down, but it is subject to regular ‘clean ups’. In similar circumstances to Telegram, Line and Kakao Talk were blocked in China last year on suspicion of helping “spread information linked to terrorists activities.”

There were reports that Telegram, too, was getting blocked altogether in China over the lawyer controversy, although Durov disputes this, adding that his company would be unlikely to fight a block from China, anyway.

“I don’t think Telegram is completely blocked in China, but the traffic from there did decrease,” he said. “[But] if we do get completely blocked in China, we’re not going to play cat and mouse with their government at this stage. Let them block.”

It’s an interesting position for Durov, who helped create Telegram in the wake of censorship controversies in Russia, and then left the country altogether when those issues began to intensify. It seems he prefers to lead by example rather than direct confrontation.

Ultimately, Durov may be right and there’s no clear sign of who is behind the attack, however we know that China’s attitude to internet censorship has changed. Once focused on reactive actions, these days — as its newest internet weapon ‘The Great Cannon’ shows — it seems comfortable with taking services and websites out using aggressive and offensive tactics.