This past weekend Telegram, a security-enhanced chat app, was crippled in Asia by a cyber attack—though by whom so far remains a mystery.
The DDoS (distributed denial of service) attack targeted users in the Asia-Pacific region, reported Telegram Messenger, the Berlin-based nonprofit behind the well-encrypted app. In layman’s terms, a DDoS attack is when a perpetrator overwhelms an entity’s servers with dummy traffic, in order to render a site or web service inaccessible to its users.
Telegram said that users in Southeast Asia, Oceania, Australia, and parts of India were affected by the attack, which originated in East Asia and, it speculated, might have been launched by competitors.
“The last time we were hit by a massive DDoS was in late September, 2014, in the wake of the South Korean privacy scandal when signups from that country spiked as well,” the organization wrote on its blog.
Telegram was not-so-subtly pointing to two competing chat apps as possible culprits: Line, which is popular in Japan, and KakaoTalk, big in South Korea. Telegram co-founder Pavel Durov implied on Twitter yesterday that Line might have initiated the attack after allegedly issuing a complaint about Telegram to Google Play.
But another popular theory is that Beijing might have been involved in the attack, as the timing is quite suggestive. Over the weekend China abruptly began an unprecedented crackdown on human rights lawyers. More than 100 people have been detained or questioned.
These lawyers were communicating with one another during the crackdown through several messaging services, including Telegram, according to a report in the state-run People’s Daily. The article devotes a paragraph (link in Chinese) to Telegram, quoting detained legal scholar Di Ruimin to describe how lawyers used the app.
“Telegram was mainly used to form groups. Inside, most of the talk was attacking the party or government. We’d use it to plan, and to organize all sorts of public demonstrations.”
Telegram’s website (and thus the web version of its service) was inaccessible from China Friday through Sunday, according to the watchdog group GreatFire. Meanwhile Weibo users have complained the app was unusable in China, and one Telegram user reported the service went down domestically at 4:30pm on Friday.
In March, China appeared to launch a similar attack against GitHub, which like Telegram is based outside of China and well encrypted. The Citizen Lab, a research group from Canada, dubbed the attack apparatus “The Great Cannon,” to mark it as a sister component to “The Great Firewall,” which China uses to censor content from within China.
China’s involvement isn’t certain, despite the timing overlap. Telegram itself has not confirmed whether usage of its service suffered significantly in China, or if so by how much. Yesterday morning, one user in Beijing told Quartz that she could use the app freely, though she could not access Telegram’s webpage.
Such discrepancies are not uncommon in China, making it difficult to differentiate a ”block” from a technical hiccup. In addition, Telegram has suffered DDoS attacks in the past.
Quartz has reached out to Telegram and GreatFire for comment and will update this piece if we hear back.