Antihack Blog

Chinese cyberattack hits Telegram, messaging app used by Hong Kong protesters

14 Jun 2019

A network of computers in China bombarded Telegram, a secure messaging app used by many of the protesters, with a huge volume of traffic that disrupted service. The app’s founder, Mr Pavel Durov, said the attack coincided with the Hong Kong protests, a phenomenon that Telegram had seen before.
“This case was not an exception,” he wrote.
The Hong Kong police made their own move to limit digital communications. On Tuesday (June 11) night, as demonstrators gathered near Hong Kong’s legislative building, the authorities arrested the administrator of a Telegram chat group with 20,000 members, even though he was at his home miles from the protest site.
“I never thought that just speaking on the internet, just sharing information, could be regarded as a speech crime,” the chat leader, Mr Ivan Ip, 22, said in an interview.
“I only slept four hours after I got out on bail,” he said. “I’m scared that they will show up again and arrest me again. This feeling of terror has been planted in my heart. My parents and 70-year-old grandma who live with me are also scared.”

Past the tear gas, rubber bullets and pepper spray, the Hong Kong protests are also unfolding on a largely invisible, digital front. Protesters and police officers alike have brought a new technological savvy to the standoff.
Demonstrators are using today’s networking tools to muster their ranks, share safety tips and organise caches of food and water, even as they take steps to hide their identities.
The Hong Kong authorities are responding by tracking the protesters in the digital places where they plan their moves, suggesting they are taking cues from the ways China polices the internet.
In mainland China, security forces track chat messages, arrest dissidents before protests even occur, and are increasingly detaining people over posts critical of the government. The Hong Kong police have visited the mainland at times looking at ways of stopping terrorism.

We know the government is using all kinds of data and trails to charge people later on,” said Mr Lokman Tsui, a professor at the School of Journalism and Communication at the Chinese University of Hong Kong.
Protesters used some of the same tools to organise in 2014, when the Occupy Central demonstration shut down parts of the city for more than two months. But their caution shows a growing awareness that the new digital tools can be a liability as well as an asset.
The police during the Occupy protests used digital messages to justify the arrest of a 23-year-old man, saying he used an online forum to get others to join in. One message that then spread over the WhatsApp chat service included malware, disguised as an app, that appeared to be for eavesdropping on Occupy organisers. Researchers said the malware most likely came from China’s government.
“People are minimising their footprints as much as possible,” Mr Tsui said. “In that regard, it’s very different from five years ago. People are much more conscious and savvy about it.”



This week’s protests were sparked by the Hong Kong government’s plans to enact a new law that would allow people in the city to be extradited to mainland China, where the court system is closed from public scrutiny and tightly controlled by the Communist Party. On Thursday, city officials delayed plans to consider the legislation.
Telegram said on its Twitter account that it was able to stabilise its services shortly after the attack began. It described the heavy traffic as a DDoS attack, in which servers are overrun with requests from a coordinated network of computers. In his tweet, Mr Durov said the attack’s scale was consistent with a state actor.
Beijing has been blamed in the past for attacks that silence political speech outside mainland China’s borders. In 2014, an informal online referendum about Hong Kong’s political future drew what at that time was one of the largest such attacks in history. A separate cyberattack in 2015 hijacked traffic from Baidu, the Chinese search engine, to overload a website hosting copies of services blocked in China, like Google, the BBC and The New York Times.
The Chinese government Thursday denied it had played a role and said China was often a victim of hacking itself. “We have always advocated that the international community should jointly safeguard the security of cyberspace through dialogue and cooperation,” Mr Geng Shuang, a spokesman for China’s Foreign Ministry, said during a daily news briefing.

In Hong Kong, the authorities focused on Mr Ip, the chat room organiser, whom they saw as a ringleader. He said that the police arrived at his door with a warrant around 8 pm. More than 10 officers demanded he unlock his phone, explaining that they were searching for extremists in the chat groups he administered.
At first he refused, but when they threatened to use a device to break into his Xiaomi 6 smartphone, he relented and entered the password. They then downloaded his chat records.
While searching his room, the officers backed down only after his parents complained, he said. The police officers implied that they had found him based on his phone number, which was linked to his identification.
While Telegram conversations can be encrypted, the service does not have end-to-end encryption for its group chats, said Mr Tsui, the communications professor. After Mr Ip was arrested, groups distributed warnings to use new pay-as-you-go SIM cards or register foreign numbers online to join groups.



In a statement, the Hong Kong police’s Cybersecurity and Technology Crime Bureau said he had been arrested because he was suspected of conspiracy to cause a public nuisance. He was released on bail, but the police said an investigation was continuing. Ip said he had not attended any protests this week.
Many of the protesters are college-aged and digitally savvy. They took pains to keep from being photographed or digitally tracked. To go to and from the protests, many stood in lines to buy single-ride subway tickets instead of using their digital payment cards, which can be tracked. Some confronting the police covered their faces with hats and masks, giving them anonymity as well as some protection from tear gas.
On Wednesday, several protesters shouted at bystanders taking photos and selfies, asking those who were not wearing press passes to take pictures only of people wearing masks. Later, a scuffle broke out between protesters and bystanders who were taking photos on a bridge over the main protest area.
For some, the most flagrant symbol of defiance came from showing one’s face.
On Wednesday, as demonstrators prepared for a potential charge by the police, a drone flew overhead. The protesters warned one another about photos from above, but Ms Anson Chan, a 21-year-old recent college graduate, said she was unconcerned about leaving her face exposed, potentially revealing her identity.
Ms Chan said she felt compelled to join the protests out of concern about the proposed law.
“Once people get taken to China, they can’t speak for themselves,” said Ms Chan, who had traveled nearly two hours from Lok Ma Chau in northern Hong Kong to show support and hand out supplies after seeing scenes of violence on the news.
The mainland’s restrictions were on the minds of many.
“The bottom line is whether to trust Beijing,” said Mr Tsui, the communications professor. “This is a government that routinely lies to its own citizens, that censors information, that doesn’t trust its own citizens. You can’t ask us to trust you if you don’t trust us.”

Source: Todayonline

Dexter Ng ( CTO at AntiHack.me) : https://www.peerlyst.com/users/dexter-ng