While it's very likely these attacks are related to HK protests, it's simply not true that Telegram has "traced" this attack to China.
"IP addresses coming mostly from China" accurately describes most botnets, this tells us essentially nothing about the attackers.
"Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception."
At a certain point, you have to declare the correlation is actually a causation.
That doesn't really change anything I said, pointing out the correlation is very different from tracing the attacks. A better headline for this story would've been "Telegram Faces Cyber Attack During Hong Kong Protests"
FWIW 200-400Gb/s is mildly sophisticated teenager-sized, but perhaps that's who the state actors are paying.
Correct me if I'm wrong: Telegram has been blocked in China mainland. So if normal Chinese botnets want to DDOS Telegram, they will be blocked by GFW first. So how these botnets succeeded? Does that mean they are "special"?
GFW has many ways of blocking things, I would assume that they just aren't blocking all traffic to telegram IPs.
Pretty sure they are.
Are they actually blocking outgoing packets to the IPs or injecting RSTs or blocking incoming packets from those IPs? I don't have a Chinese connection to test from right now.
My understanding is that it's a heterogeneous system that does different things for different people at different times.
Looks like Wikipedia has some technical details-
> it's simply not true
Please provide us with facts supporting or disputing this claim. Otherwise I might have to assume that you are possibly participating in a disinformation campaign.
If you suspect I am participating in a disinformation campaign you should email email@example.com rather than post these silly insinuations.
I'm not going to waste my time trying to provide you with facts disputing a claim that has zero supporting evidence behind it in the first place. It is asinine of you to even ask.
I run a group of telegram bots for helping to moderate these large telegram groups. A quick look through the logs shows mostly a lot of marijuana for sale in Dutch and a heap of cryptocurrencies preventing spam attacks. Having said that, as the bots are used in hundreds of groups I wonder what analysis I could do on the data.
When I visited Ukraine, a friend pointed out lots of graffiti advertising people that sell drugs on Telegram.
Don’t these methods of selling drugs mean the police can really easily infiltrate/perform a ‘sting’ operation? How do they verify the buyer and protect themselves from this?
In Ukraine and Russia dead-drops as a method of delivery is common. They also use the postal system just like regular dark web markets, what Telgram groups and contacts replace is the actual market part, reputation scoring and escrow
Interesting. I didn't know what dead-drops were. Here's the wikipedia entry: https://en.wikipedia.org/wiki/Dead_drop
this is mostly because of reach.
telegram is the defacto communication medium in russia and ukraine.
they don't sell there for one reason or another. it's simply because all their clientele is there. no need to overthink it.
You can probably "trace" most cyber attacks to China. Among all countries, it is comparatively easy for hackers to build a large botnet in China and use it to attack third parties because there are many unsophisticated Chinese internet users.
China could be behind this attack, but tracing IP address is really meaningless here.
Bloomberg is growingly anti China. Rigorous political-unbiased journalism is hard to find even in the US.
On another note, did any other services go down or have trouble during this period? What other methods of communication are people on the ground in Hong Kong using?
More interesting question is how many of those popular services in HK had good availability during the protests.
Because it would be a pretty good indicator of which ones the Chinese government had already intercepted.
WhatsApp, Facebook, Gmail etc were all working fine without issue yesterday. The local TV stations were all livestreaming on Facebook and I set up a monitor with Chromecast in the office for my colleagues to keep up to date throughout the day.
Hong Kong isn't inside the GFW.
Mostly used Telegram and LIHKG (local forum). Tried to use Firechat but it stopped working properly before we ever needed it.
200-400 gigabit/s is not that huge.
From the outside it looks like these protests ended up like the "Yellow vests" ones in France: There is valid concern but the movement is taken over by organised, violent extremists.
This brings the question: If violent actions are organised through e.g. Telegram, do the local authorities have a quick way to disable the service?
This seems to be an important question these days, not only in China/HK, but everywhere and we've seen authorities in several countries taking this sort of steps, which is legitimate in some circumstances.
Before Telegram and similar apps would you have been okay with shutting down the mobile phone network if a minority of protestors might have committed some violent actions ?
Or maybe instead of a disproportionate crackdown maybe just do what they've done since forever and just have police at the protests arresting whomever is violent.
The issue in Hong Kong is that it was mostly the police who were violent.
Note that my main question is how can the authorities "fight back" in real time against people using sophisticated communication tools to organise violent actions (I could even use the term 'terrorism' for the more serious cases).
The role of the police is also to prevent violence against individuals and property, not just to arrest people after the fact.
I think this is a perfectly legitimate question.
Edit: Once again I seem to be the only adult in the room, so good night and good luck.
> Once again I seem to be the only adult in the room
You've been continuing to post quite a lot of flamebait and unsubstantive comments, ignoring our requests to stop. Continuing to do that will get you banned here. Please review https://news.ycombinator.com/newsguidelines.html and stop doing that.
You're treading a very dangerous line, here.
To an oppressive regime, any "fighters" against that regime could be labelled "terrorism", for pragmatic approaches to dealing with the people who no longer want to be extorted, brutalised, tortured, murdered, what-have-you.
If all you have to do is label a tool as 'x' to block it and shut it down, then - in premise - you're denying all of the users of that service one of the inalienable rights that you're supposed to enjoy: Which is the right to peacefully assemble and/or protest.
That seems like a very large, oppressive, back-handed means to quash the few that you're actually having problems with.
The answer to your question is human intelligence
If a group is sufficiently behaving badly the chances of you cultivating an informant or receiving intelligence tips are high
Some of this modern mass policing that relies on signals intelligence feels like the investigators just want to sit at a computer and have it mass-print out arrest warrants
> The role of the police is also to prevent violence against individuals and property, not just to arrest people after the fact.
This can very quickly cross into “let’s curtain people’s rights because we think they might commit crimes”–I would be careful with this.
I don’t think hundreds of thousands of people, a significant portion of the country’s population, protesting would ever be called ‘terrorism’ by a reasonable person.
It turned violent on both sides, that does not mean it was organised violence.
This poses another question thou: what about if the protests/movement is big enough to mean that the government is at fault, because the people, the real people in the streets wants something else? If you give that power to the government then you're cutting away a mean (coordinating protests at scale) to get rid of the Government if it's really needed.
Democracy attempts to answer that question by allowing real people to change the government.
If they did their jobs and understood the targets, they wouldn't need to fight back "in real time", they could actually address the source of the problem instead of hysterically fighting symptoms while causing immense collateral damage to free society, far worse than the actual terrorism.
Methinks the lady doth protest too much.
in protests in brazil and arab spring, whatsapp groups helped organizers pinpoint (sadly, both were after the fact) plain clothes police activity within the protests creating artificial agitation to justify the use of force.
You kind of sound paid to post