Hacker News

FDSGSG said 3 months ago:

While it's very likely these attacks are related to HK protests, it's simply not true that Telegram has "traced" this attack to China.

"IP addresses coming mostly from China" accurately describes most botnets, this tells us essentially nothing about the attackers.

wyuenho said 3 months ago:

"Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception."

At a certain point, you have to declare the correlation is actually a causation.


FDSGSG said 3 months ago:

That doesn't really change anything I said, pointing out the correlation is very different from tracing the attacks. A better headline for this story would've been "Telegram Faces Cyber Attack During Hong Kong Protests"

FWIW 200-400Gb/s is mildly sophisticated teenager-sized, but perhaps that's who the state actors are paying.

leavjenn said 3 months ago:

Correct me if I'm wrong: Telegram has been blocked in China mainland. So if normal Chinese botnets want to DDOS Telegram, they will be blocked by GFW first. So how these botnets succeeded? Does that mean they are "special"?

FDSGSG said 3 months ago:

GFW has many ways of blocking things, I would assume that they just aren't blocking all traffic to telegram IPs.

parsadotsh said 3 months ago:

Pretty sure they are.

FDSGSG said 3 months ago:

Are they actually blocking outgoing packets to the IPs or injecting RSTs or blocking incoming packets from those IPs? I don't have a Chinese connection to test from right now.

brianpgordon said 3 months ago:

My understanding is that it's a heterogeneous system that does different things for different people at different times.

Looks like Wikipedia has some technical details-


officialchicken said 3 months ago:

> it's simply not true

Please provide us with facts supporting or disputing this claim. Otherwise I might have to assume that you are possibly participating in a disinformation campaign.

FDSGSG said 3 months ago:

If you suspect I am participating in a disinformation campaign you should email hn@ycombinator.com rather than post these silly insinuations.

I'm not going to waste my time trying to provide you with facts disputing a claim that has zero supporting evidence behind it in the first place. It is asinine of you to even ask.

said 3 months ago:
tomglynch said 3 months ago:

I run a group of telegram bots for helping to moderate these large telegram groups. A quick look through the logs shows mostly a lot of marijuana for sale in Dutch and a heap of cryptocurrencies preventing spam attacks. Having said that, as the bots are used in hundreds of groups I wonder what analysis I could do on the data.

Robadob said 3 months ago:

When I visited Ukraine, a friend pointed out lots of graffiti advertising people that sell drugs on Telegram.

kzzzznot said 3 months ago:

Don’t these methods of selling drugs mean the police can really easily infiltrate/perform a ‘sting’ operation? How do they verify the buyer and protect themselves from this?

wp381640 said 3 months ago:

In Ukraine and Russia dead-drops as a method of delivery is common. They also use the postal system just like regular dark web markets, what Telgram groups and contacts replace is the actual market part, reputation scoring and escrow

onemoresoop said 3 months ago:

Interesting. I didn't know what dead-drops were. Here's the wikipedia entry: https://en.wikipedia.org/wiki/Dead_drop

said 3 months ago:
ggg2 said 3 months ago:

this is mostly because of reach.

telegram is the defacto communication medium in russia and ukraine.

they don't sell there for one reason or another. it's simply because all their clientele is there. no need to overthink it.

majia said 3 months ago:

You can probably "trace" most cyber attacks to China. Among all countries, it is comparatively easy for hackers to build a large botnet in China and use it to attack third parties because there are many unsophisticated Chinese internet users.

China could be behind this attack, but tracing IP address is really meaningless here.

supertiger said 3 months ago:

Bloomberg is growingly anti China. Rigorous political-unbiased journalism is hard to find even in the US.

said 3 months ago:
tomglynch said 3 months ago:

On another note, did any other services go down or have trouble during this period? What other methods of communication are people on the ground in Hong Kong using?

threeseed said 3 months ago:

More interesting question is how many of those popular services in HK had good availability during the protests.

Because it would be a pretty good indicator of which ones the Chinese government had already intercepted.

spacehunt said 3 months ago:

WhatsApp, Facebook, Gmail etc were all working fine without issue yesterday. The local TV stations were all livestreaming on Facebook and I set up a monitor with Chromecast in the office for my colleagues to keep up to date throughout the day.

Hong Kong isn't inside the GFW.

throwaway1997 said 3 months ago:

Mostly used Telegram and LIHKG (local forum). Tried to use Firechat but it stopped working properly before we ever needed it.

said 3 months ago:
fabioyy said 3 months ago:

200-400 gigabit/s is not that huge.

NotPaidToPost said 3 months ago:

From the outside it looks like these protests ended up like the "Yellow vests" ones in France: There is valid concern but the movement is taken over by organised, violent extremists.

This brings the question: If violent actions are organised through e.g. Telegram, do the local authorities have a quick way to disable the service?

This seems to be an important question these days, not only in China/HK, but everywhere and we've seen authorities in several countries taking this sort of steps, which is legitimate in some circumstances.

threeseed said 3 months ago:

Before Telegram and similar apps would you have been okay with shutting down the mobile phone network if a minority of protestors might have committed some violent actions ?

Or maybe instead of a disproportionate crackdown maybe just do what they've done since forever and just have police at the protests arresting whomever is violent.

jstanley said 3 months ago:

The issue in Hong Kong is that it was mostly the police who were violent.

NotPaidToPost said 3 months ago:

Note that my main question is how can the authorities "fight back" in real time against people using sophisticated communication tools to organise violent actions (I could even use the term 'terrorism' for the more serious cases).

The role of the police is also to prevent violence against individuals and property, not just to arrest people after the fact.

I think this is a perfectly legitimate question.

Edit: Once again I seem to be the only adult in the room, so good night and good luck.

dang said 3 months ago:

> Once again I seem to be the only adult in the room

You've been continuing to post quite a lot of flamebait and unsubstantive comments, ignoring our requests to stop. Continuing to do that will get you banned here. Please review https://news.ycombinator.com/newsguidelines.html and stop doing that.

maxheadroom said 3 months ago:

You're treading a very dangerous line, here.

To an oppressive regime, any "fighters" against that regime could be labelled "terrorism", for pragmatic approaches to dealing with the people who no longer want to be extorted, brutalised, tortured, murdered, what-have-you.

If all you have to do is label a tool as 'x' to block it and shut it down, then - in premise - you're denying all of the users of that service one of the inalienable rights that you're supposed to enjoy: Which is the right to peacefully assemble and/or protest.

That seems like a very large, oppressive, back-handed means to quash the few that you're actually having problems with.

cotelletta said 3 months ago:

If they did their jobs and understood the targets, they wouldn't need to fight back "in real time", they could actually address the source of the problem instead of hysterically fighting symptoms while causing immense collateral damage to free society, far worse than the actual terrorism.

wp381640 said 3 months ago:

The answer to your question is human intelligence

If a group is sufficiently behaving badly the chances of you cultivating an informant or receiving intelligence tips are high

Some of this modern mass policing that relies on signals intelligence feels like the investigators just want to sit at a computer and have it mass-print out arrest warrants

saagarjha said 3 months ago:

> The role of the police is also to prevent violence against individuals and property, not just to arrest people after the fact.

This can very quickly cross into “let’s curtain people’s rights because we think they might commit crimes”–I would be careful with this.

kzzzznot said 3 months ago:

I don’t think hundreds of thousands of people, a significant portion of the country’s population, protesting would ever be called ‘terrorism’ by a reasonable person.

It turned violent on both sides, that does not mean it was organised violence.

darkwater said 3 months ago:

This poses another question thou: what about if the protests/movement is big enough to mean that the government is at fault, because the people, the real people in the streets wants something else? If you give that power to the government then you're cutting away a mean (coordinating protests at scale) to get rid of the Government if it's really needed.

thinkingemote said 3 months ago:

Democracy attempts to answer that question by allowing real people to change the government.

said 3 months ago:
cirgue said 3 months ago:


Methinks the lady doth protest too much.

ggg2 said 3 months ago:

in protests in brazil and arab spring, whatsapp groups helped organizers pinpoint (sadly, both were after the fact) plain clothes police activity within the protests creating artificial agitation to justify the use of force.

robert_foss said 3 months ago:

You kind of sound paid to post