The popular messaging app Telegram recently suffered a DDoS (Distributed Denial of Service attack) attack that affected the users in the United States, Hong Kong, and in other countries. Telegram, well-known for its encryption, privacy, and self-destructive private messages, stated the users might have experienced connection issues due to the attack.
Telegram took to Twitter to notify its users. “We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues,” Telegram said in a Twitter post. Describing the attack Telegram said, “A DDoS is a “Distributed Denial of Service attack”: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper.”
“The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order. To generate these garbage requests, bad guys use “botnets” made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa,” Telegram tweeted.
While confirming that users’ data was not misused in the attack, Telegram said, “There’s a bright side: All of these lemmings are there just to overload the servers with extra work – they can’t take away your BigMac and coke. Your data is safe.”
Meanwhile, the Telegram founder Pavel Durov stated the Chinese government may have been behind the DDoS attack. Durov described the incident as a “state actor-sized DDoS” which came mainly from IP addresses located in China. The attack coincided with the ongoing protests in Hong Kong, where people are using Telegram to avoid detection while coordinating their protests.
Recently, Pavel Durov criticized WhatsApp after it revealed a vulnerability in its network system that allowed hackers to install spyware via an infected WhatsApp voice call. In his blog post, Durov wrote an article, Why WhatsApp will never be secure, criticizing WhatsApp on its latest data breach.
“This news didn’t surprise me though. Last year WhatsApp had to admit they had a very similar issue a single video call via WhatsApp was all a hacker needed to get access to your phone’s entire data,” Pavel Durov stated in his blog post. Every time WhatsApp must fix a critical vulnerability in their app, a new one seems to appear in its place. All their security issues are conveniently suitable for surveillance and look and work a lot like backdoors.”
“Unlike Telegram, WhatsApp is not open source, so there’s no way for a security researcher to easily check whether there are backdoors in its code. Not only does WhatsApp not publish its code, they do the exact opposite: WhatsApp deliberately obfuscates their apps’ binaries to make sure no one is able to study them thoroughly,” Durov added.