Cyber Security Commentary On The DDOS Attacks On Telegram During Hong Kong Protests

As part of our experts Comments Series,  Dr Guy Bunker, CTO at Clearswift Cyber Security commented below on the subject of the recent use of DDOS attacks on the messaging app Telegram, which the founder of Telegram states was a concerted state-sponsored attack intended to disrupt the Cantonese anti-extradition protests. Dr Bunker discusses the ways in which the attack may have been carried out, as well as how firms can protect themselves from such attacks.   

Dr Guy Bunker, CTO at Clearswift: 

Guy Bunker

“DDoS attacks can be carried out in a number of different ways, and it has become increasingly simple to ‘hire’ a botnet to carry out the attack by multiple means which makes it more difficult to prevent. Programmes such as LOIC has been around for many years and so can be mitigated relatively well against using network filtering – which many of the larger internet based applications, e.g. messaging apps, already have.   

For larger application providers, success against a DDoS attack is a question of numbers, is it possible to filter out the junk requests and increase the bandwidth available to ensure that the service stays up for legitimate users faster than the number of junk requests which are being sent to take the system down. For smaller providers, particularly those who do not have their own datacentres, they will have imposed bandwidth limitations that can be more easily taken out by the attacker.   

Organizations who rely on cloud based applications need to ensure that they ask questions of the provider around security. While this is often about data loss and how it can be prevented, they should also ask about DDoS and what monitoring and controls are in place to prevent a DDoS attack. Within the cloud (and depending on the application), it is entirely possible for an attack to be launched against *another* customer of the same service, which brings down the service which will then impact your organization. Ensuring that the provider has adequate DDoS detection and prevention in place needs to be part of the evaluation of that service.