14 DAY TRIAL // Telegram, an instant messaging application that works on mobiles and desktop devices, is reporting a three-day DDOS attack on its Asia-Pacific region, attack originating from South Korea, as per company sources.
The Telegram app has been very successful in the recent year, giving Facebook and WhatsApp a run for its money, marketing itself as "a cloud-based mobile and desktop messaging app with a focus on security and speed." So much so that it’s openly advertising a contest where hackers can win $300,000 / €268,000 if they manage to crack its encryption system.
Telegram Asia servers hit by a very large DDOS attack
Now, the company is reporting a 200 Gbps DDOS attack which "for the most part, it was a relatively new type of DDoS known as Tsunami SYN flood, but the attackers have shown some flexibility in their methods and adapted to changes pretty quickly."
As the company's blog post details, most of the attack came from the LeaseWeb B.V., Hetzner Online AG, PlusServer AG, NFOrce Entertainment BV, Amazon and Comcast networks, and none of the sources contributed more than 5% of the total DDOS traffic.
While spreading the attack over multiple sources is a well-known technique if you want to make it difficult for someone to block your DDOS charge, the Telegram team was more dissatisfied with the companies from where the DDOS originated, "the abuse departments in most of the mentioned companies [...] process requests 9-5, Mon-Fri only. (Hours more befitting a scuba-diving shop in Vatican.)"
The DDOS attack affected users living in South & East Asia, Oceania, Australia, and some parts of India.
Telegram admins have also reported a 95% uptime for the period of the attack and are "expecting" to go 100% pretty soon.
“It could be an angry government, but an unhappy competitor seems more likely”
As for the source of the attack, the Telegram team directly pointed the finger at South Korea, implying local competition might have something to do with their current issue.
Telegram has previously experienced two smaller DDOS attacks from South Korea, one in September 2014 after sign-ups from South Korea spiked when the government started cracking up online surveillance, and one at the start of June this year, when Telegram launched its custom stickers functionality.
Telegram is also reporting "a three-fold increase in signups from South Korea" in the past two weeks, so this could probably be the same group that carried out the previous attacks.
Also, coincidentally or not, Friday, the day when the attack started, Pavel Durov, Telegram founder and CEO, also reported the Telegram app was delisted from Google's Play store for a few hours at the complaint of a Japanese IM application, which also has ties to South Korea.
Telegram was kicked out from Play Store for a few hours today due to @naver_line's actions. Now there's a massive DDoS on our Asian cluster.
— Pavel Durov (@durov) July 10, 2015
Telegram grew 3 times in terms of user activity within the last two months alone. No wonder competitors freak out ☝️😀
— Pavel Durov (@durov) July 10, 2015