Opponents of the Hong Kong government’s extradition bill used encrypted chat apps to plan mass rallies and call out fellow demonstrators, in a bid to evade the prying eyes of authorities over the past turbulent week.
Yet an administrator of a chat group on Telegram, a cloud-based messaging app popular among dissidents and activists, was nabbed by the city’s police last week for “committing public nuisance”.
The arrest came after some 27,700 members in the group swapped messages and images of the ongoing rallies and discussed tactics they could use, after anger began to simmer among Hongkongers over the controversial bill.
Papers in the city reported that investigators raided the group manager’s home and tried to break into his smartphone, said to be a Xiaomi model, to retrieve the chat history as well as the member list of the now-defunct chat group (@parade69).
“I never thought that just speaking on the internet, just sharing information, could be regarded as a speech crime… I’m scared that they will show up again and arrest me…” the chat leader, Ivan Ip, 22, told the New York Times.
The move could be a sign that authorities in Hong Kong have started tracking people in the digital domain, taking cues from methods that law enforcers north of the border have used in policing.
The Telegram team also sounded the alarm that it was targeted by a huge, “state actor-sized” cyber-attack – a distributed denial of service (DDoS) attack, to be precise – that “originated from China”, according to CEO Pavel Durov.
Servers for the app’s encrypted end-to-end chats were overwhelmed by Chinese hackers who crammed a deluge of junk data, between 200 to 400 gigabytes per second, into the network.
Telegram has been banned in China since 2015.
A DDoS is a “Distributed Denial of Service attack”: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper. (1/2)
— Telegram Messenger (@telegram) June 12, 2019
“Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you — and each is ordering a whopper,” it said. “The server is busy telling the whopper lemmings they came to the wrong place — but there are so many of them that the server can’t even see you to try and take your order,” Telegram posted a series of tweets explaining the nature of the attack.
The app, however, does not have end-to-end encryption for its group chats.
Some cybersecurity experts also say WhatsApp and Wire could be more secure, and FireChat, which makes use of Bluetooth, not a cellular network, to keep in touch with people in close vicinity, may also be a viable substitute. Those who choose to stick to Telegram are advised to hide their phone numbers and status in the app’s privacy and security settings.
There have also been reports that many protesters, mostly masked, had chosen to queue up to buy single-journey tickets to take Hong Kong’s MTR as they flock to the site of rallies, rather than swiping their Octopus cards to go through turnstiles out of the fear that authorities may track their movement. The contactless smart card is issued by a company indirectly owned by the government and is ubiquitous in settling payments in the city.
Millions of Hongkongers took to the streets in three mass processions within the short span of a week, undaunted by tear gas and rubber bullets, in a defiant show of resolve, forcing Carrie Lam, Hong Kong’s embattled leader, to halt her government’s plan to amend the extradition law.
Lam offered a perfunctory apology over the weekend – a humiliating climbdown just days after she labeled the generally peaceful protests “blatant, organized riots.”