Facebook and WhatsApp rivals hit by DDoS attacks

Two technology start-up companies which are seen as more secure alternatives to Facebook and WhatsApp were hit by distributed denial of service (DDoS) attacks over the weekend.

Facebook and WhatsApp rivals hit by DDoS attacks
Facebook and WhatsApp rivals hit by DDoS attacks

Ello and Telegram have both been making the news as the latest rivals to social media heavyweights Facebook and its newly-acquired instant messaging app WhatsApp.

The invite-only and ad-free Ello social network is being promoted as the ‘anti-Facebook' and doesn't sell data to third parties (collected data is anonymous and aggregated – making it useless to Google for advertising purposes), while the Russia-based Telegram has been marketed as a privacy-friendly alternative to WhatsApp.

Telegram uses the custom MTProto encryption protocol and employs end-to-end encryption for secret chats, moves which have helped increase its popularity in Europe ever since Facebook – which has been roundly criticised for data privacy in recent months – announced a deal to acquire WhatsApp for £11.7 billion (US$ 19 billion).

However, both start-ups saw a temporary dip in fortunes over the weekend after they were hit by independent DDoS attacks.

Telegram's DDoS attack lasted for two days with one registering as high as 150Gbps. Service remained as normal in most countries although users in some countries lost connection and were unable to send outgoing messages. The application is available for Apple's iOS and Google's Android.

“A DDoS attack on Telegram in progress, tens of Gigabit\sec. Users in some countries may have connection issues. We're working on it, folks!” the firm tweeted on Twitter over the weekend.

“Detecting a 150+ Gbit/s DDoS now, an attack three times as large as yesterday's” it added on Sunday, before confirming that user data had not been compromised.

Some social media users speculated that the disruption in service may have had something to do with the riots in China, which reportedly caused Instagram (also owned by Facebook) to be blocked, rumours which coincide with reports that the Chinese government hacked WhatsApp in the belief it was being used for covert communications by activists.

On the same day, Ello reported similar issues, revealing on its website that it had suffered from an outage on its network.

“Investigating - We are undergoing a potential denial of service attack,” the firm said in a short statement.

A later statement on the main page added: “The site is currently unavailable while we conduct some necessary maintenance. Follow along for any updates on our status page.”

Ello fixed the issue by blocking the IP addresses involved with the attack, which lasted 45 minutes.

Martin McKeay, security evangelist at Akamai Technologies, told SCMagazineUK.com that Ello and Telegram ‘make sense' as targets owing to their growing popularity and limited security support (ie they would have only one or two servers, little or no adoption of cloud remediation services).

“I think they both make excellent targets [for DDoS],” he said, adding that Ello's popularity seems to have shot up ‘almost overnight' and to a point where it is seen as the ‘golden child of the internet'.

“When there is a sudden rise in popularity it's going to attract negative attention as well.” He continued that the 150Gbps attack was ‘fairly decent' although noted that cyber-criminals are increasingly looking at bigger and faster attacks, and at often at layer seven to defeat the communications channel.

Andrew Rose, a former security analyst at Forester and newly-appointed CISO at NATs (National Air Traffic Services), told SCMagazineUK.com that the two may have been targeted for their bold security claims.

“I guess one potential issue is that they're putting their head above the parapet, and claiming to be good at security. It's like waving a red flag to a bull,” Rose said.

Dave Larson, CTO at Corero Network Security, added on the Telegram attacks: “The size and scale of this particular attack isn't that surprising. We are seeing volumetric attacks becoming quite the norm, and advise organisations that rely on the internet to conduct business to be prepared for the inevitable. 

"Carrying out a DDoS attack, from the attackers perspective is easy—taking advantage of the millions of exploitable servers to launch highly volumetric attacks against their victims. 

"It's quite simple, in fact to launch 100Gbps, 200Gbps, 300Gbps and so on; even up to Terabit sized attacks. Businesses need to be proactive in defending their revenue generating services against these types of malicious attacks with real-time detection and mitigation. Without proper defences, downtime and outages can render online applications or services unresponsive for hours, or even days at a time – as we saw in the Telegram attack."