Encrypted messaging platform Telegram revealed a massive Distributed Denial of Service (DDoS) cyberattack targeting it for the past few days, perhaps not coincidentally beginning at the same time as the latest protest in Hong Kong against an extradition law favored by mainland China.

The company traced the attack back to Internet addresses in China.

Telegram founder Pavel Durov explicitly stated his belief that the Chinese government or its proxies – the “rogue hackers” who somehow manage to infest the authoritarian Communist state and have a pronounced tendency to attack targets the government denounces – launched the attack.

Durov said he believed the goal was to frustrate activists in Hong Kong, who make extensive use of Telegram to talk about politics and coordinate their activities:

IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception. — Pavel Durov (@durov) June 12, 2019

Telegram’s tech support team had a colorful way of explaining how the DDoS attack worked:

A DDoS is a “Distributed Denial of Service attack”: your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper. (1/2) — Telegram Messenger (@telegram) June 12, 2019

The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order. (2/2) — Telegram Messenger (@telegram) June 12, 2019

To generate these garbage requests, bad guys use “botnets” made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa. — Telegram Messenger (@telegram) June 12, 2019

Telegram assured users that the attack jeopardized none of their private data and the situation was beginning to “stabilize” on Thursday.

The BBC noted on Friday that a man “identified as a Telegram group administrator” was arrested in Hong Kong for “conspiracy to commit public nuisance” while the DDoS attack was in progress.

“The basis of the allegations against Ivan Ip, who is in his 20s and managed a conversation involving 30,000 members, is that he plotted with others to charge the Legislative Council Complex and block neighboring roads,” the South China Morning Post elaborated.

The group in question is one of the primary coordinators for protests against the Hong Kong extradition bill. It reportedly lost thousands of members after the cyberattack on Telegram was launched and the administrator was arrested.

The SCMP noted Telegram, WhatsApp, Signal, FireChat, and other encrypted messaging systems have grown enormously popular in Hong Kong, particularly among young people. Demand for encrypted messaging apps surged as resistance to the extradition bill intensified.

Hong Kongers theoretically have freedoms of assembly and expression far beyond the Chinese Communist Party’s subjects on the mainland, but they are increasingly worried about surveillance and crackdowns ordered by Beijing.

Hong Kongers have grown paranoid enough to avoid using transit payment cards that could be used to track their movements or public wi-fi networks, and some have taken to wrapping their wallets in tin foil to shield the chips in their credit, bank, and ID cards.

Observers in Hong Kong subways noticed on Thursday that demonstrators avoided using the “Octopus card,” an easily refillable debit card commonly used to pay for mass transit, and mobbed the cash ticketing booths instead – even though cash tickets are not only less convenient but more expensive. Asked about their preference for cash tickets, demonstrators said the Octopus card could be used to track their movements, a lesson they learned during the crackdown on the Umbrella Movement.

The SCMP article implied Hong Kong dissidents learned lessons after the 2014 Umbrella Movement – until now the largest pro-democracy demonstrations since the United Kingdom returned control of the island to China in 1997. The Umbrella Movement was largely coordinated through unencrypted posts on Facebook and Twitter. The pro-Beijing government of Hong Kong ultimately suppressed it.

The Chinese Foreign Ministry on Friday insisted that “China has always opposed any form of cyberattacks” because “China is also a victim of cyberattacks.”