Popular encrypted messaging app Telegram was briefly offline Wednesday after it was targeted by a powerful distributed denial-of-service attack, possibly related to current protests in Hong Kong.

The attack took the service, which has an estimated 200 million users, offline for at least an hour but possibly longer, according to some reports.

Telegram did not initially provide details of the DDoS attack, which involves overwhelming a service with a flood of internet traffic. Instead, it provided a somewhat amusing explanation as to what is involved with a DDoS attack, comparing it to buying Whoppers.

“Your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper,” the company wrote on Twitter — mistaking Burger King’s signature burger for a McDonald’s offering. “The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.”

Fast-food analogies aside, DDoS attacks are nearly always malicious in nature with those behind them acting for either commercial or moral gain. Telegram is not liked by a number of governments, notable among them Russia, for not providing access to the service’s encrypted messages. That means a state-sponsored attack could be a possibility here.

Indeed, Telegram Chief Executive Pavel Durov now is blaming China. “IP addresses coming mostly from China,” he tweeted. “Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception.”

Mark Rogan, an application security supervisor at WhiteHat Security Inc., told SiliconANGLE that this attack is particularly worrying because Telegram suffered a previous DDoS attack in August.

“As the saying goes, ‘Fool me once, shame on you; fool me twice, shame on me,’ and Telegram is looking particularly foolish as the company has not learned from its previous incident,” Rogan said. “Personal computers, laptops, IoT devices and even servers, which do not have adequate security, can easily fall victim to malicious actors and become part of a worldwide botnet,” Rogan explained.

He said the botnets, or networks of computers marshaled often without people’s knowledge, can be hard to stop, but it’s not impossible.

“Utilizing application security testing throughout the software life cycle will help ensure any existing threats within the application are mitigated, and adding security automation to your system will allow it to respond in real time against threats regardless of their size,” Rogan added.

Image: Sagor Kumar sr/Wikimedia Commons