Pavel Durov, the CEO of the social media messenger service Telegram, who was recently arrested in France, is now increasingly being portrayed as a martyr of freedom of expression. The core argument is that dissidents in Iran, for example, used Telegram or that Ukrainians used it to organize themselves in the war. But experts know that using the service also involves considerable and, above all, unnecessary risks.
Even if, as Telegram explains, no backdoors have been built into the code and it only cooperates with governments in exceptional cases, the devices on which Telegram runs are usually compromised and using the service for sensitive communications therefore does not make sense.
When it comes to spreading news, Telegram is not actually needed in most countries; people should regularly visit trustworthy websites; as was normal before the era of social media. The vast majority of influencers on Telegram are completely unqualified and/or deliberately spread disinformation. The few who are competent could work for trusted media platforms that can be addressed directly.
Pavel Durov is considered to be filthy rich, although Telegram has never been profitable, and no matter how much money he actually controlled, he lived a very comfortable lifestyle. Not exactly the stereotype of a Robin Hood.
Telegram generates revenue through in-app purchases, advertising, subscriptions, etc. It was said not long ago that it was approaching profitability and was considering an IPO. It did not publish revenue figures for eight years. It is not unusual for social media to make large losses for a while and attract users with weak content moderation. At some point, as with YouTube and Facebook, there is usually a major purge and new rules. Then the platform becomes boring and users run to the next platform where there is hardly any moderation.
The French authorities could now put pressure on Telegram to moderate more and share more information. So far, there is no procedure in place to allow a European country to quickly contact Telegram to have content removed and data retrieved.
Are you sure?
After the Russian invasion of Ukraine, Telegram usage exploded: Messages were shared, aid services coordinated, and warnings issued of enemy attacks. The question arises why the Ukrainians or Americans did not program other apps in advance and why no other digital infrastructure was provided. Using Telegram was simply convenient and free.
72% of Ukrainians get their news via Telegram. Privacy is of paramount importance, as the Russians had already drawn up lists of Ukrainians to be imprisoned or targeted for killing before the invasion. The less privacy there is, the more Ukrainians reveal about themselves.
Ukrainian intelligence said Russia spent $250 million on disinformation on Telegram.
So far, there is no definitive confirmation that a backdoor has been programmed into Telegram or that there are vulnerabilities that act as a backdoor and are being exploited by the Russians. In principle, no one should conduct really sensitive communications digitally, no matter what ordinary device or app they use.
WIRED magazine published the report “The Kremlin Has Entered the Chat” with details.
https://www.wired.com/story/the-kremlin-has-entered-the-chat
Unfortunately, dissidents in Russia constantly use digital communications via Telegram. Hundreds of such people have been confronted with their chat messages in criminal proceedings. This may simply be because the devices used themselves were infected with spy software, thus bypassing Telegram’s encryption. The use of informants is also typical.
In Ukraine, there is currently active discussion about the security of the Telegram messenger and possible restrictions on its use or even a complete blocking. The reason for the discussions was the column by Petcube founder Jaroslaw Ashniuk, which he published in several media on March 29, as well as the words of the head of the Ukrainian state security service Kirill Budanov.
Telegram founder Durov claimed that he and his brother Nikolai created Telegram out of fear of surveillance by the Russian government.
In 2011, protests against Putin’s regime continued in Russia and the FSB demanded that Durov’s social network VKontakte block opposition groups. Durov allegedly refused to do so. However, as the American publication Wired reports, citing its own source who worked at VK during those years, the reason for the refusal was not an ideological position.
Shortly after the protests, in the media, a letter allegedly from Durov to Vladislav Surkov, then first deputy head of the Putin administration, appeared in which the businessman allegedly assured that “VK” “actively provided information about thousands of users of the site in the form of IP addresses, mobile phone numbers and other information necessary for their identification.” Durov denied the authenticity of this letter.
Later it became known that the two co-founders of VKontakte sold their business shares to the Russian financial and investment company United Capital Partners.
The online publication Hopes & Fears, citing its own sources, reported that the sale was supervised by the former deputy head of the Russian government and head of Rosneft, Igor Sechin.
Since the development of Telegram was already underway at that time, United Capital Partners tried to gain control of the new messenger as well – Durov was accused of using VK resources to develop the application. Eventually, he was fired from VK in 2014, the same year he sold his stake to Russian businessman Ivan Tavrin and left the country. However, VK was eventually acquired by Russia’s Gazprom through repeated resale of shares.
Durov launched the new Telegram project in 2013. The service’s cloud servers are spread across different jurisdictions around the world.
Initially, Durov stated that he invested his own funds received from the sale of VK in the Telegram company. However, ultimately, in 2017, Durov decided to launch the Gram cryptocurrency project, developed on the TON (Telegram Open Network) platform. About $1.7 billion was invested in the project, and investors included, in particular, Russian oligarchs: Roman Abramovich, Mykhailo Gutseriev and Mykhailo Abyzov. However, the project failed: the US Securities and Exchange Commission (SEC) accused Telegram of illegally distributing unregistered digital tokens, and a New York court only confirmed its findings, equating Gram tokens with unregistered securities.
But in 2021, Durov again attracted investments – more than a billion dollars from the sale of bonds. The main partner then became the investment bank JPMorgan Chase, but the Russian Direct Investment Fund also bought bonds on the secondary market.
Another factor that may worry users is the closed nature of Telegram. The company does not have a representative office that, for example, government agencies can turn to for cooperation.
Although the security of Telegram as a means of communication and information has long been discussed, this topic was actively discussed in Ukraine in the spring of 2023. On March 29, Petcube President and Chairman of the Board Yaroslav Azhniuk published a column in the publication Ukrainian Pravda and The Kyiv Independent entitled “Why doesn’t Ukraine restrict the use of the Russian application Telegram?”
On April 6, Yaroslav Azhniuk published a post on Facebook in which he stated that he had a private conversation about the risks of Telegram with the head of the Main Intelligence Directorate of the Ministry of Defense Kirill Budanov and the Minister of Digital Transformation Mykhailo Fedorov.
According to Azhniuk, Budanov literally said:
“The FSB, and only it, has the keys to Telegram.”
At the same time, Azhnyuk stated that in September 2020, the company’s vice president Ilya Perekopskyi communicated with the governor of the Russian Vologda region Oleg Kuvshinnikov. Kuvshinnikov has been under sanctions from Ukraine, the US, the UK and Canada since 2022 for supporting the Russian invasion of Ukraine.
Azhniuk also drew attention to the security issue:
“Although Telegram claims to have open source mobile apps, they do not mention that no one has ever seen the source code of their backend software. And this is the most interesting thing. In comparison, Signal’s server code is partially open.”
Currently, as part of the investigation team, the entrepreneur is cooperating “with a journalist from a major American media outlet, cybersecurity specialists from another Western country who have previously dealt with similar cases,” as well as several Ukrainian media representatives. Together they are preparing “a thorough investigation, which is expected to be completed in the coming months.” According to Azhniuk, “there are already a lot of interesting things there,” but he is not ready to disclose details at the moment.
“When we finish, we will publish the results not only in the Ukrainian media publish. And I think then even more doubts about the nature of the interaction between Telegram and the FSB will disappear.”
No messenger can guarantee absolute security, since there are ways to attack the system from the outside or from the inside due to vulnerabilities in the implementation of the software code. This is especially true for Russian messengers such as Telegram, Valentin Kucheruk, co-founder of the Cyber Warfare Research Institute, told DOU.
According to him, the API built into Telegram’s application programming interface is a software portal through which not only application developers but also attackers can connect to the platform and extract data from it for their own projects.
“For many years, Durov promoted the platform’s open API as a slogan of openness and transparency. Simply put, it allowed anyone to view Telegram’s source code or create automated bots that could, among other things, send news feeds, process payments or send commands to any website or connected device. But it is the API that makes Telegram a potentially powerful tool for mass surveillance.”
In Belarus, the special services work according to the instructions that describe “tools and methods” for deanonymizing Telegram users. Such instructions include advice on joining “closed” groups to obtain information about users and their activities in the messenger,” Kucheruk comments.
Thanks to modern technologies such as artificial intelligence or the use of certain algorithms, the analysis of a wide variety of data, for example, by keywords, is greatly facilitated, which are used by enemy special services.
The information collected, says Kucheruk, can help the enemy analyze and track public sentiment and reactions to IPSO, and subsequently adjust disinformation accordingly.
At the national level, it is difficult to block the messenger, says the expert, expensive traffic monitoring and control systems are required, since the platform uses cloud resources around the world. Therefore, such a method is hardly suitable for Ukraine.
However, it is possible to block access to the application at the level of individual organizations (for example, at workplaces) or in government structures.
The UAC-0082 (Sandworm) group, associated with the Main Directorate of the General Staff of the Russian Armed Forces, uses Telegram as a command and control infrastructure and for data theft. It is this group that is responsible for the largest NotPetya cyberattack of all time, for cyberattacks during the opening of the 2018 Olympic Games, for attempts to interfere in elections in France, and since 2015 for constant attacks on energy facilities in Ukraine.
Recently, a new version of a spyware for stealing passwords and other data, Zaraza, appeared, which also uses Telegram as a command and control server and for storing stolen bank data. This malware is actively promoted and sold through the messenger.
All Russian pseudo-hacktivist groups managed by the Russian special services use Telegram for their information and cyber operations. There they daily publish lists of targets for cyberattacks, recruit new members, spread fakes and disinformation, publish stolen databases, coordinate cyberattacks on organizations in Ukraine and information systems in partner countries.
The representative of the NSDC also notes that the messenger is actively used by cybercriminals both for fraudulent schemes and for stealing funds. According to him, a phishing domain filtering system developed jointly by specialists from the National Coordination Center for Cybersecurity and the National Bank has been operating in Ukraine for almost three months, protecting tens of thousands of Ukrainians from financial and banking phishing every week.
In addition, the application has access rights to the microphone, camera, location, contact list, access to storage and constantly works with a background connection to the Internet. Serhii Demediuk explains: This allows platform owners to collect a large amount of data about each user, including information about their movements, with whom they communicate and how often, who is nearby, etc.
“That is why soldiers and employees of the security and defense sector are prohibited from using Telegram starting with a large-scale invasion,”
Demediuk clarifies.
Yaroslav Azhniuk recommends using Signal or WhatsApp for messaging, because “they are nd not Russians and were not caught in communication with the FSB, they have end-to-end encryption.” And to get news, the entrepreneur recommends going to Twitter or using news sites.
Valentyn Kucheruk from the Cyber Warfare Research Institute also recommends Signal, which works on an end-to-end basis.
And he also names two more communication methods that he considers relatively safe:
Kryptos Private Messenger is a corporate messenger that does not collect user data and does not store the history of correspondence on the server, and encryption keys are present only on devices.
Matrix is a decentralized messaging platform that works on the basis of end-to-end encryption and ensures the security of user data.
At the same time, Demediuk notes: there are no such applications that would completely protect your correspondence from third parties. Depending on the functionality, the messenger is in one way or another accessible both to its developer and to the law enforcement agencies of the country in which it is registered.
“Do not run the program on a computer, especially where valuable data is stored.
On the phone, disable unnecessary permissions in the settings (for example, if you only need the messenger to read messages, you should disable access to the camera, microphone and geolocation).”
Russians extremely unhappy
Vladislav Davankov, deputy speaker of the State Duma, a chamber of the Russian parliament, called for Mr. Durov’s release. He said the arrest could be an attempt to gain access to information Telegram holds, and that “must not be allowed,” according to Meduza, a Russian news organization.
A certain panic arose among Russian channels after Durov’s arrest. Telegram was considered technically reliable and there are no comparable Russian alternatives.
Telegram is used by Russian military networks; including on the battlefield. It serves as one of the backbones of military communications on the front lines and for information sharing behind the front lines.
Yevgeny Prigozhin, the leader of the Wagner militia, used it as his main communications network to criticize the high command and appeal for public support. For Russians – including soldiers – looking for information beyond the Kremlin’s official televised messages, Telegram has become part of everyday life.
In recent hours, however, instructions have been passed to the Russian General Staff asking them to stop using the application. At the same time, propagandist Margarita Simonyan urged users to delete all their sensitive messages. If Durov’s arrest led to a ban on soldiers using Telegram, how could they continue to exchange messages?