Telegram's infrastructure is controlled by individuals who operate secret complexes of Russian intelligence services used to monitor citizens, according to an investigation by Important Stories, a Russian partner of the Organized Crime and Corruption Reporting Project (OCCRP).
First of all, the investigation refutes the claims of Telegram founder Pavel Durov that he was expelled from Russia and did not return there. In fact, he came to Russia more than 50 times between 2015 and 2021. Moreover, Durov, after the ban of the TON cryptocurrency in the United States, received funding from Russian state banks and oligarchs, in particular VTB and Alfa Capital.
As for Telegram's security and connection with the FSB, the problem here lies in the encryption of messages, or even in its absence. First of all, secret chats, where there is an option to use end-to-end encryption, are used by only 2% of users, while regular chats are stored on servers in decrypted form.
Moreover, even when using secret chats, the device identifier (auth_key_id), as well as all other information necessary for tracking users, including the IP address and time of sending the message, is transmitted in the open and can be easily accessed by the company through which the messenger traffic passes. You can read more about auth_key_id and other features of the Telegram protocol on the blog of Michal Wozniak, a digital security expert with 20 years of experience.
According to further investigation, Telegram users' messages end up on the servers of Global Network Management (GNM), a company formally registered in the Caribbean islands of Antigua and Barbuda, but in fact Russian. This company transferred more than 10,000 IP addresses to Durov's messenger.
Despite being registered in the Caribbean, documents from a Florida lawsuit between GNM and a contractor show that the company is owned by Togliatti native Vladimir Vedeneev, and half of the employees are in Russia. Vedeneev himself said during the lawsuit that he was the only one with access to Telegram’s Miami servers, suggesting that users around the world could be at risk.
However, the most interesting details emerge later, as Vedeneev was the former owner of Globalnet, which he had previously transferred to his family. This is a Russian telecommunications operator that provided Telegram with direct access to Russian infrastructure and has client connections with the FSB and the GlavNIVTs analytical center, which deals with mass surveillance.
Globalnet, in particular, was the first to implement a system for monitoring user traffic using Deep Packet Inspection at the request of Roskomnadzor. Almost simultaneously, the Russian Federation announced that it was able to reach an agreement with Durov because Telegram had installed equipment that would allow it to "monitor all dangerous entities."
Moreover, another of Vedeneev's companies is "Electrontelecom", which served secret FSB facilities in St. Petersburg and ensured the transmission of "special information". This company also provided Telegram with about 5 thousand IP addresses.
In general, this means that Telegram's infrastructure is maintained by companies that have direct ties to the Russian government and the FSB, which makes it even easier to monitor the service's users. As the aforementioned Michal Wozniak notes, device identifiers become a huge problem if there are individuals who have access to Telegram traffic and cooperate with Russian special services and endanger the security of users around the world.
"I'm shocked, but not surprised. If someone has access to Telegram traffic and is cooperating with Russian intelligence, it means that the device identifier becomes a really big problem - a tool for global surveillance of messenger users regardless of where they are or which server they are connected to," says Wozniak.