Kenya Insights

Tag: Telegram

  • The Hidden Hand: How Telegram’s Infrastructure Links to Russian Intelligence

    The Hidden Hand: How Telegram’s Infrastructure Links to Russian Intelligence

    Damning Investigation Reveals Critical Security Vulnerabilities in World’s Most Popular “Secure” Messenger

    An OCCRP investigation exposes how the man controlling Telegram’s network infrastructure has deep ties to Russia’s FSB intelligence service

    For over a billion users worldwide, Telegram represents the gold standard of secure messaging. Pavel Durov, the app’s enigmatic founder, has cultivated an image as a digital freedom fighter who fled Russia to protect user privacy, famously declaring that Telegram has “never disclosed a single byte of private messages” in its 12-year history.

    But a bombshell investigation by the Organized Crime and Corruption Reporting Project (OCCRP) has shattered this carefully constructed narrative, revealing a web of connections between Telegram’s critical infrastructure and Russian intelligence services that threatens the privacy of users globally.

    The Man Behind the Network

    At the center of this revelation is Vladimir Vedeneev, a 45-year-old Russian network engineer with an outsized—and previously hidden—role in Telegram’s operations.

    Court documents obtained by OCCRP reveal that Vedeneev’s company, Global Network Management (GNM), controls over 10,000 IP addresses for Telegram and maintains exclusive access to the messenger’s servers.

    Credit: Screenshot of nag.ru websiteVladimir Vedeneev (left) and Roman Venediktov (right) featured on telecommunications supplier website Nag.ru.

    What makes this relationship particularly troubling is not just its scope, but its secrecy. According to the investigation, Vedeneev was empowered to sign contracts as Telegram’s Chief Financial Officer—despite having no publicly known connection to the company.

    A contract found in Florida court records shows Vedeneev signing documents in dual roles: once as GNM’s director and again as Telegram’s CFO.

    Credit: Screenshot of court document obtained by Important StoriesA contract signed by Vedeneev in two roles: As CFO of Telegram and as CEO of General Network Management.

    “Neither Elies Campo, a former partnership development manager with Telegram who spoke with reporters, nor others familiar with Telegram’s corporate structure, have ever heard of Vedeneev,” the OCCRP report notes—a striking revelation given Telegram’s already secretive corporate culture.

    The Russian Connection

    While there’s no evidence that Vedeneev’s current company has directly cooperated with Russian authorities, the investigation reveals deeply concerning connections through his other business ventures.

    Vedeneev is the founder of GlobalNet, a major Russian telecommunications operator that controls 18,000 kilometers of backbone infrastructure spanning from Siberia to Western Europe.

    Among GlobalNet’s clients are some of Russia’s most sensitive organizations:

    • The FSB intelligence agency – Russia’s primary domestic security service
    • GlavNIVTS – A secretive “research computing center” that helped plan the invasion of Ukraine and developed tools to deanonymize internet users
    • The Kurchatov Institute – A flagship state-owned nuclear research laboratory sanctioned by the United States

    Perhaps most alarmingly, internal accounting documents from 2024 show that another Vedeneev company, Electrotelecom, lists the FSB as one of its most important government clients, installing and managing surveillance equipment for FSB offices in St. Petersburg and the Leningrad region.

    Credit: Alexander Kazakov/Kremlin Pool/Russian Government / Alamy Stock PhotoRussian President Vladimir Putin speaks at the annual meeting of the FSB Board, with FSB Director Alexander Bortnikov, on February 27, 2025, in Moscow.

    The Technical Vulnerability

    The implications of these connections become clearer when examining how Telegram’s encryption actually works. Unlike popular belief, security experts warn that even Telegram’s end-to-end encrypted chats leave users vulnerable to tracking by anyone who can monitor network traffic.

    Michał “Rysiek” Woźniak, a security specialist who formerly worked for OCCRP, explains the critical weakness: Telegram’s MTProto protocol attaches an unencrypted element called “auth_key_id” to each message. This identifier makes it possible to track specific user devices, even when message content remains encrypted.

    “If I know your device’s ‘auth_key_id,’ and I can listen in on the network that handles the data… I know it is your specific device communicating with Telegram servers,” Woźniak explains. “By looking at the network packets… I also get your IP address at a given time, which tells me your rough geographic location.”

    This means that whoever controls Telegram’s network infrastructure—in this case, companies with proven ties to Russian intelligence—may be able to conduct what experts call “metadata surveillance,” tracking user locations, communication patterns, and device identifiers even without reading message content.

    A Pattern of Deception

    The investigation also exposes significant inconsistencies in Durov’s public statements. While he has repeatedly claimed never to have visited Russia since leaving in 2014, leaked FSB data revealed that Durov had traveled to Russia more than 50 times between 2015 and 2021.

    This pattern of deception extends to Telegram’s infrastructure claims. Despite Durov’s assertions that Telegram has no infrastructure in Russia, the OCCRP investigation reveals that until 2020, the IP addresses now managed by Vedeneev’s Antigua-based company were previously controlled by his Russian firm GlobalNet.

    The Geopolitical Context

    These revelations come at a particularly sensitive time. Durov was arrested in France in August 2024 on charges related to illegal content circulation on Telegram, highlighting growing Western concerns about the platform’s role in facilitating criminal activity.

    Meanwhile, Telegram’s relationship with Russian authorities remains murky—the app was banned in Russia in 2018 for refusing to hand over encryption keys, but the ban was lifted in 2020 after Telegram agreed to “help with extremism investigations”.

    Ukrainian intelligence officials have been particularly vocal about these concerns. Ukrainian officials confirmed in 2023 that “The FSB, and only them, have the keys to Telegram”, warning that the service is being used for espionage purposes.

    The Human Cost

    For millions of users who rely on Telegram for sensitive communications—from journalists and activists to ordinary citizens in authoritarian regimes—these findings represent a fundamental betrayal of trust.

    John Scott-Railton, a Senior Researcher at The Citizen Lab, warns of the real-world implications: “When people don’t know what is actually going on, but assume they have metadata privacy, they can unknowingly make risky choices, bringing danger to themselves and the people they’re communicating with. This is doubly true if the Russian government sees them as a threat.”

    A Ukrainian IT specialist, speaking anonymously to reporters, described how Russian forces have used “man-in-the-middle” surveillance after capturing network infrastructure: “In such an attack, the hackers aren’t even interested so much in the user’s correspondence. They get metadata to analyze. And that means IP addresses, user locations, who exchanges data packets with whom… really, all possible information.”

    The Broader Implications

    This investigation raises fundamental questions about the security of communications infrastructure in an increasingly connected world. While Telegram markets itself as a secure alternative to services like WhatsApp, the reality appears far more complex.

    The revelation that critical infrastructure for a billion-user messaging service is controlled by individuals with demonstrated ties to intelligence services represents a new category of cybersecurity threat—one that operates not through hacking or data breaches, but through the very architecture of digital communications.

    Woźniak, the security expert, summarized the gravity of the situation: “If someone has access to Telegram traffic and cooperates with Russian intelligence services, this means that the device identifier becomes a really big problem—a tool for global surveillance of messenger users, regardless of where they are and what server they connect to.”

    Unanswered Questions

    As this investigation continues to reverberate through the cybersecurity community, several critical questions remain unanswered:

    • How long have Russian intelligence services potentially had access to Telegram’s metadata?
    • What other messaging services might be vulnerable to similar infrastructure-based surveillance?
    • Why did Telegram grant such extensive access to individuals with clear intelligence service connections?
    • What safeguards, if any, exist to prevent the abuse of this access?

    Neither Durov nor Vedeneev responded to requests for comment from OCCRP investigators, leaving users to grapple with the implications of potentially compromised communications.

    The Path Forward

    For users concerned about the security of their communications, this investigation serves as a stark reminder that true digital privacy requires more than marketing promises and encryption protocols. It demands transparency about infrastructure, ownership, and the potential for surveillance at every level of the communications stack.

    As governments worldwide grapple with the balance between security and privacy in digital communications, the Telegram case demonstrates that the greatest threats to user privacy may not come from authoritarian overreach or criminal hackers, but from the very companies and individuals we trust to protect our digital lives.

    The billion users who rely on Telegram for secure communications deserve answers—and the right to make informed decisions about their digital security based on facts, not fiction.

    This investigation was conducted by OCCRP’s Russian partner, Important Stories, with additional reporting by Roman Anin and Nikita Kondratyev. Technical analysis was provided by security specialist Michał “Rysiek” Woźniak.

  • ‪Telegram Will Now Share IP Addresses And Phone Numbers To Authorities‬

    ‪Telegram Will Now Share IP Addresses And Phone Numbers To Authorities‬

    The messaging app Telegram has said it will hand over users’ IP addresses and phone numbers to authorities who have search warrants or other valid legal requests.

    The change to its terms of service and privacy policy “should discourage criminals”, CEO Pavel Durov said in a Telegram post on Monday.

    “While 99.999% of Telegram users have nothing to do with crime, the 0.001% involved in illicit activities create a bad image for the entire platform, putting the interests of our almost billion users at risk,” he continued.

    The announcement marks a significant reversal for Mr Durov, the platform’s Russian-born co-founder who was detained by French authorities last month at an airport just north of Paris.

    Days later, prosecutors there charged him with enabling criminal activity on the platform. Allegations against him include complicity in spreading child abuse images and trafficking of drugs. He was also charged with failing to comply with law enforcement.

    Mr Durov, who has denied the charges, lashed out at authorities shortly after his arrest, saying that holding him responsible for crimes committed by third parties on the platform was both “surprising” and “misguided.”

    Critics say Telegram has become a hotbed of misinformation, child pornography, and terror-related content partly because of a feature that allows groups to have up to 200,000 members.

    Meta-owned WhatsApp, by contrast, limits the size of groups to 1,000.

    Telegram was scrutinized last month for hosting far-right channels that contributed to violence in English cities.

    Earlier this week, Ukraine banned the app on state-issued devices in a bid to minimise threats posed by Russia.

    The arrest of the 39-year old chief executive has sparked debate about the future of free-speech protections on the internet.

    After Mr Durov’s detention, many people began to question whether Telegram was actually a safe place for political dissidents, according to John Scott-Railton, senior researcher at the University of Toronto’s Citizen Lab.

    He says this latest policy change is already being greeted with even more alarm in many communities.

    “Telegram’s marketing as a platform that would resist government demands attracted people that wanted to feel safe sharing their political views in places like Russia, Belarus, and the Middle East,” Mr Scott-Railton said.

    “Many are now scrutinizing Telegram’s announcement with a basic question in mind: does this mean the platform will start cooperating with authorities in repressive regimes?”

    Telegram has not given much clarity on how the company will handle the demands from leaders of such regimes in the future, he added.

    Cybersecurity experts say that while Telegram has removed some groups in the past, it has a far weaker system of moderating extremist and illegal content than competing social media companies and messenger apps.

    Before the recent policy expansion, Telegram would only supply information on terror suspects, according to 404 Media.

    On Monday Mr Durov said the app was now using “a dedicated team of moderators” who were leveraging artificial intelligence to conceal problematic content in search results.

    But making that type of material harder to find likely won’t be enough to fulfill requirements under French or European law, according to Daphne Keller at Stanford University’s Center for Internet and Society.

    “Anything that Telegram employees look at and can recognize with reasonable certainty is illegal, they should be removing entirely,” Ms Keller said.

    In some countries, they also need to notify authorities about particular kinds of seriously illegal content such as child sexual abuse material, she added.

    Ms Keller questioned whether the company’s changes would be enough to satisfy authorities seeking information about targets of investigations, including who they are communicating with and the content of those messages.

    “It sounds like a commitment that is likely less than what law enforcement wants,” Ms Keller said.

    By BBC