Telegram’s Uncertain Future: Hacktivist Reactions and the Potential Shift to New Platforms

Telegram is more than just a messaging app; it’s often considered an easy access to the dark web. This reputation has kept cybersecurity firms, including SOCRadar, and even governments closely monitoring the platform for some time. The recent arrest of Telegram’s founder and CEO in Paris has further highlighted concerns about the app’s content moderation, leaving the future uncertain. Let’s explore how we arrived at this point.

Arrest of Pavel Durov

Telegram CEO Pavel Durov was arrested by French police at Le Bourget Airport near Paris after his private jet landed last month. Pavel Durov was detained under a warrant related to it’s alleged lack of moderation. Authorities accuse Durov of failing to curb criminal activities on the app, including drug trafficking, child sexual content, and fraud. Telegram has previously denied claims of inadequate moderation.

After spending four days in police custody, Telegram founder and CEO Pavel Durov was formally placed under investigation in France last Thursday for a range of criminal charges. He was released on bail, set at €5 million ($5.6 million), with conditions that he must remain in France and check in with police twice a week.

As stated above, Durov’s arrest at Le Bourget Airport stemmed from charges including the storage and distribution of child sexual abuse material, facilitating drug trafficking, organized fraud, and issues related to Telegram’s cryptographic features. The Paris criminal court, overseeing the investigation, listed these charges as the basis for his detention.

Paris prosecutor Laure Beccuau confirmed the charges, noting that placing Durov under formal investigation signifies a substantial reason to continue the probe, though it doesn’t guarantee a trial.

The investigation began after French authorities, alongside Eurojust partners, raised concerns about Telegram’s lack of cooperation in multiple cases, including child pornography, trafficking, and online hate speech. Initial findings led to the involvement of several French investigation departments and culminated in Durov’s arrest.

News previously reported that Durov’s legal troubles began with a separate investigation into child sex abuse, where Telegram allegedly ignored a request to identify a suspect, sparking a preliminary investigation into the platform’s refusal to cooperate with law enforcement. So, while this recent news highlights the issue, how did it become a focal point for cybercrime and face these accusations in the first place?

Cybercrime Epicenter

On December 6, 2022, Telegram published a blog update that focused on new privacy features, which increased its appeal to cybercriminals. While Telegram had already been identified as a platform for cybercriminal activities in a SOCRadar blog post from 2022, the rise in malicious use has continued to grow since then.

Telegram is a messaging app that allegedly prioritizes security and privacy more than many mainstream alternatives. Users can send a variety of file types, including photos, videos, and documents, with a file size limit of far exceeding the limit on WhatsApp. For example, Qilin ransomware even shared hundreds of GBs of leaks there in parts.

Additionally, Telegram offers a “Secret Chats” feature that provides enhanced privacy by encrypting messages end-to-end, preventing them from being forwarded or stored on it’s servers. Users can also delete messages and files from both devices in a secret chat, adding another layer of security. As of today, such situations almost turned it into a hacker forum.

Reflections on the Cyber World

Now we understand why Telegram, similar to many other social media platforms, can harbor malicious and illegal activities, but it may do so to a greater extent than others. Among these threats there are hundreds of hacktivist groups, ransomware actors using the platform to leak data, and possibly APT groups operating under the guise of hacktivists. Thus, Telegram’s threat landscape is mainly influenced by hacktivists, who often serve as early indicators of emerging cyber threats and actively respond to global events, reflecting these in the cyber domain.

These actors naturally responded reactively to the actions taken against their own “territories.”

The arrest of Telegram’s CEO has largely garnered support from hacktivist groups, particularly those with pro-Russian ties, who have launched attacks under the #FreeDurov campaign. Many hacktivist groups quickly rallied behind Durov.

Hacktivists from around the globe, including some claiming to be French, have reacted strongly. This widespread response has played out on Telegram, where numerous attacks targeting France have been carried out and continue to occur.

However, the key point is that the results of the case and Pavel Durov’s decisions may lead to a complete reversal of the actions of this hacktivist mass and the turning of this hacktivist arena to other platforms.

Future of Telegram

To speculate, if Telegram complies with France’s demands, it might signal a willingness to impose more control globally, contradicting the core philosophy of their product as similarly stated by Yevgeniy Golovchenko, assistant professor with the department of political science at the University of Copenhagen.

Telegram’s reputation stems from being a project that doesn’t cooperate with governments, and that Durov’s departure from Russia and resistance to various bans worldwide have strengthened the brand. So if Durov does not cooperate with French authorities and tighten content moderation, it could reinforce the perception of Telegram as an anti-government platform in the eyes of users. Otherwise, the brand’s value and popularity could decline.

If Telegram faces significant restrictions or disruptions or Durov accepts demands, the hacktivist groups that are supporting Durov might migrate to other platforms that offer privacy and communication tools. Discord, known for its strong community features, could become a popular choice due to its flexibility in hosting groups and channels. Signal, with its strong encryption and privacy focus, might also attract these groups as a secure alternative for coordinating activities. Other platforms like WhatsApp, Threema, or even decentralized networks like Matrix could see increased use, depending on how well they can meet the needs of these hacktivist communities.

In Summary

The recent arrest of Telegram’s CEO, Pavel Durov, has intensified scrutiny on the platform, highlighting ongoing concerns about its content moderation practices. This development has not only sparked significant reactions from hacktivist groups but also raises questions about the future of Telegram as a safe haven for various cyber activities.

Hacktivist groups, especially those with pro-Russian ties, have shown strong support for Durov, using the hashtag #FreeDurov and launching attacks targeting France. This response underscores the platform’s critical role in the hacktivist community and the potential for a shift in these groups’ activities if Telegram’s operational philosophy changes or if legal pressures force it to impose stricter controls.

As Telegram faces potential restrictions or operational changes, the possibility of these groups migrating to alternative platforms such as Discord, Signal, or other secure communication tools looms large. The outcome of the ongoing investigation and Durov’s decisions will be pivotal in shaping the platform’s role in the global cybersecurity landscape. The situation remains fluid, and the actions taken in the coming months will likely have lasting effects on both Telegram’s reputation and its user base.