Telegram’s Uncertain Future: Hacktivist Reactions and the Potential Shift to New Platforms
[Update] September 24, 2024: “Telegram Will Now Provide Some User Data”, “Migration Has Begun”
Telegram is more than just a messaging app; it’s often considered an easy access to the dark web. This reputation has kept cybersecurity firms, including SOCRadar, and even governments closely monitoring the platform for some time. The recent arrest of Telegram’s founder and CEO in Paris has further highlighted concerns about the app’s content moderation, leaving the future uncertain. Let’s explore how we arrived at this point.
Arrest of Pavel Durov
Telegram CEO Pavel Durov was arrested by French police at Le Bourget Airport near Paris after his private jet landed last month. Pavel Durov was detained under a warrant related to it’s alleged lack of moderation. Authorities accuse Durov of failing to curb criminal activities on the app, including drug trafficking, child sexual content, and fraud. Telegram has previously denied claims of inadequate moderation.
After spending four days in police custody, Telegram founder and CEO Pavel Durov was formally placed under investigation in France last Thursday for a range of criminal charges. He was released on bail, set at €5 million ($5.6 million), with conditions that he must remain in France and check in with police twice a week.
As stated above, Durov’s arrest at Le Bourget Airport stemmed from charges including the storage and distribution of child sexual abuse material, facilitating drug trafficking, organized fraud, and issues related to Telegram’s cryptographic features. The Paris criminal court, overseeing the investigation, listed these charges as the basis for his detention.
Paris prosecutor Laure Beccuau confirmed the charges, noting that placing Durov under formal investigation signifies a substantial reason to continue the probe, though it doesn’t guarantee a trial.
The investigation began after French authorities, alongside Eurojust partners, raised concerns about Telegram’s lack of cooperation in multiple cases, including child pornography, trafficking, and online hate speech. Initial findings led to the involvement of several French investigation departments and culminated in Durov’s arrest.
News previously reported that Durov’s legal troubles began with a separate investigation into child sex abuse, where Telegram allegedly ignored a request to identify a suspect, sparking a preliminary investigation into the platform’s refusal to cooperate with law enforcement. So, while this recent news highlights the issue, how did it become a focal point for cybercrime and face these accusations in the first place?
Cybercrime Epicenter
On December 6, 2022, Telegram published a blog update that focused on new privacy features, which increased its appeal to cybercriminals. While Telegram had already been identified as a platform for cybercriminal activities in a SOCRadar blog post from 2022, the rise in malicious use has continued to grow since then.
Telegram is a messaging app that allegedly prioritizes security and privacy more than many mainstream alternatives. Users can send a variety of file types, including photos, videos, and documents, with a file size limit of far exceeding the limit on WhatsApp. For example, Qilin ransomware even shared hundreds of GBs of leaks there in parts.
Additionally, Telegram offers a “Secret Chats” feature that provides enhanced privacy by encrypting messages end-to-end, preventing them from being forwarded or stored on it’s servers. Users can also delete messages and files from both devices in a secret chat, adding another layer of security. As of today, such situations almost turned it into a hacker forum.
Reflections on the Cyber World
Now we understand why Telegram, similar to many other social media platforms, can harbor malicious and illegal activities, but it may do so to a greater extent than others. Among these threats there are hundreds of hacktivist groups, ransomware actors using the platform to leak data, and possibly APT groups operating under the guise of hacktivists. Thus, Telegram’s threat landscape is mainly influenced by hacktivists, who often serve as early indicators of emerging cyber threats and actively respond to global events, reflecting these in the cyber domain.
These actors naturally responded reactively to the actions taken against their own “territories.”
The arrest of Telegram’s CEO has largely garnered support from hacktivist groups, particularly those with pro-Russian ties, who have launched attacks under the #FreeDurov campaign. Many hacktivist groups quickly rallied behind Durov.
Hacktivists from around the globe, including some claiming to be French, have reacted strongly. This widespread response has played out on Telegram, where numerous attacks targeting France have been carried out and continue to occur.
However, the key point is that the results of the case and Pavel Durov’s decisions may lead to a complete reversal of the actions of this hacktivist mass and the turning of this hacktivist arena to other platforms.
Future of Telegram
To speculate, if Telegram complies with France’s demands, it might signal a willingness to impose more control globally, contradicting the core philosophy of their product as similarly stated by Yevgeniy Golovchenko, assistant professor with the department of political science at the University of Copenhagen.
Telegram’s reputation stems from being a project that doesn’t cooperate with governments, and that Durov’s departure from Russia and resistance to various bans worldwide have strengthened the brand. So if Durov does not cooperate with French authorities and tighten content moderation, it could reinforce the perception of Telegram as an anti-government platform in the eyes of users. Otherwise, the brand’s value and popularity could decline.
If Telegram faces significant restrictions or disruptions or Durov accepts demands, the hacktivist groups that are supporting Durov might migrate to other platforms that offer privacy and communication tools. Discord, known for its strong community features, could become a popular choice due to its flexibility in hosting groups and channels. Signal, with its strong encryption and privacy focus, might also attract these groups as a secure alternative for coordinating activities. Other platforms like WhatsApp, Threema, or even decentralized networks like Matrix could see increased use, depending on how well they can meet the needs of these hacktivist communities.
In Summary
The recent arrest of Telegram’s CEO, Pavel Durov, has intensified scrutiny on the platform, highlighting ongoing concerns about its content moderation practices. This development has not only sparked significant reactions from hacktivist groups but also raises questions about the future of Telegram as a safe haven for various cyber activities.
Hacktivist groups, especially those with pro-Russian ties, have shown strong support for Durov, using the hashtag #FreeDurov and launching attacks targeting France. This response underscores the platform’s critical role in the hacktivist community and the potential for a shift in these groups’ activities if Telegram’s operational philosophy changes or if legal pressures force it to impose stricter controls.
As Telegram faces potential restrictions or operational changes, the possibility of these groups migrating to alternative platforms such as Discord, Signal, or other secure communication tools looms large. The outcome of the ongoing investigation and Durov’s decisions will be pivotal in shaping the platform’s role in the global cybersecurity landscape. The situation remains fluid, and the actions taken in the coming months will likely have lasting effects on both Telegram’s reputation and its user base.
Telegram Will Now Provide Some User Data
Concerns surrounding Telegram’s privacy and data security continue to deepen, and recent reports have only heightened the unease. According to the BBC, The messaging app Telegram has announced it will now share users’ IP addresses and phone numbers with authorities who provide valid search warrants or legal requests. CEO Pavel Durov explained in a post on Monday that this change in the platform’s terms of service and privacy policy is aimed at deterring criminal activity.
“While 99.999% of Telegram users are not involved in illegal activities, the 0.001% who tarnish the platform’s reputation and jeopardize the interests of our nearly one billion users,” Durov said.
Telegram has yet to provide clarity on how it will handle legal requests from authoritarian regimes, raising uncertainty about its future approach. Although the platform has removed some groups in the past, cybersecurity experts argue that its moderation of extremist and illegal content is significantly weaker than that of other social media platforms.
Prior to this policy change, Telegram only shared information on terror suspects. Durov has since announced that the app now employs artificial intelligence and a dedicated moderation team to conceal problematic content from search results.
Migration Has Begun
Back to cyberspace, as this news develops, many users and groups are already making moves to alternative platforms. A notable example is the hacktivist group CyberVolk, which recently announced that they would be shifting their community interactions away from Telegram. In a public message posted on their Telegram channel, CyberVolk emphasized that the platform is no longer safe and could potentially compromise private data. They urged their followers to join them on other platforms where they believe communication would be more secure.
Their message reads:
“Due to increasing concerns over data privacy and security on Telegram, we are shifting our community interactions to Twitter X, Session, and Discord. Telegram is no longer safe as it may compromise your private data.”
For CyberVolk and other privacy-conscious users, platforms like Session, which offers decentralized and anonymous messaging, and Discord, with its community-focused approach, present safer alternatives. Meanwhile, Twitter X has also become a popular platform for sharing updates and coordinating actions among hacktivist and activist groups.
This shift highlights the growing distrust toward Telegram, particularly within communities that prioritize data privacy and security. As more users and groups like CyberVolk move to other platforms, it raises the pressing question once more about Telegram’s future—can it regain the trust of its user base, or will it continue to lose ground to platforms that offer more robust privacy guarantees?