Skip Navigation
Technology @beehaw.org
rysiek @szmer.info

Telegram is indistinguishable from an FSB honeypot

rys.io

Telegram is indistinguishable from an FSB honeypot

Investigation by investigative journalism outlet IStories (EN version by OCCRP) shows that Telegram uses a single, FSB-linked company as their infrastructure provider globally.

Telegram's MTProto protocol also requires a cleartext identifier to be prepended to all client-server messages.

Combined, these two choices by Telegram make it into a surveillance tool.

I am quoted in the IStories story. I also did packet captures, and I dive into the nitty-gritty technical details on my blog.

Packet captures and MTProto deobfuscation library I wrote linked therein so that others can retrace my steps and check my work.

64 comments

  • This seems a bit convoluted as an explanation if I’ve understood it correctly. If Telegram as using a compromised hosting provider then you could have the strongest crypto in the world to prevent a man-in-the-middle from seeing the unique identifier for each device and it wouldn’t matter since they already who which user is which IP from the servers they control. They don’t stand to gain anything by exposing the unique string to MiTM attacks when they already control Telegram’s servers unless their goal is also to allow other countries to see which user has which IP too. It just seems like an incompetent implementation.

    • they already who which user is which IP from the servers they control
      (...)
      when they already control Telegram’s servers

      Who is "they" here?

      If you meant "the compromised provider" here, then no, we cannot assume they know which IP address is used by which user. Full disk encryption exists, you can rent a (physical, dedicated, as is the case here) server from a provider and set it up in such a way that you can be reasonably sure that the provider does not have access to the data on the server.

      So in that case the provider would only see the traffic without the ability to connect easily IP addresses with actual devices or users. That is not enough to reliably track anyone long-term, as IP addresses change in ways that often make it difficult to figure out if some traffic comes from the same user/device or not – especially when you travel. But add an identifier visible directly on the wire, like the auth_key_id, and you can pretty easily say "yes, this new IP address is now used by the same device".

      If you mean "Telegram", and assume Telegram cooperates fully with the FSB, to the point of providing unfettered access to data on Telegram's servers, then sure. But I cannot prove that, and neither could the IStories team. Can you? You can of course make any assumption you want to (and I am not saying your assumption here is necessarily wrong – only that I cannot prove it), but when I publish I can only work on things that I or somebody else can prove.

      And in this story, I can prove that Telegram's protocol has a very weird, unexpected "feature" that combined with IP address allows anyone with sufficient access to track Telegram users. I can show that this feature is not necessary in such a protocol – other protocols used by other similar tools do not have that issue. And IStories team seem to be able to prove that all Telegram traffic flows through a single infrastructure provider that has ties to the Russian FSB.

      That's all we got currently, but that's already plenty. Because both of these are decisions made by Telegram, and they strongly reinforce one another.

      It just seems like an incompetent implementation.

      If that was the only weird technological decision by Telegram with strong consequences for privacy of its users, I could agree.

      But as I discuss at length in that blogpost, Telegram has a long, long history of such "incompetence"; they also tend to react badly to anyone pointing this kind of thing out. The auth_key_id issue has been pointed out years ago and not only is it not fixed, there is no indication that Telegram even considers fixing it.

      Can you imagine the veritable shitstorm if Signal pulled something like that?

      As I wrote in my blogpost, in the end it does not matter if this is incompetence or malice – the end result is exactly the same.

  • Also, AMA I guess.

  • I hate how 50% of 'news' is literally like "1 equals 1" to me. It's fucking obvious.

    • Well, it was obvious to you. I'm a casual user, who tries to "do his best" and consider himself "somewhat informed" - obviously not by your standard. It was all news to me, and I find tremendous value in this article.

      • Thank you, that means a lot. For people working in information security it really feels sometimes that a). a lot of stuff is obvious, b). people just don't listen and don't care.

        Your comment shows how incorrect this is. That really helps keep motivated.

    • I know, right? That's why investigative journalism is such a thankless, frustrating job. You need to prove beyond any doubt things that are often pretty obviously true.

      Roman Anin and the rest of the IStories team did an absolutely amazing job. Found court documents going years back. Dug up signed statements and contracts. They did something nobody in the infosec community seemed to have done: actually looked at the IP addresses used by Telegram and followed that lead to its logical conclusion. And then published all of the receipts!

      And still people will say this is "unsubstantiated" or find other ways to wave this off.

      And yet this does move the needle. There is now proof of things we kinda sorta knew was probably true for years. It doesn't sound like much perhaps, but it's really important.

  • I hate it when I don't know an acronym, but this one is particularly hurtful to my brain since everyone is saying "yeah, that link to the FSB was obvious glad someone demonstrated it." So... I will just assume FSB=KGB and be done.

    Anyway, most of our privacy "war fronts" are honeypots in one way or another. Take for example Tor network (high number of exit nodes are controlled). Except those apps or protocols that are truly decentralized (e.g. OMEMO in XMPP), these are good. But then again, they lag behind to our standards of "normal" Internet that connects us to the world, outside of our tiny circles of nerds.

    Now, the thing with honeypots, is that they are there to catch some specific type of fly. If you were to use their network to take advantage of the features for anything that the "predator" behind doesn't care, you're fine. So, I will keep using Telegram for the memes and piracy channels...

    From an OPSec perspective this is important news nonetheless and I will keep it in mind.

    • I hate it when I don’t know an acronym, but this one is particularly hurtful to my brain since everyone is saying “yeah, that link to the FSB was obvious glad someone demonstrated it.” So… I will just assume FSB=KGB and be done.

      Russian FSB is the successor of the Soviet KGB, so yeah, that works.

      Take for example Tor network (high number of exit nodes are controlled)

      I substantiated my claims about Telegram by a pretty deep technical analysis. Mind at least providing a link for your pretty strong claim about Tor?

      Except those apps or protocols that are truly decentralized (e.g. OMEMO in XMPP), these are good.

      Nope. Decentralization is important from power dynamics standpoint, but can actually be detrimental to information security due to (among others) metadata and complexity.

      • Mind at least providing a link for your pretty strong claim about Tor?

        I don't have one. Thanks for asking, you made me actually reconsider the truthfulness of my own statement... I was just parroting back what I heard many times, years ago, among the people that attended a hacklab from the city I was living in back then.

        Same goes with the 'tip' that said that Tor was initially funded by the US Military (which apparently is true, but then the project turn out to be independent.) These two "facts" were presented, and parroted back and forth in that space a lot.

        It would be great to have real analysis knowing which data centers or actors have the biggest control of exit nodes. If there's really a way to de-anonimyze any traffic from there.

        PS. Since we are on the topic, another concern regarding Tor network is the possibility of correlation attacks. It always strikes me how ISP stops providing connection at 'random' if you were a frequent user. Pretty sure there's legal forces behind it... but that's my paranoia. Now those minutes or hours offline sprinkled here and there to my router were a fact. Anyway, the dark web is really full of a lot sick places. I'd rather just stay away from it entirely and use a VPN for my privacy when searching media and stuff. That's a lesson I learned.

    • If you were to use their network to take advantage of the features for anything that the “predator” behind doesn’t care, you’re fine.

      But what will the predator care about tomorrow? Or next year? And how confident are you that aggregate data is not what they want, for whatever reason?

  • How does this fit into these two pieces of news?

    • I guess the xAI thing might just be a money grab for Telegram and Durov.

      The Russian MPs thing might be a red herring, there's been plenty of stuff recently aimed at distracting from this Telegram story – including a brand new interview by Tucker Carlson with Durov.

      Telegram and Durov knew for weeks this is coming, as the investigative journalists had tor each out for comment. So they had time to prepare their little games.

      • Hm, makes sense, but I feel like we're still missing something.

        I saw comments about Durov, similar to this investigation, maybe around a month ago.

        With the xAI partnership news, I looked into it and found this nice thing:

        In Telegram, you can clear them one by one, or date ranges, or use disappearing messages, but this tool still found some I had missed.

        (Disclaimer: I got pulled into Telegram by some friends leaving WhatsApp with the policy changes of 2021, my threat model is less one of FSB, and more one of indiscriminate AI siphoning for ad targeting)

      • So what's your explanation if Russia follows through on this messenger development? It's not unrealistic at all. Do you dislike this point because it doesn't play into your characterization of Durov? He's been very clear that his platform is for idiots and he will comply with any government's law enforcement. Is the scandal just that it isn't exclusive to the USA? The west's telecom monopolies as they extend into law and covert action can't last forever. Other countries are rapidly developing now, and as neoliberalism continues dying it will accelerate. Telegram seems more like a product of this weird interegnum period.

  • Thank you for your technical work, and for patiently explaining things to people in the comments. This is a really incredible thread to encounter on the Fediverse.

    Telegram is used by anti-Putin resistance groups like BOAK and Resistance Committee. They advertise channels that are relatively easy for anyone to join without needing privileged access. As long as they're not using Russian-purchased sims to manage and post to the channels, how does this change their security model going forward?

    • As long as they’re not using Russian-purchased sims to manage and post to the channels, how does this change their security model going forward?

      If IStories' reporting on GNM's connection to FSB and GNM's access to Telegram's traffic is correct – and I have no reason to believe otherwise, this has gone through two rounds of fact-checking and these are people who had been sued for "defamation" in the most journalist-hostile, oligarch-friendly jurisdiction in the world (UK) and have repeatedly won – then this means the threat model now includes the FSB potentially being able to:

      • figure out where a user is in the world just by observing their Telegram network traffic, live or close to live;
      • with some additional analysis, based on timing and packet sizes correlation, probably figure out who that user is communicating via Telegram.

      Both of these globally, regardless of what SIM card was used to register any of accounts involved, and without having to ask Telegram for any data.

      I don't know if FSB is actually using this capability, and to what extent, and against whom. But based on IStories' reporting and on my own packet captures analysis it is entirely possible for them to do so if they choose to.

      • For those organizations like BOAK and Resistance Committee, Telegram functions as a home page for making public announcements. It is superior to having a website because it can't be DDOS'd, has fewer attack surfaces that the organization has to be responsible to keep secure, doesn't have ICANN WHOIS reporting, or need someone's credit card on file. It's also free and benefits from the network effect of Telegram's existing popularity.

        Do you think that Telegram can continue to be used for this purpose while taking additional security precautions? Or do you think the risk is too great, and no amount of precautions can justify using the service?

  • So, basically, this cool guy Durov sold an idea of a confidential messenger hosted by a russian FBI. Add there that you can't lawfully buy a SIM wihtout a local passport, so everyone using it as a lawful citizens have everything they've posted right to their registered entity. And that you can link persons even without obvious address book sniffing.

  • Thank you for your work. It's sad we live in a world where honeypots and surveillance are a thing.

64 comments