Share this article on:
Now that Pavel Durov has announced Telegram will hand over IPs to law enforcement, are the rats leaving a sinking messaging platform?
Telegram founder and obnoxiously rich person Pavel Durov announced a major change to the messaging platform last week – upon request, the platform will now share the IP address of its users with law enforcement agencies around the world.
Durov was arrested last month in France over allegations of a lack of moderation on the platform encouraging criminal activity – and honestly, there is a lot of criminal activity on Telegram, from hacktivists and cyber criminals to drug traffickers and other organised crime elements.
So now that their safe space isn’t so safe anymore … How will that criminal element, particularly hackers and their ilk, respond?
Well, some are planning to leave the platform entirely.
“Due to increasing concerns over data privacy and security on Telegram, we are shifting our community interactions to Twitter X, Session, and Discord,” said Indian hacktivist group and ransomware operator CyberVolk on its Telegram channel on 24 September.
“Telegram is no longer safe as it may compromise your private data.”
The group appears to have deleted its channel a couple of days after making that post.
Prolific DDoSers and Russian hacktivist group Killnet shared its opinion on the move to share IPs as well as on Telegram’s move to provide AI-based content moderation in Telegram’s search function.
“On one hand, you might think it’s cool. But we are getting closer and closer to the ideology of Instagram\WhatsApp\Facebook... The ideology of which does not rely on anonymity at all, a focus that Pasha [Durov’s nickname in his hometown of St Petersberg] has emphasised since the launch of Telegram,” Killnet said in a 25 September post on Telegram.
“Anonymity for whom, I would like to ask. For journalists, whose numbers are already not difficult to find? For military channels that are of no use to anyone anyway? For exchanging nude photos that can already be sent in other messengers?”
The Killnet spokesperson noted that “Everyone understood what audience Telegram attracted with its slogans of anonymity” – namely hackers and other criminals – before offering advice on how to continue using the platform safely and other tips on how to avoid the scrutiny of law enforcement.
According to data intelligence firm Flashpoint, cyber criminals across the platform are coming to similar conclusions.
“Threat actors flock to Telegram to communicate and coordinate all manner of illicit activities, so the announcement that it will now provide some user data to authorities has rocked the world of cyber crime. Criminal and extremist groups fear they may lose their safe haven, thus Flashpoint is already observing active chatter about the need to find alternative platforms,” Tom Hofmann, Flashpoint’s chief intelligence officer said.
“If Telegram openly cooperates with law enforcement, we expect threat actors to splinter. Expect short-term migration to other social platforms such as Discord, Signal and Matrix, although most will likely circle back to Telegram for centralised messaging purposes.”
Which seems to be pretty much what ransomware-as-a-service operator Stormous is doing. In recent days the group had to create a new Telegram channel, citing “the shutdown of our previous channel by certain entities”.
“However, this is not a problem and will not affect any of our operations. We will now focus entirely on our sites on the Tor network,” Stormous said in a 26 September post, when its new channel was created.
“Telegram will merely serve as a gateway for certain individuals to learn about our latest victims or access our RaaS services.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.