everythingpossible - stock.adobe

Use of encrypted Telegram platform soars in Ukraine, Russia

Encrypted messaging service Telegram is proving a valuable asset to both sides in Russia’s war on Ukraine

Encrypted, cloud-based chat, voice-over-IP (VoIP) and videoconferencing service Telegram is emerging as key source of information for both Ukrainians and a growing anti-war Russian constituency as Vladimir Putin’s invasion of Ukraine enters its eighth day amid allegations of war crimes against humanity.

According to monitoring by Check Point Research, on Thursday 24 February – the day the invasion began – there was a sixfold increase in Telegram groups themed on the war. It said 71% of these groups were pushing newsflashes of unedited information, 23% were to some extent organising direct action against Russian targets by hacktivists, and 4% were soliciting cryptocurrency donations for Ukraine.

“Telegram has become a digital forefront of the conflict, where people are choosing sides online,” said Oded Vanunu, Check Point’s head of products vulnerabilities research. “We’re seeing people from all corners of the world organising themselves and resources to support either Russia or Ukraine.

“Some groups are coordinating cyber attacks to target Russia. Other groups are serving as information and news hubs to report a raw side of the war. And other groups are requesting funds to either support Ukraine or commit fraud.”

Vanunu added: “I strongly recommend people to watch their Telegram activity closely and the types of people you may come in contact with. There’s a side on Telegram looking to take advantage of supporters of either Ukraine or Russia. Right now, we’re sharing what we see on Telegram and our initial observations. We’ll continue to monitor Telegram activity in the weeks ahead.”

Check Point said that some of these groups – particularly those used by hacktivists – already boast more than 250,000 users. Hacktivist groups are populated by lone hackers, IT “fans” and even cyber security professionals, and are being used to coordinate cyber attacks and decide targets, with group members helping each other to carry out attacks, mostly distributed denial of service (DDoS) attacks, and sharing their results.

The smaller number of cryptocurrency donation groups tend to be scams, said Check Point, which warned users to stay well away from these, even though it has found many examples with tens of thousands of users.

‘You are being deceived’

News and information groups, which form the largest number of the groups observed by Check Point, are being used by people in Ukraine and Russia to spread both accurate news and disinformation.

Flashpoint, which has also been tracking Telegram usage in the region, found multiple Telegram channels spreading pro-Russian messaging, one of which had more than 180,000 subscribers. It had added a “z” to its name, which denotes pro-Russian sympathies in context, and included an anti-Ukrainian slur in its pinned message.

Ukrainians, meanwhile, are exploiting Telegram to share pictures and videos of peaceful resistance, Russian troop movements, and potential war crimes. The “Ukraine Witness” channel, which boasted more than 100,000 subscribers as of 1 March, has been highly active in collecting such footage.

Group members are also reaching out to Russian soldiers and their families on the platform to share footage of supposedly captured Russian personnel. One such message read: “Listen to your fellow captured citizens who ask you to end the war. You are being deceived, you are being used.”

Telegram intimately linked to Russian opposition

Telegram was created by Russian brothers Nikolai and Pavel Durov in 2013 after they left their previous project, social network VK, claiming it had been compromised by the Putin regime. They used the money raised from the sale of their stake in VK to develop Telegram, which is registered as a company in the British Virgin Islands and as an LLC in the United Arab Emirates, where it is now largely based.

The platform is based on a proprietary, symmetric encryption scheme called MTProto, which was developed by Nikolai and his development team, and is based on 2560bit symmetric AES encryption, 2048-bit RSA encryption, and the Diffie-Hellman key exchange.

The service rapidly gained popularity on launch and now boasts millions of users around the world, who are attracted to its privacy features. It was extensively used in Belarus in 2020 by opposition activists to organise protests against the rigged elections that kept long-standing president Alexander Lukashenko, himself a puppet of Vladimir Putin, in power.

Nevertheless, because the Durovs have withstood Russian government pressure to keep Telegram free to use, and free of oversight, Telegram has become a viable alternative to social media platforms that regulate or censor content, or succumb to government pressure to deplatform users. In Russia alone, it has a far larger footprint than either Twitter or Facebook, with a 2021 Deloitte study finding that up to 61% of Russians may be regular users.

While its highly secure nature is clearly a motivating factor behind high take-up in Russia and lately Ukraine, it has also been criticised for not doing enough to stop its use by Islamist terror organisations, neo-Nazis and other far-right activists, and child sex abusers.

Be cautious

If you choose to dip your toes into Telegram during the current war, you should, in any case, take standard cyber security precautions.

You should be especially careful not to click on suspicious or random links; be alert to suspicious requests, particularly if they play on your heightened emotional state; think twice before donating money to unknown sources and instead seek out known charities to donate to Ukraine; and verify the sources of the news content you consume.

Read more about cyber warfare in Ukraine

Read more on Web application security