The technical infrastructure behind Telegram is controlled by Russians who run companies that cooperate with Russian intelligence services.
The messaging app
Telegram, the FSB, and the Man in the Middle | OCCRP
https://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle
Telegram, the FSB, and the Man in the Middle
https://istories.media/en/stories/2025/06/10/telegram-fsb/
Telegram is a messaging app launched by Pavel Durov in 2013, and is a popular app with over 1 billion monthly active users.
In 2024, Durov himself spoke in detail about why he decided to create Telegram and what kind of person he is in an interview. The information is summarized in the following article.
Pavel Durov, founder of Telegram, which has over 900 million users, gives his first interview in front of the camera in 10 years and talks about the twists and turns leading up to the birth of Telegram - GIGAZINE
The reasons for Telegram's success include its 'reputation for security' and 'its stance of defending freedom of speech by resisting multiple government agencies.' Durov has often touted the high level of security and privacy, and in April 2025, he said, 'Unlike some of our competitors, Telegram will not sacrifice privacy in exchange for market share,' and 'In its 12-year history, Telegram has never published a single byte of private messages .'
However, a study by the Organized Crime and Corruption Reporting Project (OCCRP), a network of investigative journalists specializing in organized crime and corruption , in collaboration with its Russian partner organization Important Stories , revealed significant vulnerabilities in Telegram.
Billions of messages are exchanged on Telegram, but it was unclear who controlled the technical infrastructure that makes this possible. To investigate how Telegram messages are transmitted, OCCRP used Telegram to exchange messages and recorded the traffic using the network traffic analyzer ' Wireshark '. As a result, it was revealed that the IP addresses are managed by a company called Global Network Management.
An analysis of the IP addresses managed by Global Network Management revealed that the company had assigned over 10,000 IP addresses to Telegram. The allocation of such a large number of IP addresses means that Global Network Management plays a vital role in Telegram's infrastructure.
Furthermore, an investigation into the legal battle with Global Network Management revealed that the company is owned by Vladimir Bedenev, a 45-year-old Russian network engineer.
Bedenev is not only the owner of Global Network Management, but is also responsible for maintaining Telegram's network equipment. According to court documents, Durov has authorized Bedenev to sign documents as Telegram's CFO and to negotiate with third-party contractors on Telegram's behalf. In fact, Bedenev has signed contracts as Telegram's CFO, which can be seen below.
While there is no evidence that Bedenev's Global Network Management has ever collaborated with or provided data to the Russian government, two other companies closely connected to Bedenev have been identified as having multiple sensitive clients with ties to
In addition, it has been revealed that one of the 'two other companies closely related to Bedenev' allocates IP addresses for Telegram, and the other has been allocating IP addresses until 2020.
John Scott-Railton, a senior researcher at
Regarding message data on its servers, Telegram explains, 'The data is stored in multiple data centers around the world, which are managed by multiple legal entities across different jurisdictions. The associated decryption keys are split into multiple parts and are never stored in the same place as the data they protect. This structure prevents a single government or group of like-minded countries from violating people's privacy and freedom of expression.'
But network security experts warn that even Telegram's end-to-end encrypted messages leave users vulnerable to tracking because Telegram's MTProto protocol, which governs how the encryption works, dictates that each encrypted message be prepended with an unencrypted element.
According to security expert Michał Lisiek Woźniak, this 'unencrypted element at the beginning of each encrypted message' is called 'auth_key_id', which makes it possible to identify a specific user device. Woźniak explained, 'If we know the 'auth_key_id' of your device, we can eavesdrop on the network that processes the data. That means we know that it is your specific device that is communicating with the Telegram server. Furthermore, by examining the network packets, we can obtain your IP address at a specific time, which gives us an approximate geographic location.'
This means that someone who controls Telegram's network traffic can track users, even if they can't read the messages themselves.
A Ukrainian IT expert who spoke to OCCRP on condition of anonymity said that since the Russian military took control of Ukraine's network infrastructure, they have been using 'man-in-the-middle' surveillance techniques. Specifically, they physically access data transmission lines and install equipment to collect metadata such as users' IP addresses, users' geographical information, who is exchanging data packets with whom, and what type of data is being exchanged. OCCRP is concerned that Telegram's technical infrastructure is also managed by Bedenev, who is suspected of having ties to the Russian government, which could allow the Russian government to collect metadata.
Related Posts:
