Telegram’s Privacy vs Security Identity Crisis [Threat Note]

This blog is a summary of our latest threat note, “The Clash of Values on Telegram: Privacy vs Security”, which is available for all our clients to read in the CybelAngel portal. Interested in reading this report as a non client? Get in touch with us to access this content.

“Privacy is not an option, it’s a priority.”

Or, so said Telegram.

In this blog we are lifting the lid on the reality of Telegram’s commitment to user privacy since the arrest of Telegram’s Russian CEO, Pavel Durov, in August 2024 by French law enforcement.

A myriad of subsequent policy changes have reshaped the way cybercriminals use the platform since big changes , from features, to content moderation, to user data updates on its FAQ page.

Find out the ramifications for Telegram’s users as we review how cybercriminal networks are really feeling, and what strategies they are deploying to avoid increased surveillance on the Telegram app. We also lift the lid on what potential future scenarios are afoot inside Telegram groups.

Let’s outline some of these vulnerabilities and consequences we analyze in the full report.

Above: A Tweet from Telegram Founder and CEO, Pavel Durov, describing the aftermath of his arrest in Paris in August 2024. You can read his full statement on Telegram here.

Increased surveillance and legal pressures are now du jour on the messaging app beloved for its self-destructing messages and security features like secret chat options.

Here is a brief rundown on what changes have been made to the platform since his arrest.

  • Article 8.3 of Telegram’s privacy policy was updated: “If Telegram receives a valid order from the relevant judicial authorities that confirms you’re a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities.”
  • Telegram reinstated that it is ready to leave unwelcome markets rather than jeopardize user protection: “We are prepared to leave markets that aren’t compatible with our principles, because we are not doing this for money.” The messaging platform is currently banned

You can find more of this analysis within the full threat note, which is available to all CybelAngel customers within the CybelAngel portal.

How are Telegram users reacting on social media?

Social media was ablaze after the arrest of Durov in August.

Above: Twitter users react to the arrest of Durov and support the #FreeDurov campaign.

On Telegram, chat messages examined by CybelAngel analysts have found that large cybercriminal networks like Anonymous KSA, CyberVolk, Lapsus$, and RipperSec were the most ruffled by these changes and the news of Pavel’s arrest by French law enforcement.

Subsequently these groups targeted French websites, such as:

  • The French Development Agency (24/10/2024)
  • France Diplomatie (26/10/2024)
  • The French National Police (4/11/24)

Smaller marketplaces which concentrate on fraud-oriented activity have been less concerned with these changes.

In our full threat note we share detailed intel about highly adaptive hacker communities who have decided to move or remain on the platform.

Are cybercriminal communication patterns changing on Telegram?

We have observed significant developments in cybercriminal communication patterns since Pavel Durov’s arrest in August 2024.

Get in touch with us to access all of this metadata.

The full list of topics covered in our data-driven investigation

Within this threat note, our analysts have reviewed two distinct areas of focus. You’ll benefit from REACT team threat intelligence commentary concerning new security measures and their impact throughout.

The main focus areas of this report:

Part one: Telegram’s journey from privacy pioneer to legal scrutiny

  • The privacy strategy behind Telegram’s growth
  • New legal scrutiny and policy adjustments at Telegram

Part two: Cybercriminal strategies in the age of increased surveillance

  • Reactions and strategies shared by cybercriminals to these policy changes
  • Analysis forecasts for the future of the secure messaging app for hackers

CybelAngel possesses the necessary technical capabilities to access and monitor most Telegram channels and group chats.

Dive further into our analysis of the Telegram messaging app right now

What does the future hold for large groups of cybercriminals who depend on Telegram servers, its private messaging service and various encryption protocols? Enhance your threat intelligence readiness with this guide.

Today, with 950 million users on Telegram, including a hugely active cybercriminal segment, you need to enhance your understanding of changing Telegram account policies. It is good to keep in mind that the best dark web monitoring tools will monitor everything and beyond what you should be monitoring especially on encrypted channels like Discord, Telegram and IRCs.

If you are not a CybelAngel client but also wish to have a complete picture of this trending threat actor, you can obtain access to this resource by getting in touch with our REACT team at [email protected].

You might be interested in how the hacktivist community on Telegram communicate. Take a closer look and read ‘Anonymous Sudan’s Post Arrest Cyber Chaos [A Threat Note Guide].’