On June 10, «Important Stories»** and the «Center for the Study of Corruption and Organized Crime» (OCCRP) published an investigation about the connection between Telegram and the FSB. Journalists claim that thousands of IP addresses of Telegram servers are controlled by the company Global Network Management. Before GNM, the same IP addresses of Telegram belonged to «Globalnet». The companies had the same owner — Vladimir Vedeneev, and among the clients of «Globalnet», besides Telegram, was, for example, a closed analytical center of the FSB. In addition, Telegram device identifiers are transmitted unencrypted — this allows the location of users to be determined in a certain way.
Previously, «The First Department» had already reported that the FSB initiates treason cases against Russians who have ever written to bots or feedback accounts of Ukrainian channels. Messages that Russians send in Telegram are intercepted as part of operational activities conducted under a single criminal case initiated in the spring of 2022. The investigator of the main «spy» department of the country, Dmitry Stetsenko , based on some report from the Department of Counterintelligence Operations, initiated a criminal case against unidentified persons under the articles «terrorist act» and «preparation for espionage». In the fall of 2023, investigator Mikhail Stepanov initiated another case against unidentified Russian citizens, this time under the article «state treason». In April 2024, the deputy head of the entire «spy» department, Pavel Shintyaev, combined the cases into one proceeding and handed everything over to the same Stetsenko.
There are no suspects or defendants in this case — it was initiated on the grounds that Ukrainian special services, through various messengers and social networks, including Telegram, «collect information that poses a threat to the security of the Russian Federation». High-ranking investigator-counterintelligence officers use it as a cover for «extracting information from technical communication channels». These are operational-search activities during which the FSB gains access to the personal correspondence of Telegram users.
When the FSB establishes that a specific person sent some information (for example, a photo of a military object) to a channel bot or reported sending money, law enforcement officers extract the materials and send them to the person's place of residence. After that, the regional FSB department initiates a criminal case.
«In our practice, a significant number of cases have accumulated in which materials from Telegram — correspondence, subscriptions, information about channel administration — constitute an important part of the evidence base,» said the head of «The First Department» Dmitry Zair-Bek*. — In most cases, their acquisition can be explained by the compromise of devices as a result of the users' own actions. However, there are also cases where no reliable technical explanations corresponding to known access methods — voluntary data transfer to law enforcement, hacking, phishing, or malware implantation — are identified. This may indicate either the use of undisclosed cyber espionage tools or cooperation between Telegram and the Russian authorities, the obvious signs of which we observe in several other areas.»
In response to the investigation, Telegram stated that no external structure «has access to the messenger's data or confidential infrastructure», and that Telegram «has never disclosed private messages to third parties, and its encryption has never been hacked».
«Rain»** received a response from GNM, which stated that the company «does not have access to the content of traffic, encryption keys, or the internal architecture of Telegram».
At the same time, in a public discussion under a post by journalist Andrey Zakharov*, former director of special projects at Telegram Anton Rosenberg said that he himself had access to users' private correspondence. «An outsider who removed the disk from the server will not be able to decrypt the data, but at the level of a working database, the messages are indeed not encrypted. Since I was dealing with anti-spam issues, I had access to them,» wrote Rosenberg.
«I want to believe the words of Telegram representatives, but unfortunately, it is impossible to verify them,» said Dmitry Zair-Bek. — Criminal practice in Russia speaks in favor of a bad scenario, as do certain facts of Telegram's cooperation with the Russian authorities on internet censorship issues. I don't want to take their word for it, and the developer leaves users with no other options.»
* Recognized as a «foreign agent» in Russia.
** Recognized as a «foreign agent» and «undesirable» organization in Russia.