Revealing Investigation Points to Telegrams Vulnerable Ties to Russian Intelligence

The Telegram messaging application may not be as secure as once believed, as its infrastructure is managed by an individual whose businesses have worked with Russian intelligence services, a new investigation by the exiled media outlet IStories reveals.

Pavel Durov, the app’s founder who hails from Russia, has promoted Telegram as a protector of free speech and digital privacy, particularly in authoritarian regimes.

However, unlike its rivals WhatsApp and Signal, Telegram chats are not encrypted end-to-end by default. Without opting into the «secret chat» feature, users’ conversations are decrypted and stored on servers.

«This indicates that those who control the server can access the messages,» noted IStories.

The maintenance of this infrastructure is carried out by Global Network Management (GNM), a relatively obscure company based in Antigua and Barbuda that has supplied Telegram with more than 10,000 IP addresses, according to findings from IStories.

Vladimir Vedeneev, the owner of GNM and a Russian national, testified in a U.S. court that his company installs and oversees Telegram’s infrastructure and employs personnel in Russia. Court documents examined by IStories also indicated that Vedeneev holds the position of chief financial officer at Telegram.

Many of GNM’s IP addresses were previously owned by Globalnet, a telecommunications company based in St. Petersburg with connections to the Kremlin and Russian intelligence agencies, including the FSB, IStories reported.

Furthermore, Telegram allegedly received an additional 5,000 IP addresses from another St. Petersburg entity, Electrontelecom, which IStories identified as a contractor for the FSB. This company has been involved in the installation and maintenance of secure communication systems for intelligence operations.

In 2022, Globalnet introduced user traffic monitoring systems per the request of Roskomnadzor, the Russian state communications watchdog.

Oleg Matveychev, deputy chairman of the State Duma’s Information Policy Committee, stated at that time that Telegram and the FSB had reached a “compromise,” whereby Telegram installed infrastructure that allowed authorities to monitor users involved in criminal investigations, such as those suspected of terrorism.

In addition to decrypting user messages and storing them on servers, Telegram assigns a unique device identifier called “auth_key_id” to each message, cybersecurity expert Michał Woźniak revealed to IStories.

This identifier allows the platform to recognize the user’s device and apply the correct decryption key. With metadata such as IP addresses and timestamps, Woźniak mentioned that this system could potentially be utilized to ascertain a user’s location and contacts.

“If someone has access to Telegram traffic and collaborates with Russian intelligence agencies, the device identifier poses a significant problem — a means of global surveillance for messenger users, regardless of their location or the server they connect to,” Woźniak explained to IStories.

In a statement released later that day, Telegram asserted that none of its contractors have access to user data or critical infrastructure, and that the company has no employees or servers operating within Russia.

«All servers belong to Telegram and are managed by Telegram personnel. Unauthorized access is impossible. Telegram has no staff or servers in Russia. Throughout its existence, Telegram has never shared personal messages with third parties, and its encryption has never been breached,” stated Telegram’s press service.