Kremlin's Tracking of Russian Dissidents Through Telegram Suggests App's Encryption Has Been Compromised (wired.com) 56
Russian antiwar activists placed their faith in Telegram, a supposedly secure messaging app. How does Putin's regime seem to know their every move? From a report: Matsapulina's case [anecdote in the story] is hardly an isolated one, though it is especially unsettling. Over the past year, numerous dissidents across Russia have found their Telegram accounts seemingly monitored or compromised. Hundreds have had their Telegram activity wielded against them in criminal cases. Perhaps most disturbingly, some activists have found their "secret chats" -- Telegram's purportedly ironclad, end-to-end encrypted feature -- behaving strangely, in ways that suggest an unwelcome third party might be eavesdropping.
These cases have set off a swirl of conspiracy theories, paranoia, and speculation among dissidents, whose trust in Telegram has plummeted. In many cases, it's impossible to tell what's really happening to people's accounts -- whether spyware or Kremlin informants have been used to break in, through no particular fault of the company; whether Telegram really is cooperating with Moscow; or whether it's such an inherently unsafe platform that the latter is merely what appears to be going on.
These cases have set off a swirl of conspiracy theories, paranoia, and speculation among dissidents, whose trust in Telegram has plummeted. In many cases, it's impossible to tell what's really happening to people's accounts -- whether spyware or Kremlin informants have been used to break in, through no particular fault of the company; whether Telegram really is cooperating with Moscow; or whether it's such an inherently unsafe platform that the latter is merely what appears to be going on.
Better likelihood... (Score:2, Interesting)
Their phone or computer is compromised, not necessarily the app itself.
Complexities of encryption (Score:3, Interesting)
[The real moron is someone who thinks AC status on Slashdot protects anything.]
Interesting story and Telegram was was mentioned in Listening In by Susan Landau. I'm not sure of her technical chops since she might be talking down to the masses of neophytes, but she name drops some people she worked with, so she certainly had good access to people with the chops. The book is already five years old, but it's tilted to the theoretical rather than the practical side and so most of what it says is still valid a
Re: (Score:2)
I should have included mention of Cyber War by Richard Clarke. I read lots of books on related topics, but that one still comes to mind as one of the best summaries, even though it is largely theoretical. The situation in the real world appears to have changed little if at all since he wrote it.
Re: (Score:2)
[The real moron is someone who thinks AC status on Slashdot protects anything.]
Interesting story and Telegram was was mentioned in Listening In by Susan Landau. I'm not sure of her technical chops since she might be talking down to the masses of neophytes, but she name drops some people she worked with, so she certainly had good access to people with the chops. The book is already five years old, but it's tilted to the theoretical rather than the practical side and so most of what it says is still valid and I can mostly recommend it. (But definitely more technical and even more practical than anything I noticed in scanning all of the early comments on the story. (But only eight as I write.))
The book did convince me of one thing: If I was seriously concerned about smartphone security, then I should pay the premium and get an iPhone. However, the fundamental problem remains: Security is like a chain, and the attackers only have to find one weak link to break it. If Telegram is the weakest link they can find, then that's where they'll attack. But there are LOTS of places to attack, and the people are usually the weakest links. A bunch of dissidents trying to organize against Putin? What are the odds that all of them are secure and that none of them are planted informers? Small enough for government work. To update the old saying, "Three dissidents can keep a secret, as long as two of them are dead."
Less directly relevant, but quite thought provoking is The Crimean War by Orlando Figes. The more things stay the same, the less they change, and Russia has been doing this sort of thing (with reference to the new and improved Ukraine War) for a LONG time. Putin may talk a good game about Stalin (and I'm a bit surprised he hasn't tried to revert the name back to Stalingrad), but I think his real idols were the Tsars. Especially Nicholas I (https://en.wikipedia.org/wiki/Nicholas_I_of_Russia). Or maybe not so much, considering how the Crimean War turned out? (Just got to the first major war crime, where the Turks slaughtered a thousand wounded Russian soldiers, trying to keep the Serbs out of the war.)
And who says technical humor is dead? Me! Just look at all the dead humor references failing to be funny.
Well, the moderation system certainly seems to be confused about that one, but it looks like someone wants to censor it for some reason, so it apparently needs to be quoted. For emphasis? Of which point that triggered who?
Re:Better likelihood... you can't tell (Score:3, Interesting)
There are two reasonably equally likely explanations for this
a) the Russian authorities don't want people to use encryption so they are letting rumours of compromise leak. Notice the other comments that AES likely doesn't work (which is very unlikely)
b) the Russian authorities have compromised telegram and are managing to semi-hide this.
I'd tend to go with Telegram being compromised because there are better alternatives.
Although we know that Telegram is somewhat compromised (see link [pwnallthethings.com] from comment below [slashdot.org]) The
Re: (Score:2)
1) switch from Telegram to signal
Because of signal self imploding, likely most users will migrate away as soon as they stop being able to message non signal users.
How retarded and self destructive can they be
Re: (Score:2)
I don't get this. If I'm a normal messenger user I install the messengers I want people to use. If people ask I suggest signal. If I have to I use something else like Whatsapp. Just install both; problem solved.
Re: (Score:2)
I don't get this. If I'm a normal messenger user I install the messengers I want people to use. If people ask I suggest signal. If I have to I use something else like Whatsapp. Just install both; problem solved.
I would prefer that a secure messaging app was completely UNABLE to send messages through unsecure channels.
Otherwise, I might make a mistake one day and accidentally send something through the unsecure channel that should have{#`%${%&`+'${`%&NO CARRIER
Re: (Score:2)
1) switch from Telegram to signal
Because of signal self imploding, likely most users will migrate away as soon as they stop being able to message non signal users.
How retarded and self destructive can they be
Because your device can only have one single messaging app installed at a time.
Re: (Score:2)
That is why I have 8 devices and 16 chargers and 28 dongles ... hm, I might have miscounted something.
Re: (Score:2)
That is why I have 8 devices and 16 chargers and 28 dongles ... hm, I might have miscounted something.
I just use Qubes for anything that I actually want to be private or secure. Anything else is expected to be open, at least to state actors. By which I mean 5 eyes. (hi guys).
This coming from someone who used to go 'meta-x spook' before sending an email in Emacs.
Re: (Score:2)
This coming from someone who used to go 'meta-x spook' before sending an email in Emacs.
Oh, I have to find the vi equivalent for that one!
Phone compromise is Occam's Razor solution (Score:2)
3) remember that your phone is the most likely point of compromise. Encrypt, limit other apps on the system you use with telegram.
If a nation-state wants info on you badly enough to contract with, say, NSO, it doesn't matter whether your messaging software is compromised or not.
Re: (Score:2)
That's if they want you. By that time it's normally too late. The problem is if they don't want you specifically, just anyone who's in particular groups. Telegram apparently doesn't protect that effectively.
State-Sannctioned App (Score:3)
Telegram is legal in Russia, some of the alternatives are not.
It looks as though the FSB can read Telegram conversations in Real Time? I'm shocked! Who would have thunk it?
Re: State-Sannctioned App (Score:5, Insightful)
Might be a good way to tell whether an app is really secure: Check if China, Russia, and Iran have banned it. Only reason they'd back ban anything is if they either can't control it, can't monitor it, or both.
Re: (Score:2)
Mod parent up, though I am wondering if the US should have been included on the list... (Probably not, since Congress is too dysfunctional to ban anything?)
Re: State-Sannctioned App (Score:5, Insightful)
The safe assumption is the U.S. is monitoring them all.
Re: State-Sanctioned App (Score:2)
But of course?
Say, did you hear the joke about the long-distance Japanese crooks based in the Philippines? This is a real and ongoing news story, though I haven't noticed any mention on Slashdot. Technical aspects are too "weak" to qualify?
There are these four guys who were in detention in the Philippines, mostly for apparently minor stuff related to their visas. But it has recently turned out that they were remotely operating a vicious gang of murdering robbers operating all over Japan. One amusing detail
Re: (Score:2)
Might be a good way to tell whether an app is really secure: Check if China, Russia, and Iran have banned it.
A year ago I would have instantly agreed and moved on. But after watching Russia's recent military silliness I'm now wondering if they're using it because it's keeping Ukrainian intelligence out.
Re: (Score:2)
Might be a good way to tell whether an app is really secure: Check if China, Russia, and Iran have banned it. Only reason they'd back ban anything is if they either can't control it, can't monitor it, or both.
Just China, Russia and Iran? You think the 5 eyes don't complain bitterly when they can't break into your communications? You don't think thats worth noting?
Re: (Score:2)
That book I mentioned earlier says quite a bit on this topic, especially in relation to Tor. (Which I don't really trust, either.)
Re: (Score:2)
That book I mentioned earlier says quite a bit on this topic, especially in relation to Tor. (Which I don't really trust, either.)
The 5-eyes control so much infrastructure, especially Internet infra for routing and switching, its hard to imagine being able to properly communicate privately and untraceably.
Re: (Score:2)
Just an ACK.
Re: (Score:2)
Right. Russia tried to ban it and blocked it for several years before lifting the ban in 2020. I wonder why they suddenly stopped, eh?
Russian billionaire is Telegram co-founder (Score:2)
Peter Durov. Also: Russian Oligarch, Ex-Cabinet Minister Invested in Telegram’s ICO, Court Filing Says.
https://finance.yahoo.com/news... [yahoo.com]
IIRC Durov's family was also heavily involved in developing the Telegram software.
Lately, the Russian oligarch death rate has climbed steeply and you can bet the Kremlin is bringing pressure to bear on any who have stepped out of line.
Russia ‘Unblocks’ Telegram in Surprise (Score:2)
Russia ‘Unblocks’ Telegram Messenger in Surprise Reversal
https://www.themoscowtimes.com... [themoscowtimes.com]
Telegram CEO's Number Found on List of Potential NSO Spyware Targets
https://gizmodo.com/telegram-c... [gizmodo.com]
Yeahhhh.....
Colour me surprised (Score:2)
Re: (Score:2)
Probably just compromised endpoints (Score:2)
That is pretty easy with some carelessness on user-side. I doubt many of these people use a dedicated phone or computer for telegram.
Old Telegram posts from story archive (Score:3)
https://tech.slashdot.org/comm... [slashdot.org]
Telegram is NOT secure & Russia IS spying on i (Score:4, Interesting), Tuesday December 06, 2022
Telegram is not secure and its continued use in Ukraine may lead to users' deaths.
A recent security-focused review looking at a Nov 11 Washington Post story [washingtonpost.com] on Russian "stay behind" operations in Kherson has concluded that Russia is spying on Telegram chats in occupied Ukrainian regions [pwnallthethings.com]. A tidbit for you:
Telegram's security has long been called into question by the information security community. There's lots of aspects of how it is built that don't make sense from a security perspective. But so far, there's never been any good evidence that it's been exploited by the Russian security services in practice.
Until now.
Ihor's story is particularly amazing because it doesn't just reveal that Russian forces are surveilling Telegram chats. It also gives us a good hint as to how.
It even tells us what Russia wasn't doing--at least in the narrow case of Ihor. And it reveals how at least one other major and well-known security defect in Telegram--ones that have been left open on purpose by Telegram--would very likely have led to Ihor's death if Russian occupation forces had been only slightly more competent and successfully exploited them.
https://tech.slashdot.org/comm... [slashdot.org]
Telegram does NOT use the Signal protocol (Score:2) December 08, 2022
By default, chats are not encrypted. You can optionally encrypt 1 to 1 chats, but not group chats. Encryption uses the Signal protocol.
Yes, Telegram supports encrypted chats, but Telegram users overwhelmingly ignore that feature. As you noted, it has limited applicability (no encryption for group chats). IIRC, it also feels less usable (even beyond the fact that the option is buried in the UI).
According to Telegram's own website, they have implemented their own protocol called MTProto [telegram.org]. This is not Signal.
At least MTProto 1.0 was rather riddled with flaws. It was written by mathematicians without any knowledge of cryptography and was very roundly criticized. See this question on crypto.StackExchange [stackexchange.com] for detail. Presumably MTProto 2.0 addressed all of that, but Telegram's callous responses have alienated cryptographers. Telegram has given the impression that its chats are secure and encrypted and they've buried the option to actually enable encryption (regardless of its implementation). In other words, stay away from it.
https://yro.slashdot.org/comme... [slashdot.org]
Re:Let me be the first to say (Score:5, Interesting), November 30, 2022
Telegram sends the username in the SSL SNI field. (maybe only for verified users...)
So technically it doesn't need to give much more to authorities, its snoopable.
https://mastodon.technology/@r [mastodon.technology]... [mastodon.technology]
Please do not recommend Telegram, its about as private as WhatsApp. Meaning pretty much not.
https://apple.slashdot.org/com... [slashdot.org]
Re: They can't do what Amazon does?, October 29, 2022
Have you tried to make an instant messenger that focuses on privacy and that they cannot decrypt your shit for anyone... present your decrypted content on their own website
Our software can decrypt Telegram protocol and process the messages as text.
A court warrant is required to investigate the con
Re: (Score:2)
Thanks for quoting my posts!
Here's the meat with links:
Telegram is not secure and its continued use in Ukraine may lead to users' deaths.
A recent security-focused review looking at a Nov 11 Washington Post story [washingtonpost.com] on Russian "stay behind" operations in Kherson has concluded that Russia is spying on Telegram chats in occupied Ukrainian regions [pwnallthethings.com].
According to Telegram's own website, they have implemented their own protocol called MTProto [telegram.org]. This is not Signal. At least MTProto 1.0 was rather riddled with flaws. It was written by mathematicians without any knowledge of cryptography and was very roundly criticized. See this question on crypto.StackExchange [stackexchange.com] for detail. Presumably MTProto 2.0 addressed all of that, but Telegram's callous responses have alienated cryptographers. Telegram has given the impression that its chats are secure and encrypted and they've buried the option to actually enable encryption (regardless of its implementation). In other words, stay away from it.
I am therefore not at all surprised that there's a good chance Russia has a way in, though you also have to consider that they have other tools, such as malware that can compromise the endpoints rather than intercepting the content on the wire. Dissidents would be much better off using a protocol that is better vetted for security and setting their messages to expire after a certain amount of time. This is called ephemeral messaging, and it is availab
AES and SHA256 are still secure (Score:5, Informative)
Re: (Score:2)
I wanted to mod this up but my finger literally slipped on the trackpad and as a result it was modded down as redundant (facepalm). This comment seems to be the only way to undo it ("If you continue to post this comment, all moderations done to this discussion will be undone! Are you sure you want to post?"). So here we are. Sorry about the noise.
Re: (Score:2)
LOL. That has to be the longest "posting to undo mod" post I've ever seen. :-)
Re: (Score:2)
Sorry but being able to crack AES and SHA hashes is nothing that would be publicly announced.
It really depends who does it. There are plenty of cryptographers working in public who have announced results against top algorithms. SHA1 and MD5 breaches were announced publicly. It's no longer true that cryptographers only work for the military. There are now plenty of companies that care deeply about the security of cryptography and depend on it for their money.
The cryptos and hashes available to the public has since long been expired. New better variants is nothing that would be shared to the public either.
Much of new crypto research doesn't so much make things more secure as tries to maintain the same security whilst working faster. There is noth
Re: (Score:2)
What utter tosh.
CNSA (and NSA Suite B before it) allows for AES256 and SHA2 to protect TS Codeword material. If you're suggesting they would approve a suite of crypto to protect that level of information they KNEW could be cracked by a FIS (primarily China and Russia) you're very wrong. They would never risk it.
What *IS* absolutely vital is the implementation of that crypto. It's often why (if not always why) the equipment you can use for TS protection is very heavily regulated. They trust the crypto, they
peer authentication and key negotiation (Score:3)
Next is key negotiation. We have lots of secure key negotiation algorithms but the implementation of them ar
Re: (Score:3)
Almost wonder or maybe just wish, saying you didn't have the API for that was how you passed it correctly ;)
Oh and Thank you for reminding me why I continue 20+ years later to read this site!
Tinfoil hat time (Score:1)
Encryption broken, or ... (Score:4, Interesting)
Back when the FBI was picking up ANTIFA operatives in Portland, Oregon, they were taking their phones, recording the IMEIs and MACs. And then working back through archived telco records to find likely associations and uncover the group's group command hierarchy. It didn't matter if, once returned, the phones owners immediately destroyed them and set up new accounts. The historical connection data had already been recorded.
More or less the same thing happened when Cheney outed Valerie Plame as a CIA agent. It was a simple matter to go back through her call logs*, find people or phone numbers with whom she had repeated conversations and assume that others that did so as well might also be agents.
*If you think this information isn't sold by the telcos for "marketing purposes", I've got a bridge to sell you.
Re: (Score:2, Insightful)
Back when the FBI was picking up ANTIFA operatives in Portland, Oregon, they were taking their phones, recording the IMEIs and MACs. And then working back through archived telco records to find likely associations and uncover the group's group command hierarchy.
There wasn't one, the FBI director even testified about it. People were arrested right there in the street, in the act of committing violence, or later from video evidence, not because of cellphone connections. This is old now, we can all look at the arrest records, there was no hierarchy or command anything. Everything was on social media, there was no network to uncover from call records. It's like saying "QANON operatives", in 2023, like you haven't yet figured out it's a bunch of disconnected nut jobs.
Re: (Score:3)
People were arrested right there in the street, in the act of committing violence, or later from video evidence, not because of cellphone connections.
Correct. But then their cell phones were taken, the hardware IDs checked against call logs and networks of "known associates" were uncovered.
There wasn't one, the FBI director even testified about it.
Do you think the FBI director is going to divulge the details of an active investigation? Particularly when some of the people who might be implicated are sitting right there?
How did you arrive at such a bizarre take?
Law enforcement has been unsuccessful at hampering ANTIFA/Anarchists street operations by putting on black hoodies and masks. Because ANTIFA uses the same sort of identification protocols that und
Plaintext Storage (Score:5, Informative)
If you get a new phone and verify your phone number using SMS, Telegram will hand you all your old messages and groups.
There are no keys here. It's an intelligence operation either explicitly or implicitly.
README.spooks:
Don't break our system and we won't tell anyone about this.
Re: (Score:2)
If your life is on the line (Score:2)
It's crappy to second-guess people in Ukraine and Russia that are going through this nightmare. But, I am surprised about the willingness of people to trust the various social media platforms with their lives. I just assume that all of these platforms have been compromised by minimally hacker/ransomware groups and are for sure open to high levels of government security apparatus of the Chinese, US, Russia.
It's really only the willingness of these entities to 'show their hand' and reveal that they have co
Re: (Score:2)
This is obviously false. I recently watched a docu-series about a family laundering money in the Ozarks and they used their cell phones constantly and the FBI were completely incapable of gathering any data about their communications.
Re: (Score:2)
used their cell phones constantly and the FBI were completely incapable of gathering any data about their communications.
That does not make any sense.
Ofc they can "record" the whole traffic of the cell phones ... if they can not encrypt the traffic, they at least know time and likely position of whom communicated with whom.
baseband processors are how (Score:5, Interesting)
I think it's memory being read through the cell phones baseband processor.
For those who aren't aware, the cellular antenna part of the phone has it's own little mini computer/processor. It has the ability to execute it's own code so that it can properly be isolated from the user in order to be FCC licensed. They don't want someone who hacked their phone to be able to mess with the cellular networks on the packet level so all the code to deal with the cellular side is actually ran by another mini computer.
This small baseband processor often runs a binary blob and this module has a direct connection to your phone's memory and cpu. This is required so your phone can send and receive cellular data without actually having access to the antenna directly. Your phone's driver delivers payloads into memory, then triggers an interrupt asking the baseband system to then read that memory out of the systems memory and do it's magic cellular stack stuff to make that message get sent.
Same thing for return data, buffers that your phone allocates in memory are then filled with return data and your cpu is interrupt triggered to then go read it.
This means I can basically sniff anything the phone does if I add some secret cellular commands that ask the phone to send arbitrary memory locations. This means I could technically scan your phone's memory looking for things like encryption keys. I can also technically overwrite things such that a secure key you generate instead produces a key I actually created myself.
I could have constant updates where I download bad programs on government computers, figure out where they put their private data in memory, then craft some new memory-reading-cellular commands to ask all cell phones in my country to send this data to me.
Ways to fight this include scambling memory locations, not using stock libraries in known binary ABI form, faraday caging the device if not planned to use any cellular and networking via usb/lightning.
Basically it's hard to secure a phone that has this type of backdoor. I know how I could easily make this type of thing work so I assume people smarter than me already have.
Another possibility (Score:3)