Inside a 35-page dossier suggesting the Russian government attempted to compromise President-Elect Donald Trump, there was a memo concerning to the millions of users of the encrypted messaging app Telegram. According to a note in the dossier, the app may have been hacked by Russian operatives.
According to the memo dated June 2016, the Federal Security Service of the Russian Federation—better known as the FSB—may have targeted Telegram and was able to crack the encryption, meaning the organization could feasibly read communications being sent across the platform.
The full memo reads:
“An FSB cyber operative flagged up the ‘Telegram’ enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB, not least because it was used frequently by Russian internal political activists and oppositionists. His/her understanding was that the FSB now successfully had cracked this communications software and therefore it was no longer secure to use.”
The report would spell bad news for 100 million active monthly users who communicate via Telegram. The encrypted messaging app is one of the most popular options for end-to-end, secure conversations. According to Telegram, the service sees more than 15 billion messages sent daily.
Worth noting is the fact the dossier the Telegram memo was part of is unverified. The information was gathered by a former British intelligence officer with Russian contacts and a history of credibility, but BuzzFeed published the dossier with a disclaimer the report “contains errors.”
A two-page synopsis of the collection of memos was reportedly presented to Trump and President Barack Obama by United States intelligence chiefs, but claims themselves have not been substantiated.
In the case of the Telegram claim, no additional information is provided to detail how the service would have been compromised. There are no other mentions of the messaging app in the rest of the document.
Telegram’s encryption protocol has come under fire in the past. In 2015, a security researcher published a paper outlining major vulnerabilities within MProto, the app’s proprietary encryption protocol. The conclusion of the paper suggested Telegram update its protocol to a more modern method as opposed to the “aging primitives” that it made use of and advised “homegrown cryptography is a bad approach.”
Another security researcher was able to effectively stalk users through the service by tracking when they were online and offline through the app’s metadata. Such information may seem miniscule, but could be used to determine who a user is communicating with.
In response to an inquiry about the allegations in the dossier, Telegram directed IBTimes to a response published by the Telegram Team on Wednesday which claims, "To this day no ways of undermining Telegram's encryption have been discovered."
"This story is actually a part of an 'intelligence report' that has been touring the journalistic circles since June 2016 and is very likely to be fake," the team wrote in the post. "If the report is not fake (and the majority of experts agree it is), it probably refers to the story of SMS interception for two Russian oppositionary accounts that were not using Two-Step Verification."
While the Telegram team encouraged its users to enable two-step verification to ensure they are protected, but advises, "Keep calm and send Telegrams!"