Trump Leak Claims Russian Spies “Cracked” Telegram
On Tuesday, BuzzFeed published a slew of unverified claims on President-elect Donald Trump’s ties with Russia. Reportedly written by a former British intelligence officer, the 35-page dossier claimed that Trump cooperated with Russia in operations to target his political opponents. While we won't be talking about these unverified claims, the report also raised alarms for Telegram users.
Did Russia really "crack" Telegram
The dossier claimed that the FSB (Federal Security Service - Russian secret service) had successfully "cracked" Telegram's encryption to spy on Russian political activists, who were using Telegram. The report said (emphasis is ours):
An FSB cyber operative flagged up the ‘Telegram’ enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB, not least because it was used frequently by Russian internal political activists and oppositionists. His/her understanding was that the FSB now successfully had cracked this communications software and therefore it was no longer secure to use.
This claim, of course, raised concerns about whether the communication app was secure to use anymore.
Telegram has said that the report claiming it has been compromised by FSB is "fake", or that it could be referring to old information. The messaging app says that the fresh allegation "probably refers to the story on SMS interception by FSB in April 2016," when Russian activists were compromised.
Earlier last year, this incident was widely reported claiming that the FSB agents were intercepting login requests sent over SMS. They were then using those requests to hijack individual accounts. Even then the app wasn't really "hacked" as the FSB had obtained activists' login codes sent via text message. Built by Russian entrepreneur Pavel Durov, Telegram is a popular platform of choice for political activists, including Russian opposition leaders. This popularity was the reason the FSB was targeting the app last year. Back then the app had suggested its users to enable the two-step verification process.
Telegram promises a secure messaging experience. The app markets itself as an encrypted app, but end-to-end encryption is only enabled when users open the "Secret Chat" feature. Its promised security has also repeatedly come under question.
Also found other attacks in Telegram but they are implementation-specific. That's all for now, hope it's not boring. (7/7)
— Nadim Kobeissi (@kaepora) January 11, 2017
While unverified, last night's report is yet to be entirely debunked. Markus Ra, the Telegram spokesperson, said it was "likely" to be fake, and if not it "probably" refers to the April incident. Comforting? Not much. But, considering the credibility of the report so far, it may not be true after all. To Telegram users, just make sure you enable two-factor verification. We will share more updates if this "crack" turns out to be true.