Why Russian police order software for deanonymization of Telegram users

Authorities use Insider to crack down on dissent and opposition.

Three regional divisions of the Russian Interior Ministry – in Chechnya, Amur, and Kamchatka – have formally placed orders to the acquisition of software that would let the authorities to deanonymize users of Telegram, the most popular chat app in Russia.

While the purpose of such public acquisitions is to obtain private data of Russian users who criticize the regime of Vladimir Putin, in the long run the government could reach anyone hanging on Telegram, according to a Telegra.ph story by investigative journalist Andrey Zakharov, which was observed by Meduza, an independent outlet.

More to read:
Google developer found a vulnerability in Telegram app

The object of acquisition is an app called Insider. It works by processing leaked internet databases containing mobile phone numbers. The numbers are matched with IDs on Telegram (unique account identification numbers), allowing law enforcement officials to find out the name, address, workplace, and other information about users.

A screenshot of the Insider dashboard.

Credit: Meduza

Even if you don't have a username on Telegram and your phone number is hidden, anyone can still find out your ID - which is the unique numerical identifier of your account. Manually, one can see it in the link to your profile in the web version of the messenger or in a third-party client. Bots and the Insider fetch it automatically, then check which phone corresponds to this ID. It can also search for keywords in public Telegram chats.

Insider currently contains over 76 million phone numbers and their number is growing.

The police would order the Insider as part of a social media monitoring system called Demon Laplas, a domestic development used by the government to crack down on dissent and opposition, because the Insider is not a legal app even by Russian laws.

The license for the Demon Laplas costs around half a million Russian rubles (5,440 US dollars) per download and installation.

The journalist, an expert in social media, claims that the number of customers looking for user deanonymizing apps and the number of orders may be greater than he found, because spending public money for a cause pleasing the Kremlin also means lets the buyer to inflate the price and acquisition officials to earn an extra buck from kickbacks. Therefore, some acquisitions may be disguised under different product name or generic items.

It is very easy in Russia to get access to leaked databases due to rampant corruption. On the other hand, the law enforcements and intelligence agencies can force businesses to share data about their employees citing national security concerns.

More to read:
China orders app publishers to share business details

Telegram, on the other hand, has a number of safety flaws. The match between ID and phone, one of them, is a long-standing vulnerability in Telegram that its developers have chosen to leave unsolved, because it helps expand the user base - when someone installs Telegram, he see who from their contacts is already on the messenger.

Telegram was developed by the Russian brothers Pavel and Nikolai Durov. They founded Telegram Messenger LLP in 2013, and it has since become one of the most popular messaging apps globally. Both are suspected of collaborations with the Federal Security Service.

Hundreds of anti-war activists have been sentenced to lengthy prison terms in Russia as a result of a large-scale manhunt in social media, Meduza said.

NewsCafe is a small, independent outlet that cares about big issues. Our sources of income amount to ads and donations from readers. You can support us via PayPal: office[at]rudeana.com or paypal.me/newscafeeu. We promise to reward this gesture with more captivating and important topics.