In the midst of all the fallout that came in the wake of Buzzfeed’s publication of an unverified dossier that claims President-Elect Donald Trump has definite ties to Russia was an uncomfortable revelation for security-minded people everywhere: one of the most trusted encrypted messaging apps might not be as safe as its users think.
Telegram, one of the apps used by people around the world for secure messaging, was cited in the report as having been compromised by the FSB (AKA the Russian secret police).
According to a confidential source speaking in June 2016, the FSB flagged Telegram as being of “especial concern,” which led to the organization focusing its efforts on cracking the system’s security:
An FSB cyber operative flagged up the ‘Telegram’ enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB, not least because it was used frequently by Russian internal political activists and oppositionists. His/her understanding was that the FSB now successfully had cracked this communications software and therefore it was no longer secure to use.
While the report is alarming for Telegram users who depend on the app to keep their communications private, it’s too early to hold it up as incontrovertible evidence that the platform has been compromised.
This is the only mention of the Telegram hack in the report. There’s no methodology described, with no further evidence than the “understanding” of the unnamed source.
What’s more, the report itself is explicitly unverified, as some of its claims have already been debunked. BuzzFeed included a disclaimer with its publication, stating it “contains errors.”
The Telegram team is dismissive of the report’s claims. Speaking to The Verge, a Telegram rep said the report is “likely a fake,” pointing to another incident of FSB SMS espionage, which took advantage of users who weren’t using two-factor verification, that could have served as the root of the story.
In response to Mashable‘s questions about the hack reported in the leak, Telegram provided this note (via Telegram message, appropriately) authored by “The Telegraph Team.” Along with providing some context about the current situation, the note declares that “no ways of undermining Telegram’s encryption have been discovered.”
This report notwithstanding, Telegram has been used by “good guys” and “bad guys” alike. It was a major platform for secure communications for Iranians during the country’s Feb. 2016 elections — but it has also served as a space for ISIS communications and propaganda, something the platform has fought to stamp out.
Other apps like Signal, which has been blocked by repressive regimes, offer similar encrypted messaging services. For authoritarians and others looking to control public communication and thought, piercing the security veil of one of these apps would strike a major blow to their opposition.
For Telegram users concerned about the report: it’s not time to panic quite yet. Be sure to enable two-factor verification to protect yourself, and keep an eye on the news.