Russia’s Rostec allegedly can de-anonymize Telegram users

Russia’s Rostec has reportedly bought a platform that allows it to uncover the identities of anonymous Telegram users, likely to be used to tamp down on unfavorable news out of the country.

Rostekh is a state-owned tech and defense systems corporation that comprises 800 enterprises and 15 companies,

The organization, which has an active role in monitoring the circulation of information within the country, is particularly interested in the identity of Telegram channel administrators who are critical of the Russian state.

This is reported by Russian media the Bell and Medusa, who investigated the matter after a series of arrests of anonymous Telegram channel owners and bloggers in 2022.

The Bell presents several cases that shook trust in Telegram’s security, including the arrests of commercial director Ksenia Sobchak Kirill Sukhanov, ex-editor-in-chief of Tatler magazine Arian Romanovsky, and journalist Tamerlan Bigaev, all users of the “Put out the light” Telegram channel.

According to the same reports, Rostec’s subsidiary “Avtomatika” (Автоматика) acquired a St. Petersburg IT company named T. Hunter in 2021, which has developed a product that can be used to identify anonymous users on Telegram.

The tool is allegedly called “Okhotnik” (Охотник), which translates to “hunter.” It is said to use over 700 data points to make associations and correlations that can lead to unmasking otherwise anonymous Telegram users.

The data points are drawn from social networks, blogs, forums, instant messengers, bulletin boards, cryptocurrency blockchains, darknet, and government services, and concern names, nicknames, email addresses, websites, domains, crypto wallets, encryption keys, phone numbers, geolocation info, IP addresses, and more.

“Hunter” can find any mistake made by the targeted users at any point in the past, so even the slightest and most distant exposure of their true identity can be used to create deanonymization paths.

“The interlocutors of the authors of the investigation on the “breakthrough” market compare “Hunter” with the well-known telegram bot Chimera,” reports the Bell.

“Similar programs are available on the Internet and the black market, but they, at best, contain merged databases, where most information is outdated, and its relevance must be checked.”

Moreover, unlike these programs, “Hunter” is entirely legal, with the Russian authorities comparing it to Palantir’s products or Paterva’s Maltego platform.

Nine of Russia’s top 20 Telegram channels have unknown (неизвестный) admins
(The Bell)

Rostec is reportedly planning to sell “Hunter” to all departments of the Russian Ministry of Internal Affairs and operational and technical units of the country’s federal security service (FSB) within 2023.

An IT expert of the Russian digital protection rights organization Roskomsvoboda, which has been classified as a foreign agent by the country’s Ministry of Justice since December 2022, commented that the “Hunter” cannot possibly identify Telegram channel owners by using only data points.

Instead, they believe they are using a zero-day vulnerability in the platform or working with an insider at Telegram to deanonymize users.

“In the case of determining channel owners, one cannot for sure assume real schemes without mixing up either some kind of 0day vulnerability in the Telegram API or cooperation with someone with administrative access to the messenger servers.” – Roskomsvoboda.

BleepingComputer has contacted Telegram for a comment on the above, but we have not received a response yet.

Update 3/27/23 – A Telegram spokesperson has sent BleepingComputer the following comment:

Telegram does not allow any means of identifying the admins of channels through the apps or through the API. Channels were designed with this in mind to facilitate pro-democracy movements in authoritarian countries and protests worldwide.

A common way for channel admins to de-anonymize themselves is by accepting payments for promotional content which could be traced.

Another way users can invalidate the protections offered by Telegram is by giving access to their channels to third-party bots (e.g. for statistics, or participation in external ad networks) or using third-party Telegram apps whose privacy policies may differ from our own. For this reason, we only recommend using official Telegram apps and official Telegram bots.

Comments

Lestatus – 3 days ago
АХах лол вычислили тех кто и не скрывался, а анонимных везде “неизвестно” Рашка как всегда…

“AHah lol figured out those who were not hiding, but anonymous everywhere “unknown” Rashka as always…”
GeneralRadioGR – 2 days ago
Ok, so they claim this (I don’t think it’s made up), but I already feel like there’s a chance it’s part of war-ish-fake newsing each other. The Russians literally have a new fancy plane with that nickname. I was unaware of it until now.

https://www.google.com/search?q=Okhotnik
(if you search for охотник you only get pictures of hunters)

So this app that they’re using to target dark web anonymous people is using a huge array of data from “fingerprints” you’ve left all over the internet that eventually might be gathered to make a real picture of who you are. The thing is: what’s so different about the this than the exact thing all major advertiser vendors that link businesses to their target audience via fingerprints you’ve left from Facebook, Instagram, anything, etc.

Companies that you don’t hear of in the news are at the cutting edge of linking all this kind of stuff together already.

One of the biggest is LiveRamp. They literally have data on all of us, hidden away.

They connect their data to Facebook or Google advertising based on the data a customer has, and then LiveRamp adds more data they have themselves + other silos of data to pretty much know exactly how to advertise to exactly which customer the client wants

They clearly sell it big with a “privacy focus” but not knowing their actual methods of operation is a little worrisome

https://liveramp.com/blog/liveramp-cross-screen-measurement-multiparty-data-collaboration/

So this could be true to an extent, but it sounds like the same thing my teachers told us in 8th grade when the Internet was first becoming so important to any big paper we had to write:

“now don’t plagiarize, we have access to programs that will find it and that isn’t gonna be good for you”

This is actually puffery like I suspected, if it even works at all.

If the threat of finding out who anonymous Telegram users are is real, the most likely culprit is an insider who can make those connections. Probably by accessing any available information in the Telegram servers about those specific channels and eventually getting leaked data that can then be used to target them.

So moral of the story: no Telegram security issue here, possible fake news from the Russia company, and if true it probably has inside hackers so duh that’s the best way to get anything anywhere, it’s also difficult to do!