Counter-Terrorism: Search And Disrupt


December 13, 2019: In late 2019 ISIL (Islamic State in Iraq and the Levant) warned members and supporters to stop using the popular encrypted messaging app Telegram because it was believed that the Telegram operator was cooperating with Europol (the European Union international police organization) to shut down Islamic terrorist use of Telegram. It is no secret that intelligence agencies worldwide have been hard at work trying to shut down Telegram or crack its security sufficiently to go after users those nations want gone (arrested or just dead). What did happen was that Europol had not deciphered (“cracked”) Telegram encryption. Instead, since mid-2018,. Telegram and Europol cooperated to discover and remove ISIL users and their messages from Telegram by analyzing user patterns to determine who was ISIL and who was not. Europol has a lot of data on ISIL use of the Internet and Telegram could use that to develop algorithms that would identify ISIL members and purge them from the Telegram user community. Currently, Telegram has about 200 million regular users and 5,000 ISIL related accounts were shut down. If this drives all ISIL operatives and fans off Telegram the loss will be minor (under 100,000 users) and worth it because Telegram wants to remain on good terms with the EU. There are practical as well as moral reasons for this. Telegram was founded by a Russian entrepreneur (Pavel Durov) after he fled Russia in 2013 because of disagreements with the government over censorship and corruption. Durov noted that Russia was returning to its police state ways and disagreements with the government often turned out badly for such “enemies of the state” and often led to such people disappearing or dying unexpectedly. If a business was involved it would often be outlawed, driven into bankruptcy or seized by the state.

Durov left because he could. He had several hundred million dollars in Swiss bank accounts and obtained citizenship in St Kitts (a tiny Caribbean island state) and became a citizen of the world. Durov and Telegram survived by not antagonizing too many nations at once. Telegram cannot exist unless most of its users trust the security methods (encryption and much more) Telegram employs to keep messages secret from everyone but the sender and recipient. At the same time Telegram is a legitimate business that needs to be based somewhere and the EU seemed suitable. There was one problem, police had discovered that more and more criminals were using Telegram to communicate and that this form of secure (secret) communication had become a key tool for Islamic terrorists to not only avoid detection and arrest but also to spread their messages via the Internet along with recruiting and fundraising.

In the last few years, Telegram has come under considerable pressure from nations like Russia, Iran, North Korea and China for enabling reformers in those nations to freely communicate using Telegram. But all nations are after Telegram about how Islamic terrorists and criminals using Telegram. Durov does not want to be put in a position where he has to decide who is an international outlaw and who isn’t. Agreeing that ISIL is an international menace is easy, and many international criminal organizations involved with drugs, prostitution and general bad behavior would also qualify. Durov doesn’t have to compromise his overall security (encryption and database security) to assist operations against international threats. The recent action against ISIL merely identified accounts used by ISIL and shut them down. The Telegram messaging security is designed to be difficult to decrypt and intercept and Druov has to keep it that way and convince most of his users that he is doing so, in order to stay in business. Telegram has some competitors but so far none have matched Telegram in overall capabilities and security. Most intelligence agencies don’t want Telegram to go away but they do want some cooperation in at least blocking “generally recognized threat” organizations. After all the Western nations support many more Telegram users who are seeking to reform or overthrow their oppressive (by Western standards) governments.

Telegram is also used by personnel working with most espionage agencies so the loss of Telegram would be widely felt. Some intelligence agencies may have cracked Telegram security and if they did they would not publicize the fact or exploit it in a way that would reveal their decryption success. Better to just read what the enemy was talking about and make the most of that. Telegram has refused to cooperate with any nation in that department.

One area of Telegram vulnerability that may have contributed to the recent ISIL crackdown was a Telegram effort to establish a cryptocurrency so that people could securely send money to each other without governments knowing. This system consisted of the TON blockchain and Gram cryptocurrency. This system could be very lucrative and Telegram has invested a lot in this operation. Yet Durov is experiencing some serious resistance from American and European financial system regulators. Whatever the case, Telegram is operating in a dangerous environment because it cannot survive as a legitimate, and legally profitable, organization unless it is tolerated by some major nations and trusted by most of its users. Telegram expects to show its first profit in 2020 unless its operations are disrupted by some legal or customer trust problems.

Meanwhile, several nations, especially China, Russia and Iran are very interested in simply putting Telegram out of business. China has tried DDOS attacks to shut Telegram down but that did not work. Nor have efforts to hack into Telegram networks. As long as Telegram exists it is a very visible threat to dictatorships, especially China, Russia and Iran. These three nations have been trying to shut down, or at least shut out, Telegram for several years now. In 2018 Iranians by the thousands protested the government ban on the using Telegram in Iran. At the time it was believed that about half of all Iranian Internet users regularly employed Telegram to communicate. Telegram refused to provide any government with a way to read encrypted Telegram messages. The government issued the ban order in April and within a week most Iranian Telegram users had found ways to get around the ban and continue using Telegram. User resourcefulness makes it difficult, but not impossible, for government actions to make a temporary difference. Telegram had been temporarily blocked in Iran during late 2017 and early 2018 to help suppress nationwide protests against the government. But the permanent ban has brought forth complaints from many senior government officials while  the permanent ban has a lot of opposition among the senior government leadership. These officials, like their Arab counterparts throughout the region, recognize that Iranians are very resourceful and those talents can be used against Iranians as well as non-Iranians.

Around the same time, Russia ordered hundreds of IP addresses blocked, believing that would prevent Russians from using Telegram. It did, but not for everyone. An unexpected side effect of this censorship campaign was to disrupt a lot of vital (for many Russian users) Google services. Iran and Russia are not the only nations seeking to control Telegram and, in some cases, those two nations are after Telegram for the same reason the rest of the world is; to shut down Islamic terrorist use of it.

China was more discreet in its operations against Telegram but equally ineffective. Now it appears the major threat to Telegram is financial regulators in America and Europe blocking the new cryptocurrency operation. That threat puts American and European intelligence and law enforcement agencies in a stronger bargaining position. For Telegram, the problem is not making a deal that would risk putting them out of business or making a deal but still going out of business if customers no longer trust Telegram.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close