How Telegram merges you to Rostelecom

Hi, Habr. Once we were sitting, doing our very productive business, as SUDDENLY it turns out the fact that for some unknown reason, at least the wonderful Rostelecom and the equally beautiful STC FIORD are connected to the Telegram infrastructure as a feast .

Telegram Messenger LLP peer list, you can see for yourself.

How did it happen? We decided to ask Pavel Durov through his Telegram account.
What came of this? Not what we expected from one of the creators of the “safest messenger”.

On June 12, 2019, we decided to write to Pavel Durov on his Telegram account tied to a number whose legitimacy is proved without any problems in several ways at once. Here we will describe the most elegant one - the number that is attached to it, is also attached to id1 on VKontakte social network. The mailbox on this account, by the way, is located on the domain. I think there is no doubt.


We restore the page, and we see that the number is attached to id1


Move on. Here you can see a more interesting fact - mail on the domain. There is no doubt that the number is real.

The number itself: +44 7408 **** 00 (moderator put asterisks)

We wrote for a specific purpose:

To find out how it turned out that these Russian offices are feasts of Telegram, and also to understand Does this harm the security of the messenger infrastructure? A clear and adequate question that could easily be answered if there wasn’t anything to hide. True?

Screenshot of a message in correspondence with Durov

After reading the message by Durov (to be honest, we thought that he was simply ignoring us, but everything was not so rosy), something began that we did not even expect.

He began to open the account of the person that he wrote, deleting messages from Telegram with confirmation codes in a second.

Later it turned out that the correspondence on this account was miraculously deleted.

The most interesting thing is that one of the access messages has been preserved, and I will provide it to you without a twinge of conscience:
You have successfully logged in on via +42777. The website received your name, username and profile picture.

Browser: Chrome on Windows
IP: (Netherlands)

You can press 'Disconnect' to disconnect

A few words about
I note that “”, as far as I know, did not shine in public. If you go in, you will understand that this is a mirror of the main Telegram site, which shines on a different IP.

And now a few questions:

  1. Why is the state-owned provider Rostelecom directly connected to the Telegram infrastructure?
  2. Why did Pavel Durov start this circus after reading the message, if he really has nothing to hide?
  3. How can we trust a messenger in which the administrator himself penetrates your account after an uncomfortable question using our administrator tools?

It is up to you to decide whether to use this messenger after all this.

But, it seems to me, there is something definitely worth doing - try to get an answer from Durov.

If the state provider has access to data on Telegram servers, all of Durov’s words about the security of the messenger are a lie with which he covered up the leak of information right before your eyes.

How do we know that the state does not really have keys for messages that are stored on servers? After what happened, none of us are sure of this.

Comment by admin Habra

As far as I know, the Internet consists of Autonomous Systems (AS) - these are isolated networks that have border equipment at their borders, which includes a mountain of all kinds of expensive hardware, including routers, firewalls and more. Any AS can organize a junction in order to pass traffic from another AS either directly or through so-called traffic exchange points (IXP). If direct joints can be somehow selected and controlled, then the proximity of the IXP is often poorly controlled (some operators pass traffic from the IXP in transit).

Technically, the junction with each neighbor in IXP looks like a direct junction, this can give rise to interesting special effects. For example, AS Habra has two direct connections with providers (upstream) and participates in two IXPs, however, herewe see five feasts (neighbors), although there should be only two entries (upstream). Separately, you must be aware that the traffic goes along the administratively shortest path and how it goes at the moment - you need to look at that very moment. The fact that an AS has peering with a logically closest transit neighbor to another AS does not mean that traffic will go through this transit AS, this can be seen by carefully examining the Beeline RTO scandal . But even if the traffic goes directly, this is external AS traffic. At the same time, one must be prepared for the fact that someone (NSA / China / Russian silovik) potentially has the opportunity to rush about him.

As for Telegram. For starters, TG has four ASs with different numbers. OneNothing is announced, the other three have neighborhoods, two rely on remote IXPs ( one , two ), and one rely on three IXPs, including two Russian Data IX and Global-IX ( link ). No wonder that RT and other Russian telecom are participating in these IXPs. If traffic passing through “enemy networks” is a security problem for TG, then it doesn’t matter whether TG directly relies on them or not.

As a verdict: in general, everything looks quite natural and there is no direct security problem here. We can’t comment on the spy story about deleting correspondence.

Also popular now: