How Telegram Merges You Rostelecom
Hi, Habr. Once we were sitting, doing our very productive things, as EXTREMELY, it turns out that for some unknown reason, at least the remarkable Rostelecom and the equally excellent STC FIORD are connected to the Telegram infrastructure as a feast.
List of Telegram Messenger LLP peers, you can see for yourself
How did that happen? We decided to ask Pavel Durov, through his Telegram account.
What came of it? Not what we expected from one of the creators of the “safest messenger”.
On June 12, 2019, we decided to write to Pavel Durov on his Telegram account tied to a number, the legitimacy of which is proved without any problems at once in several ways. Here we describe the most elegant - the number that is tied to it is tied to id1 on the social network VKontakte. The mailbox on this account, by the way, is located on the telegram.org domain. I think no doubt remains.
')
Restore the page, and see that the number is tied to id1
Go ahead. Here you can see a more interesting fact - mail on the telegram.org domain. Doubt that the number is real, does not remain
The number itself: +44 7408 **** 00 (stars put moderator)
We wrote for a specific purpose:
Find out how it happened that these Russian offices are the feasts of Telegram, and also to see if this is not harming the security of the infrastructure of the messenger. An understandable and adequate question that could easily be answered if there were not something to hide. True?
After reading Durov’s message (to be honest, we thought that he was simply ignoring us, but it wasn’t so rosy), something we didn’t even expect.
He began to open the account of the person that he wrote, deleting messages from Telegram with confirmation codes in a second.
Later it turned out that the correspondence on this account was miraculously deleted.
The most interesting thing is that one of the access messages has been preserved, and I give you, without a twinge of conscience:
And now a few questions:
You decide whether to use this messenger after all this.
But, it seems to me, there is something that is definitely worth doing - try to get an answer from Durov.
If the state provider has access to the data on the Telegram servers, all of Durov’s words about the security of the messenger is a lie, with which he covered the information leak right before your eyes.
How do we know that the state really does not have keys for messages that are stored on servers? After what happened, none of us are sure of that.
List of Telegram Messenger LLP peers, you can see for yourself
How did that happen? We decided to ask Pavel Durov, through his Telegram account.
What came of it? Not what we expected from one of the creators of the “safest messenger”.
On June 12, 2019, we decided to write to Pavel Durov on his Telegram account tied to a number, the legitimacy of which is proved without any problems at once in several ways. Here we describe the most elegant - the number that is tied to it is tied to id1 on the social network VKontakte. The mailbox on this account, by the way, is located on the telegram.org domain. I think no doubt remains.
')
Restore the page, and see that the number is tied to id1
Go ahead. Here you can see a more interesting fact - mail on the telegram.org domain. Doubt that the number is real, does not remain
The number itself: +44 7408 **** 00 (stars put moderator)
We wrote for a specific purpose:
Find out how it happened that these Russian offices are the feasts of Telegram, and also to see if this is not harming the security of the infrastructure of the messenger. An understandable and adequate question that could easily be answered if there were not something to hide. True?
Screenshot of the message in correspondence with Durov
After reading Durov’s message (to be honest, we thought that he was simply ignoring us, but it wasn’t so rosy), something we didn’t even expect.
He began to open the account of the person that he wrote, deleting messages from Telegram with confirmation codes in a second.
Later it turned out that the correspondence on this account was miraculously deleted.
The most interesting thing is that one of the access messages has been preserved, and I give you, without a twinge of conscience:
You have successfully logged in on desk.telegram.space via +42777. Received your name, username and profile picture.
Browser: Chrome on Windows
IP: 149.154.167.78 (Netherlands)
You can press 'Disconnect' to disconnect desk.telegram.space
Whois 149.154.167.0
A few words about telegram.space
I note that “telegram.space”, as far as I know, did not glow in public. If you log in, you will realize that this is a mirror of the main Telegram site that shines on a different IP.
And now a few questions:
- Why is the state provider Rostelecom directly connected to the Telegram infrastructure?
- Why did Pavel Durov start this circus after reading the message, if he really has nothing to hide?
- How can we trust the messenger, in which the administrator himself enters your account after an uncomfortable question, using our admin tools?
You decide whether to use this messenger after all this.
But, it seems to me, there is something that is definitely worth doing - try to get an answer from Durov.
If the state provider has access to the data on the Telegram servers, all of Durov’s words about the security of the messenger is a lie, with which he covered the information leak right before your eyes.
How do we know that the state really does not have keys for messages that are stored on servers? After what happened, none of us are sure of that.
Comment from admin Habra
As far as we know, the Internet consists of Autonomous Systems (AS) - these are isolated networks that have border equipment on their borders, which includes a mountain of all expensive iron, including routers, firewalls, and so on. Any AS can organize a joint to pass traffic from another AS, either directly or through so-called traffic exchange points (IXP). If straight joints can be somehow selected and controlled, then the IXP neighborhood is often poorly controlled (some operators transit traffic from IXP).
Technically, a joint with each neighbor in the IXP looks like a straight joint, this can generate interesting special effects. For example, AS Habra has two direct connections with providers (upstream) and participates in two IXPs, however, here we see five peers (neighbors), although there should be only two entries (upstream). Separately, we must realize that the traffic goes along the administratively shortest path and how it goes at the moment - we must look at that very moment. The fact that AS has peering with a logically closest transit neighbor to another AS does not mean that the traffic will go through this transit AS, you can be sure of this by carefully studying the IWG scandal with Beeline . But even if the traffic goes directly, it is external AS traffic. In this case, you must be prepared for the fact that someone (NSA / China / russian silovik) has the potential to rummage in it.
As for Telegram. For starters, the TG has four ASs registered with different numbers. One does not announce anything, the other three have neighborhoods, two are drinking at remote IXPs ( one , two ), and one is praying at three IXPs, including two Russian Data IX and Global-IX ( link ). It is not surprising that RT and other Russian telecom are also involved in these IXPs. If passing traffic through “enemy networks” is a security problem for a TG, then it doesn’t matter if the TG communicates with them directly or not.
As a verdict: in general, everything looks quite natural and there is no direct security problem here. We can not comment on the spy story about the removal of correspondence.
Source: https://habr.com/ru/post/456908/
All Articles