Since March 2019, residents of Hong Kong have been protesting the controversial Fugitive Offenders and Mutual Legal Assistance in Criminal Matters Legislation (Amendment) Bill 2019. Scores of residents have taken to the streets and, of late, the city’s airport, to press their demands. The regular movement of nearly 2 million people requires massive and secret coordination– and, in this case, it has been through Telegram, a Dubai-based, six-year-old encrypted messaging service. The government in Beijing finally caught on, and on June 12, the Telegram messaging service was disrupted through a cyber attack, allegedly by China-backed entities.
Telegram’s services were affected for an hour. The service reported that a DDoS — Distributed Denial of Service – attack crippled its servers and hampered application performance; its servers reported massive web traffic of 200-400Gb/s of junk data flow. The Hong Kong protesters’ accusations against the Chinese government-backed entities for the disruption were further fuelled by Pavel Durov, the founder of Telegram, who tweeted on June 13 that most of the IP addresses of the attack had originated from China.
This was not the first time that Telegram had seen such a disruption. Prior to Hong Kong, it was successfully used in Iran during the anti-government protests in 2017-18. The app’s support for Farsi made its adoption go viral. And in 2015, during China’s crackdown on human rights lawyers, popularly known as the ‘709 crackdown’, Telegram’s Asia Pacific server cluster was attacked – again with DDoS. At the time, Telegram suggested that the attack was coordinated from East Asia.
That China-backed actors disrupted Telegram services is impossible to confirm. Governments have used cyber attacks against each other in the past. But what was new this time was the deployment of offensive capabilities against a technology company.
Telegram is the creation of Russian brothers, Pavel and Nikolai Durov. Prior to it, Pavel had founded Vkontakte (VK), a popular Russian social networking site. Telegram was initially developed in St. Petersburg by Russian engineers, but the country’s restrictions on such services necessitated the team to move operations to Dubai.
The main goal of Telegram is privacy, not profit. Telegram is self-funded by Pavel through profits earned from his previous venture, VK. Although Telegram, with 200 million users, has a long way to go to catch up with market leader WhatsApp, which has 1.5 billion users, it is growing rapidly, with 350,000 new registrations every day.
Its popularity arises from its distinctive privacy and security features. Key among them are the following:
- Encryption: Unlike most of the popular instant messaging apps, such as WhatsApp and Facebook Messenger, which offer end-to-end encryption through the open-source Signal encryption protocol, Telegram is perceived to be superior because it uses MTProto, a custom-built encryption protocol, which ensures the highest level of security and offers users protection from surveillance.
- Group limit: A Telegram ‘group’ can have up to 200,000 members. This allows for mass distribution of targeted messages. This is the highest limit offered by a popular messaging app. WeChat comes in a distant second with a limit of 500. WhatsApp, the most widely used messaging app, limits group chats to 256 users.
- Additional security measures: A timer-based self-destruct feature for messages provides an effective option to remove the communications trail. A user name instead of phone number can be displayed to the recipient of a message. All backups are stored on Telegram cloud and not on third party servers.
A comparison of Telegram with other messaging applications shows its strengths:
Table 1: Comparison of messaging apps
|Messaging Application||Launch Date||User Base||Encryption||Backups||Self-destructing messaging|
|2009||1.5 billion||End to end and client server ||3rd party servers||No|
|Telegram||2013||200 million||End to end and client server||Telegram servers||Yes|
|Facebook Messenger||2011||1.3 billion||End to end and client server||3rd party servers||No|
|2011||1 billion||Client Server||3rd party servers||No|
|Signal||2014||~1 million||End to end and client server||3rd party servers||No|
|Snapchat||2012||291 million||End to end and client server||3rd party servers||Yes|
|iMessage||2011||1.4 billion||End to end and client server||iCloud||No|
Source: Gateway House research
To stress-test its software, Telegram has made its source code available online for security experts to find loopholes. The company has even offered prize money of $300,000 to anyone who can decipher its encrypted messages. So far, nobody has broken the encryption.
While Telegram is the preferred mode of communication for protesters and political activists, it is also used by terrorist groups, making it the bane of governments. Since its rise in 2014, the Islamic State has frequently used Telegram for propaganda and for coordinating attacks. Many of the lone wolf terrorist attacks in Europe between 2014-16 have revealed the use of Telegram by terrorists. For instance, those behind the Paris attack of November 2015 used Telegram for planning and coordination.
Governments are now taking some action against the company. Telegram has been banned in Russia and Iran after it refused both to cooperate when local authorities sought backdoor access to its services and to share encryption keys with the state authorities. Russia passed a law, known as the Yarovaya law, in 2018, requiring telecom operators and messaging services to store and divulge data to the Federal Security Service (FSB) on request. The FSB sent Pavel Durov a notification to this effect. Similarly, the judiciary in Iran has banned Telegram since May 2018  after the company refused to provide the Iranian ministry of information and communication censorship tools to control anti-government content on the platform.
Telegram has not taken any action against the use of its service by political activists and protesters, but it has moved to neutralise its use by terrorist groups. It operates a channel called ISIS Watch ’ to prevent bots and channels, affiliated to the Islamic State, from spreading extremist propaganda. Since the beginning of this year, Telegram has banned close to 60,000 terrorist channels. It has agreed to share with the relevant authorities the IP address and phone number of a terror suspect if a judicial order from the court is presented.
Telegram is not alone in its battle for digital resistance against government sanctions. In the past, Apple too has refused to compromise privacy and data security. But Apple is a giant – in comparison. Although its privacy features are Telegram’s unique selling points, it does not have a concrete monetisation strategy to survive against tech behemoths, like WhatsApp and WeChat, which have deep pockets and over a billion users each. The newbie runs the risk of burning through its cash, its only major source of funding being its founders. The company says it will introduce paid services for certain non-essential features when the financial need arises.
Even so, Telegram is a phenomenon. It celebrated its sixth anniversary on August 14 – a sign that it’s up to any challenge that comes its way.
This article was exclusively written for Gateway House: Indian Council on Global Relations. You can read more exclusive content here.
For interview requests with the author, or for permission to republish, please contact firstname.lastname@example.org
© Copyright 2019 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorized copying or reproduction is strictly prohibited.
 Telegram Messenger, Twitter, <https://twitter.com/telegram/status/1138768124914929664?lang=en
 Durov, Pavel, Twitter, 13 June 2019, <https://twitter.com/durov/status/1138942773430804480>
 Telegram Messenger, Twitter,<https://twitter.com/telegram/status/1138768124914929664?lang=en>
Telegram Messenger, Twitter, <https://twitter.com/telegram/status/1138781915560009735>
 A typical DDoS attack targets network traffic to prevent a user connected to the internet from using an application
 Durov, Pavel, Twitter, 13 June 2019,<https://twitter.com/durov/status/1138942773430804480>
 Gan, Nectar, ‘Human rights lawyer swept up in ‘709 crackdown’ to face court in Tianjin for subversion’, South China Morning Post, 16 February 2017,<https://www.scmp.com/news/china/policies-politics/article/2071188/709-lawyer-face-court-tianjin-subversion>
 Client server encryption: Data is encrypted prior to being transmitted from a user to a server. The encrypted data can be stored on the server.
End to end encryption: Data is encrypted prior to being transmitted to another user and can be decrypted only by the end user.
 Clifford, Bennett, ‘Encrypted Extremism’, George Washington University, June 2019, <https://extremism.gwu.edu/sites/g/files/zaxdzs2191/f/EncryptedExtremism.pdf>
 ‘Brief History of Telegram and Terrorism’, CounterExtremism, <https://www.counterextremism.com/terrorists-on-telegram>
 Notification, Federal Security Service of Russian Federation, <https://agora.legal/fs/a_delo2doc/55_file_Telegram_FSB_140917.pdf>
 Durov, Pavel, Twitter, 21 October 2015, <https://twitter.com/durov/status/656551981226528768>
 Clifford, Bennett, 2019
 Holpuch, Amanda, ‘Tim Cook says Apple’s refusal to unlock iPhone for FBI is a ‘civil liberties’ issue’, The Guardian, 22 February 2016, <https://www.theguardian.com/technology/2016/feb/22/tim-cook-apple-refusal-unlock-iphone-fbi-civil-liberties>
 Telegram FAQ, <https://telegram.org/faq#q-how-are-you-going-to-make-money-out-of-this>