The Dark Web Responds | DarkOwl

August 29, 2024

Telegram CEO Pavel Durov was arrested by French police as he landed at a French airport in northern Paris on August 25, 2024, first reported by the BBC. Reports indicated that he was arrested in connection with the messaging app, though it was initially unclear what the exact offense was. Early reports said it was due to a “lack of moderation (and) a failure to take measures to curb criminal use of Telegram.”

Figure 1: Pavel Durov; Source: BBC

Durov is a 39-year-old Russian citizen who also holds citizenship in France, the UAE and St Kitts. He founded the messaging app Telegram in 2013, after previously founding and creating the popular Russian social media app VK. Telegram has 950 million registered users worldwide.

Telegram has long been criticized by law enforcement and security analysts for hosting extremist content, CSAM material, and other illegal content. It is notoriously uncooperative with law enforcement, and has only been known to take action against ISIS-affiliated channels in response to the 2015 terrorist attacks in France – only after pressure – Durov had previously stated: “ISIS would just find another app if they got kicked off theirs, I don’t think we should feel guilty about that.”

However, further reports revealed that measures were being taken to remove Indonesian terrorist groups from the platform. However, this was in response to Indonesian authorities restricting access to the app and threatening a total ban.

Figure 2: Chat about Telegram history; Source: DarkOwl Vision

Telegram is home to channels that sell illegal goods, spread extremist rhetoric and commit financial fraud.

Figure 3-6: Examples of illegal channels on Telegram; Source: DarkOwl Vision

More recently, the messaging app has been pivotal in both the wars in Russia and Ukraine and the conflict between Hamas and Israel, with the app being used to spread propaganda, as a news source, and as a hotspot for hacktivists and cyberattacks. Many allege that the app has been weaponized to share violent images, disinformation, and false narratives.

After his arrest at Le Bourget airport, flying from Azerbaijan, Durov was held for four days before appearing in court on August 28. There are few reports/conspiracy theories circulating that Durov flew to France only at the invitation of President Macron.

Durov was released from court and officially placed “under formal investigation as part of an investigation into organized crime via the messaging app.” Durov was ordered to pay 5 million euros to the French government, is not allowed to leave French territory and must report to the police station twice a week until the investigation is completed.

Durov’s arrest has been widely criticized by Elon Musk, Edward Snowden and the Russian Foreign Ministry as an attack on human rights and freedom of expression. Snowden called it “an attack on the fundamental human rights of expression and association.”

It seems unprecedented that law enforcement would take action against the owner/founder of a social media platform and hold them accountable for what others post on the site.

Yesterday (August 28), it was reported that Telegram has repeatedly ignored outreach from the National Center for Missing and Exploited Children (NCMEC) and the Internet Watch Foundation (IWF). These organizations work to stop the spread of CSAM (Child Sexual Abuse Material). Without aligning with these groups, they cannot proactively identify and remove previously identified CSAM material.

Other social media platforms such as SnapChat, Facebook, Instagram, Threads, TikTok, Pornhub, and OnlyFans are all members of these organizations.

Still, there is no legal requirement for organizations outside the US to join NCMEC, although one could certainly argue for a moral obligation. Telegram, along with Durov, is based in Dubai.

Telegram continues to claim that it proactively moderates harmful content on the platform, including child abuse material. The company insists that its moderation “falls within industry standards and is continually improving.”

However, it appears that Telegram’s continued reluctance to cooperate with law enforcement or other regulators to reduce the amount of illegal material on the site is the reason for the arrest.

DarkOwl analysts have found a copy of Durov’s official arrest report. Below are the charges against him explained.

• Complicity – Operating an online platform to facilitate an illegal transaction in an organized manner,

• Refusal to provide, upon request of the competent authorities, information or documents necessary for carrying out and exploiting interceptions authorised by law,

• Complicity – Keeping the image of a minor of a child pornographic nature,

• Complicity – Distributing, offering or making available on an organised tape images of a minor of a pornographic nature,

• Aiding and abetting – Acquiring, transporting, possessing, offering or disposing of narcotic drugs,

• Aiding and abetting – Offering, transferring or making available without legitimate reason any equipment, device, program or data designed or adapted for attacking and gaining access to the operation of an automated data processing system,

• Complicity – Organized gang fraud,

• Association of criminals with a view to committing a crime or an offence punishable by a prison sentence of at least 5 years,

• Money laundering of crimes or offences in organised gangs,

• Providing cryptology services to ensure confidentiality functions without a declaration of conformity,

• Providing a cryptological means that does not exclusively ensure authentication or integrity control functions without prior declaration,

• Importing a cryptology means that it does not perform solely authentication or integrity checking functions without prior declaration.

Images 7-10: Screenshots taken by DarkOwl analysts of Durov’s arrest history

The indictments clearly hold Durov responsible for providing the means for criminals to communicate and operate on his platform, for the encryption the site provides, and for his lack of cooperation with law enforcement.

Darknet Reactions

The reaction on Telegram to the arrest has been swift. Most of the posts that have been identified question why the arrest was made and likely allege conspiracy theories about who was involved and what ties Telegram has.

DarkOwl identified over 1,300 mentions of Durov’s arrest. The majority of Telegram channels that reacted negatively to the arrest appeared to be primarily right-wing political extremist channels. Some of the names of channels that expressed outrage over Durov’s arrest:

Figure 11: Vision results for mention of Durov’s arrest; DarkOwl Vision

A user on another far-right political channel shared a link to an article in Russia Today that focused on Elon Musk’s response to Durov’s arrest and the resulting rise in popularity of the hashtag #FreePavel:

Figure 12: Users share Elon Musk’s reaction to his arrest; Source: DarkOwl Vision

Other channels have discussed the theory that Telegram will be removed from the Apple App Store and from individuals’ devices as a result of the arrest. The post gave users instructions on how to prevent this.

Figure 13: Massachusetts Unified Telegram Channel

There was further discussion about why Telegram had been targeted for its use of encryption techniques, while other messaging apps were using the same techniques.

Figure 14: Source: DarkOwl Vision

Others noted that Durov had not been arrested but kidnapped and that Telegram would be silenced.

Figure 15: Source: DarkOwl Vision

Other posts have suggested that Telegram has ties to the Deep State, which is run by the CIA. They asked whether Elon Musk would be the next target and whether the Biden administration was involved in the arrest.

Figure 16: Source: DarkOwl Vision

Not surprisingly, given the nature of our collection activities, which focus on illegal activity, extremists, and fraud, we did not find many messages in our data supporting the arrest.

Conclusion

Durov’s arrest has sparked a debate among many about freedom of speech, the accountability of social media CEOs, and their perceived requirement to cooperate with law enforcement requests and remove harmful or illegal material. This debate is likely to continue as the investigation into Durov continues.

Many users on Telegram and other dark web sites have expressed support for Durov, though most of the rhetoric appears to be state-oriented with little evidence provided to support the positions.

Whatever the outcome of the investigation, it will have implications for privacy, security, social media, and the individuals responsible. It is not yet clear what impact the arrest will have on Telegram’s future operations. It is unlikely that a platform this large with this many users can be taken down, but it remains to be seen whether they will change their stance to help law enforcement and other organizations tackle illegal activities. It is likely that no more Telegram employees will be traveling to Europe anytime soon!

Stay up to date with DarkOwl. Follow us on LinkedIn.