How Telegram became a hunting ground for criminals—and cops
Summary
Even murder and terrorist plots are often discussed publicly on the app, giving authorities critical leads.
When federal agent Chris Janczewski was trying to strangle the flow of money to an al Qaeda network in 2020, he first considered infiltrating an invite-only forum or hunting for clues on the dark web.
Then the Internal Revenue Service criminal investigator found the group talking openly about its scheme in a public forum on Telegram—one of the thousands of channels where people discuss illicit activities ranging from peddling child porn to selling stolen identities.
The terror cell had implored its followers in the forum to provide “the Mujahidin in Syria with weapons," and included a bitcoin address for funds. The discovery allowed U.S. authorities to seize money headed to Syrian terror cells and led to overseas arrests.
For years, law-enforcement agencies around the world have complained that Telegram turned a blind eye to illicit behavior. French authorities arrested its founder, Pavel Durov, last month, charging him with complicity in the trafficking of drugs and child sexual-abuse material and failing to comply with legal orders. The company long had a policy of ignoring subpoena requests from law enforcement.
But Janczewski’s case and others illustrate an awkward truth: Even as Telegram presented a haven for criminals, its accessibility has long made it a hunting ground for cops.
In dozens of cases over the past five years, U.S. authorities have prosecuted criminals using their own words posted to Telegram channels, often fully public, a review of U.S. Justice Department cases shows.
Earlier this month, authorities charged two Americans with leading an international neo-Nazi group called Terrorgram that used the app to encourage followers to murder gay people, bomb federal facilities and assassinate U.S. officials. The group incited multiple acts of violence, including the October 2022 murder of two people outside a gay bar in Slovakia, authorities said.
Prosecutors used public Telegram channels in which the two defendants allegedly distributed a hit list of American senators, judges and prosecutors they pushed followers to kill. One has pleaded not guilty; the other hasn’t entered a public plea.
While often associated with encrypted messaging, Telegram is also a social-media platform like Facebook, allowing anyone to create publicly accessible groups around shared interests, with little policing of what they say.
Former federal agents say that even though it harbors criminality of all kinds, Telegram has become an indispensable tool for law enforcement. European law-enforcement officials have also used the platform to infiltrate criminal groups even without Telegram’s cooperation, officials say.
“While there is hardly a social-media app that is not being used by criminals, Telegram is striving to limit the abuse of its platform as much as possible," Telegram Chief Operating Officer Mike Ravdonikas said.
Earlier this month, Durov said in a post that it was false to describe Telegram as “some sort of anarchic paradise," adding that charging him personally was a “misguided approach." Last week, French prosecutors said that since Durov’s arrest, Telegram has become far more cooperative.
Over the past month, the prosecutors and other European officials say the company has started regularly complying with law-enforcement requests seeking user data across the continent, including more than a hundred from France, a reversal from its earlier stance.
A double-edged sword
The open conversations allowed Janczewski to identify a single terrorist wallet address and eventually use it to locate more than 155 online al Qaeda-tied crypto accounts. “It meant I could track their transactions from my house without having to go to war-torn Syria," said Janczewski, now head of investigations at TRM Labs, which investigates crypto-related fraud.
Despite the obvious risk, drug traffickers, terror cells and swindlers all like the openness of Telegram’s public channels and its one billion users because it allows them to broaden their reach, former federal agents say.
Before Telegram’s creation in 2013, criminals tended to use highly siloed darknet forums, inaccessible to regular users. Authorities could take down such criminal hubs through court orders but couldn’t easily track their users as they moved elsewhere online because the forums are so isolated, investigators said.
By contrast, Telegram users often use single identities across dozens of forums, providing investigators a road map, said Seth Goertz, a former federal prosecutor, who investigated cybercrimes and online drug sales.
Still, the platform is more useful for criminals than investigators, from helping Mexican cartels recruit paid killers to giving Chinese money-laundering operations a platform to find clients, said Evan Kohlmann, an antiterrorism consultant who has worked for the Federal Bureau of Investigation and has testified as a witness in dozens of cases involving Telegram. What authorities do catch on Telegram “is a small drop in the bucket," he said.
A complicated relationship
Telegram and its founder Durov have long had a complicated relationship with Western governments. In 2018, France hacked Durov’s phone; one year later, the CEO was invited to lunch with French President Emmanuel Macron and offered the possibility of citizenship.
In a 2023 report on child-exploitation crimes, the Justice Department called out Telegram by name as facilitating the exchange of child rape videos.
But Durov’s libertarian attitude also held an appeal to the U.S. government. In 2011, the Russian tech executive publicly clashed with the Kremlin over demands to turn over user data for his previous company, VKontakte. The site had become a tool for Russian President Vladimir Putin’s critics to organize to rally mass protests to challenge his rule, and the Kremlin began pressuring Durov to sell VKontakte to a Putin confidant, Igor Sechin.
Durov resisted that sale, too. The U.S. Embassy was ambivalent about VKontakte because the site did little to regulate what the U.S. regarded as criminal activities nor did it pay heed to intellectual-property rights, said one former U.S. official who worked in Moscow. But when the Kremlin began to threaten his business, the embassy reached out to him to help facilitate his departure from Russia.
The official said Durov was already working on a new messaging app that would later morph into Telegram. Durov described it as a platform with servers spread around the world that would be essential for anyone evading government surveillance.
The State Department declined to comment.
For now, Durov appears ready to taper his laissez-faire attitude toward policing his platform. Last week, he announced on his channel that Telegram’s terms of service had changed to put users on notice that “the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests."
