New Delhi: Telegram, the popular messaging application, is facing mounting scrutiny in India as it emerges as a hub for a wide array of criminal activities. From the distribution of leaked exam papers and child pornography to stock price manipulation and extortion, the platform has become a preferred vector for illicit operations, drawing comparisons to the dark web, according to cyber experts, law enforcement officers and former government officials.
The spotlight on Telegram intensified after its chief executive, Pavel Durov, was detained in France on Saturday over allegations of inadequate efforts to combat crime on the app, including the spread of child sexual abuse material. This incident has brought global attention to the unique challenges Telegram poses for law enforcement and digital content moderation.
The Paris prosecutor said in a statement on Monday that probe into Durov concerns crimes related to illicit transactions, child pornography, fraud and the refusal to communicate information to authorities.
The company, in reiterating a position it has held previously, said on Monday: “It is absurd to claim that a platform or its owner are responsible for abuse of that platform”.
Durov, then living in Russia, launched the platform in 2013 with his brother Nikolai. Telegram now claims to have 950 million users — up from 550 million in 2022.
Recent incidents underscore the platform’s misuse across various sectors.
On July 24, the Securities and Exchange Board of India (Sebi) disclosed a stock-price rigging racket operating via Telegram. The owner of a Telegram group was indicted for receiving ₹20 lakh in commission from individuals connected to a listed steel sheet manufacturing firm.
On May 3, two men from Bhopal were arrested for duping a local doctor of ₹38 lakh. They used Telegram to impersonate police officers and conduct a fake “interrogation”.
On June 19, 2023, the UGC-NET exam, with approximately 900,000 applicants, was cancelled a day after it was held due to a question paper leak on Telegram. Union education minister Dharmendra Pradhan addressed the issue, stating, “We tallied the questions with the original UGC-NET questions and they matched… All these activities took place on Telegram these days. It is a challenge to track the complex nature of Telegram without a high level investigation.”
And on May 3, 2023, many NEET-UG applicants reportedly received copies of the medical entrance exam questions a day before the exam, according to complaints in what turned into one of the biggest exam controversies in the country, prompting protests, triggering a federal investigation, and eventually requiring the Supreme Court’s intervention.
Law enforcement challenges
A senior police officer from the Delhi Police cybercrime unit spoke of the extent of criminal activities flourishing on Telegram. “One of the most rampant scams on Telegram is investment fraud in which a user is added to a group and is suggested to invest their money in stocks on a fake application which mirrors a legitimate stock trading app,” the officer explained. “This scam is where most people are losing their money on Telegram.”
The officer further elaborated on other illicit activities: “Other illegitimate activities on Telegram include being able to buy fake sim cards and share your bank account details with cyber fraudsters operating from abroad. Those who provide account details get a commission from the fraudsters.”
The anonymity features of Telegram create significant hurdles for investigations, the officer pointed out: “One can hide their number and only show the username. This does not happen in WhatsApp. It’s difficult for us to identify someone on Telegram because of this anonymity.”
Cooperation from Telegram in investigations has been lacklustre, according to law enforcement sources. The Delhi Police officer said, “Whenever we reach out to them, they respond with the last login’s IP address which is often of little help.”
Two government officials, who asked not to be named, said Telegram cooperates with Indian agencies in only about 20% of cases, making data retrieval a challenging task.
Rakesh Maheshwari, who headed the ministry of electronics and technology’s cyber laws division until March 2023, shed light on Telegram’s historical reluctance to comply with regulatory requirements. “Telegram was, on occasions, reluctant to cooperate though it did appoint an India-based grievance officer, chief compliance officer and nodal contact person, and opened an office in India [Gurugram], following the notification of IT Rules 2021. They would generally comply with Section 69A blocking orders but in few other cases, where the Ministry would forward the grievances as received, they were unwilling to comply even if the content appeared to be potentially illegal and harmful, or led to such URLs,” he said.
He identified two key areas where Telegram was particularly lacking in enforcement: obscenity and copyright. “To my knowledge, the platform was being misused by some accounts for promoting obscenity and to violate copyright. Lack of proactive content moderation had per se been lacking,” he explained.
Transparency has also been a significant issue. Despite the requirement under IT Rules 2021, Telegram does not officially publish a monthly transparency report. Attempts to obtain transparency reports for India from Telegram’s @transparency bot were met with the response, “No transparency report is available for your region.”
In October 2023, the Indian IT ministry had issued a notice to social media platforms, including Telegram, X (formerly Twitter)), and YouTube, to remove CSAM from their platforms in India, and called for implementation of proactive measures to take down CSAM.
At the time, a spokesperson for Telegram, Remi Vaughn, in response to HT’s questions had said that child abuse materials are “explicitly forbidden” by the platform’s terms of service and that the platform’s moderators actively “patrol public parts” of the platform to remove violative content.
“Telegram’s moderators actively patrol public parts of the platform and accept user reports in order to remove content that breaches our terms. In the case of child abuse content, we publish daily reports about our efforts here: t.me/stopca,” the spokesperson had then said. According to the Telegram channel Vaughn had cited, 1,650 groups and channels related to child abuse were banned on August 25, bringing the total for August 2024 to 43,315.
Despite the requirement under IT Rules 2021, Telegram does not officially publish a monthly transparency report, making the t.me/stopca channel one of the very few ways in which such information can be determined.
Even within the government, according to conversations HT has had with at least three officials, there is a misconception that Telegram is E2EE by default and is thus unable to moderate content. But cryptographic experts have always questioned Telegram’s claims of being end-to-end encrypted. “I would not pass its E2EE algorithm in a security audit. It is not a question of whether it is secure, it is whether I will put my name to it? There are too many non-standard elements to it. Indicators suggest that it is secure-ish,” Debayan Gupta, assistant professor of computer science at Ashoke University, said.
To be sure, Telegram only claims that its “Secret Chats”, that is specifically enabled conversations between two individuals, are E2EE. For everything else — default one-to-one chats, group messages, channels, statuses —, the platform only claims “client-server” encryption which means that on the server side, that is, Telegram’s side, it has access to the content, much like Facebook, Instagram and Twitter (X) have access to all direct messages on their platforms.
“As far as we can tell, their servers are not encrypted,” Gupta said.
The problem, Gupta said, is that Telegram promotes itself like WhatsApp even as a huge case on the former is broadcast Channels, which were recently introduced by WhatsApp as well. On both platforms, Channels are not E2EE but on Telegram, they account for bulk of the communications unlike WhatsApp. “[Here] one individual does all the posting and everyone else just listens, making it much more similar to Twitter.,” Gupta said.
Telegram, unlike WhatsApp, cannot claim that it cannot moderate content when it has access to it on its servers, Gupta said.
“If there are broadcast channels where there is CSAM and that content is residing on my server in cleartext or in any accessible format, I have some responsibility. It depends on the history of the platform — were they told that this is a problem and they still did not act despite being able to act? In this case, WhatsApp is a little more protected because everything is E2EE,” he said.
‘Tailored for cybercriminals’
Anand Venkatanarayanan, co-founder and CTO of DeepStrat, offered a scathing assessment of the platform. “Telegram is social media for cyber criminals masquerading as messaging platform with absolutely no content moderation,” he said, drawing a parallel to the infamous Silk Road dark web marketplace. “It is largely a centralised chat service with absolutely no content moderation that has made design choices that were tailormade for cybercirminals.”
Venkatanarayanan highlighted Telegram’s role in mechanising crime through its bot functionality and API access. “For instance, a bot can be used to get specific person identifying information from a breached database,” he explained. For instance, in 2023 two men created a Telegram bot that revealed personal details of Covid-19 vaccine recipients in India, underscoring the platform’s potential for privacy breaches.
The expert also pointed out Telegram’s significance in the cybersecurity landscape. “Its importance to cybercriminals is evidenced by the fact that most cybersecurity companies around the world trawl through Telegram to generate threat intelligence,” Venkatanarayanan noted.
(Source: HINDUSTANTIMES)