Russia’s Rostec allegedly can de-anonymize Telegram users

Russia's Rostec has reportedly bought a platform that allows it to uncover the identities of anonymous Telegram users, likely to be used to tamp down on unfavorable news out of the country.

Rostekh is a state-owned tech and defense systems corporation that comprises 800 enterprises and 15 companies,

The organization, which has an active role in monitoring the circulation of information within the country, is particularly interested in the identity of Telegram channel administrators who are critical of the Russian state.

This is reported by Russian media the Bell and Medusa, who investigated the matter after a series of arrests of anonymous Telegram channel owners and bloggers in 2022.

The Bell presents several cases that shook trust in Telegram's security, including the arrests of commercial director Ksenia Sobchak Kirill Sukhanov, ex-editor-in-chief of Tatler magazine Arian Romanovsky, and journalist Tamerlan Bigaev, all users of the "Put out the light" Telegram channel.

According to the same reports, Rostec's subsidiary "Avtomatika" (Автоматика) acquired a St. Petersburg IT company named T. Hunter in 2021, which has developed a product that can be used to identify anonymous users on Telegram.

The tool is allegedly called "Okhotnik" (Охотник), which translates to "hunter." It is said to use over 700 data points to make associations and correlations that can lead to unmasking otherwise anonymous Telegram users.

The data points are drawn from social networks, blogs, forums, instant messengers, bulletin boards, cryptocurrency blockchains, darknet, and government services, and concern names, nicknames, email addresses, websites, domains, crypto wallets, encryption keys, phone numbers, geolocation info, IP addresses, and more.

"Hunter" can find any mistake made by the targeted users at any point in the past, so even the slightest and most distant exposure of their true identity can be used to create deanonymization paths.

"The interlocutors of the authors of the investigation on the "breakthrough" market compare "Hunter" with the well-known telegram bot Chimera," reports the Bell.

"Similar programs are available on the Internet and the black market, but they, at best, contain merged databases, where most information is outdated, and its relevance must be checked."

Moreover, unlike these programs, "Hunter" is entirely legal, with the Russian authorities comparing it to Palantir's products or Paterva's Maltego platform.

Rostec is reportedly planning to sell "Hunter" to all departments of the Russian Ministry of Internal Affairs and operational and technical units of the country's federal security service (FSB) within 2023.

An IT expert of the Russian digital protection rights organization Roskomsvoboda, which has been classified as a foreign agent by the country's Ministry of Justice since December 2022, commented that the "Hunter" cannot possibly identify Telegram channel owners by using only data points.

Instead, they believe they are using a zero-day vulnerability in the platform or working with an insider at Telegram to deanonymize users.

BleepingComputer has contacted Telegram for a comment on the above, but we have not received a response yet.

Update 3/27/23 - A Telegram spokesperson has sent BleepingComputer the following comment:

Telegram does not allow any means of identifying the admins of channels through the apps or through the API. Channels were designed with this in mind to facilitate pro-democracy movements in authoritarian countries and protests worldwide.

A common way for channel admins to de-anonymize themselves is by accepting payments  for promotional content which could be traced.

Another way users can invalidate the protections offered by Telegram is by giving access to their channels to third-party bots (e.g. for statistics, or participation in external ad networks) or using third-party Telegram apps whose privacy policies may differ from our own. For this reason, we only recommend using official Telegram apps and official Telegram bots.