The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
In recent days, following the arrest of CEO and founder Pavel Durov, attention has turned to the darker parts of his Telegram platform. For years, Telegram has been home to some of the worst content imaginable. Just this week, the Justice Department charged army soldier Seth Herrera with possession and transmission of child sexual abuse material (CSAM) and for using unspecified AI tools to generate images of children. According to the criminal complaint filed against Herrera, he “created his own public Telegram group to store his CSAM and sent himself video files that include screaming children being raped.”
Law enforcement is now finding examples of Telegram groups where AI-generated CSAM is being shared on the platform, investigators told Forbes. One current federal child exploitation investigator, who was not authorized to talk on the record, said that there are “entire chatrooms dedicated to ‘nudify’ or ‘fakes’ where someone posts the non-exploitive image of the child so someone else in the group can ‘nudify’ it.” As Forbes previously reported, such Telegram “nudifier” bots are rampant on the app, and have been found marketed on YouTube before the site took them down.
Jim Cole, a recently-retired DHS Homeland Security Investigators (HSI) child exploitation investigator, said platforms like Telegram had long “prioritized their bottom line over the safety of their most vulnerable users,” adding that Durov’s arrest was significant. “It sends a strong message that this kind of negligence won’t be tolerated,” he told Forbes. “I bet it’s making others in the tech world a little nervous.”
CSAM is present on almost every other major internet platform, from Facebook to Instagram to X. The difference with Telegram, however, is that it has been accused of failing to respond to law enforcement requests for user data, or to effectively and proactively police its platform for such content. Unlike Meta, TikTok and many of the biggest social sites, Telegram has not tipped off the National Center for Missing and Exploited Children when moderators find CSAM. Even Mega, an encrypted storage service once run by the infamously anti-authoritarian Kim Dotcom, regularly supports law enforcement investigations by providing data and tips.
In one search warrant from last year, DHS’ HSI unit put it succinctly: “In HSI’s experience, Telegram does not respond to process issued by U.S. law enforcement.” And on Telegram’s website, it states, “To this day, we have disclosed 0 bytes of user data to third parties, including governments.”
Telegram does occasionally respond, however, to calls for help, according to that same HSI warrant. “Although it generally does not cooperate with law enforcement, Telegram provides an ‘abuse’ email address. In the experience of HSI, it will sometimes terminate groups dedicated to child pornography once those groups are reported to Telegram.”
Telegram spokesperson Remi Vaughn said that the app “actively moderates harmful content on its platform including child abuse materials. Moderators use a combination of proactive monitoring of public parts of the platform, AI tools and user reports to remove content that breaches Telegram’s terms of service.” According to its own data, this August alone Telegram has removed more than 45,000 groups and channels related to child abuse.
Was Telegram’s response to law enforcement demands, or lack thereof, reason enough to accuse Durov of any crime? As it stands, no. He is yet to be charged, but is facing questions over possible complicity in a number of serious crimes, including complicity in the “organized distribution, offering or making available of pornographic images of minors.”
The arrest has, however, exposed a divide in the technology world. While the likes of Elon Musk and more libertarian-minded folks have rushed to support Durov, saying he is simply the creator of a software platform and not a criminal dealing CSAM or drugs, others in the civil liberties space are taking a more cautious approach, waiting to see what charges, if any, come out of France. He has “lost some natural allies” in the community by attacking Signal, an app that is, unlike Telegram, end-to-end encrypted, says John Scott-Railton, a digital rights activist and researcher with the University of Toronto’s Citizen Lab project. And unlike Signal, because it holds the keys to user data, it could do far more moderation, Scott-Railton adds. With nearly a billion users, it certainly has a lot of data it could riffle through and, according to Telegram’s detractors, much of it could be useful to criminal investigations.
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
Meta Takes Down Iranian Spy Ops Over WhatsApp
The tech giant says it blocked a “small cluster” of WhatsApp accounts posing as support agents for tech companies, which it had tied to an Iranian threat actor known as APT42. The crew is known for targeting foreign politicians, “including some associated with the administrations of President Biden and former President Trump,” Meta said. The news comes soon after Trump’s campaign was allegedly hacked by Iran.
Stories You Have To Read Today
A prolific Chinese state-sponsored hacking crew known as Volt Typhoon has exploited a bug in software made by Versa Networks to hack into four unnamed internet companies in the U.S., cybersecurity researchers said on Tuesday.
Google has now patched its tenth Chrome browser zero-day vulnerability exploited in the wild this year. The latest flaw allowed hackers to run code on a targeted PC via a malicious web page.
Winner of the Week
404 Media is celebrating its first birthday. The burgeoning independent news site has made waves in just 12 months: its articles triggered a lawsuit against Nvidia for scraping YouTube and getting Google to cut off a phone tracking company called Patternz from its ads ecosystem. Importantly, it’s also shown how such independent media can thrive with solid, honest journalism. Here’s to many more successful years.
Loser of the Week
The U.S. government has joined a suit alleging Georgia Tech didn’t meet cybersecurity requirements in connection with its Pentagon contracts. Amongst the more startling claims: a Georgia Tech lab “failed to install, update or run anti-virus or anti-malware tools on desktops, laptops, servers and networks at the lab.”
More On Forbes
Read the full article here