0

Here's the article from the Belarusian website http://dev.by, it is an interview with a former member of dictator Lukashenko band (so-called Chief Organized Crime and Corruption Fighting Directorate). And he told how they used to detect Telegram administrators:

For example, someone dropped a picture into the chat, it has a certain weight in bytes. It is checked who at this particular time in the country transmitted a message with such a number of bytes to the telegram server, up to a second. So they find it.

To me, it sounds like a joke. All Telegram traffic should be encrypted, I doubt it is possible to get the exact size of the message body in bytes. Also, even if is possible, which information can be retrieved using that approach? Or the point is in sniffing the traffic in general and detecting users by IP?

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
Gino Pane
  • 101
  • 1
  • They can't get the exact size, they can see the size of the encrypted data. Which is just about the exact size, because they don't add a bunch of extra data when they encrypt it. – user253751 Mar 25 '21 at 17:53

1 Answers1

1

Telegram is not a peer-to-peer network like Tor, but has central servers. Indeed, if you have full control over the network you can do all sorts of evil.

Once you get a list of known Telegram servers, you can monitor them and get a detailed record of who connected to the network at what time. You have both source and destination IPs.

Now, I assume the following may happen:

  • A phone is seized from an activits, giving the cops access to the subject's Telegram groups

Cops already gathered a timestamp archive of connections, now they have access to the contents of the chat. If they find content of interest, they may compare the timestamp of the picture, and the approximate byte size to the connections made that time. Eventually, they will get a short-list of people to investigate

  • Cops enter the chats

Pure and simple social engineering. Like Europol often does to hunt down child abusers in encrypted chats. Once they are in, they can get live information about who may be posting on certain chats.

The points is that this approach does not directly identifies an individual, but provides authorities a list of suspects short enough to proceed with more human ("classic" police) approaches

usr-local-ΕΨΗΕΛΩΝ
  • 5,310
  • 2
  • 17
  • 35