The technical infrastructure behind Telegram, a popular messaging app - the pride of the Russian IT industry - is controlled by a man whose companies have collaborated with Russian intelligence services, the research organization Organized Crime and Corruption Reporting Project (OCCRP) has announced.
According to Pavel Durov, the enigmatic entrepreneur who created the service twelve years ago, Telegram now has more than a billion monthly active users worldwide.
Among the reasons for this success are Telegram's reputation for security, as well as Durov's image as a free speech fighter who has defied many governments, OCCRP writes.
“Unlike some competitors, we don’t trade privacy for market share,” he wrote in April. “In its 12 years of existence, Telegram has never exposed a single byte of private messages.”
Investigation reveals vulnerability
However, a new investigation by OCCRP's Russian partner, Important Stories, reveals a key vulnerability.
Journalists discovered that Telegram's network infrastructure – what makes it possible to send billions of messages – is controlled by a man without a public profile but with unprecedented access: Vladimir Vedeneyev, a 45-year-old network engineer.
Vedeneyev owns a company that maintains Telegram's network equipment and assigns thousands of IP addresses. Court documents show that he was granted exclusive access to certain Telegram servers and had the authority to sign contracts on Telegram's behalf.
While there is no evidence that the firm collaborated with the Russian government or handed over data, two other firms closely linked to Vedeneyev—one of which still assigns IP addresses to Telegram, and the other until 2020—had extremely sensitive clients linked to security services. These included the FSB, a secret research center that helped plan the invasion of Ukraine and developed tools to de-anonymize Internet users, and a leading state-run nuclear research institute.
Risk of misplaced trust
“If true, this discovery highlights a dangerous disconnect between what people believe about Telegram’s security and privacy and reality,” said John Scott-Railton, a senior researcher at Citizen Lab. “When people think they are anonymous, they may make risky decisions that put both themselves and their conversation partners at risk – especially if the Russian government sees them as a threat.”
One Ukrainian IT expert said, on condition of anonymity, that the Russian military used man-in-the-middle attacks after taking over network infrastructure: “You install equipment in the physical data channel. They are not interested so much in the messages as in the metadata – IP addresses, user locations, who is communicating with whom… practically all the information.”
Durov under investigation in France
Durov is under investigation in France after being arrested in August last year on charges related to illegal content on Telegram. He was released under judicial supervision, with the possibility of traveling, and the company has since stepped up its cooperation with authorities.
Durov did not respond to requests for comment, OCCRP reports. Vedeneyev did speak to reporters, but declined to have his statements published, they add.
"Seven reasons not to return to Russia"
Telegram was created after Durov founded VKontakte in 2006, when he was 21 years old, - the Russian version of Facebook, also popular for its access to free pirated music and videos.
After opposition activists used VKontakte during protests in 2012, Russian authorities demanded that Durov ban their accounts. When he refused, police raided his apartment. The experience inspired him to develop a more secure communication system.
After renewed pressure to hand over data on Ukrainian users, Durov left Russia in 2014, sold his stake in VKontakte (which had been taken over by people close to the Kremlin), and published a manifesto: “Seven reasons not to return to Russia.”
He founded Telegram with his brother Nikolai, a talented mathematician. From the start, he claimed that Telegram was more secure than the competition.
Although he claimed that Telegram has no infrastructure in Russia and that he had not set foot in the country since 2014, a border crossing database showed that he traveled to Russia more than 50 times between 2015 and 2021.
Telegram security limitations
Telegram emphasizes transparency and security in its official FAQ, but the app does not use end-to-end encryption by default, unlike WhatsApp and Signal. Most users use so-called "cloud" chats, which are stored on Telegram's servers.
Although Telegram states that data is encrypted and separated across different jurisdictions, experts claim that even encrypted messages can reveal metadata.
“The MTProto protocol uses an ‘auth_key_id’, an unencrypted element that enables device identification,” says Mihael “Rišek” Vožnjak. “This allows the IP address and geolocation to be linked to a specific user.”
Company behind: GNM and Vedeneyev
Journalists discovered that Telegram's IP addresses belong to a company called GNM, registered in Antigua and Barbuda. In a Florida lawsuit, it was revealed that Vedeneyev owns GNM and has exclusive access to Telegram's servers in Miami, where he also owns a router.
He even had the authority to sign contracts as Telegram's CFO. Although he claims it was an "informal arrangement," he said he had the power of attorney to act on behalf of Pavel Durov.
Links to Russian security structures
Vedeneyev is the former owner of GlobalNet, a company that controls 18.000 kilometers of infrastructure across Europe. Clients include the Kremlin's Main Research Computing Center (GlavNIVTS), which participated in planning the invasion of Ukraine, developing video surveillance systems, and deanonymizing Internet users.
GlobalNet also collaborated with the Kurchatov Institute, a state nuclear center whose director is Mikhail Kovalchuk, a close Putin confidant.
GlobalNet's minority co-owner is Roman Venediktov, a Russian Space Force officer who previously worked with the Durov family at DATAIX. Vedeneyev took over DATAIX in 2018.
Another company he owned, Electrontelecom, allocated more than 5.000 IP addresses to Telegram. Internal documents from 2024 show that the FSB was one of its key clients.
"If someone has access to Telegram traffic and is cooperating with Russian intelligence services, this means that the device identifier becomes a tool for global surveillance of users," warns Vožnjak.
What else is known about GlavNIVTS?
Former employees of the Main Research Computer Center of the Russian Presidential Property Administration (GlavNIVTS) told Meduza reporters in 2019 that the center has access to secret materials and works in the interests of a number of security services, including the FSB, FSO, the Ministry of Internal Affairs, the Ministry of Defense, and the GRU military intelligence service, OCCRP recalls.
GlavNIVTS experts also removed digital traces of Russian soldiers in Syria and eastern Ukraine, developed tools to predict the effects of attacks on Ukrainian infrastructure, helped improve a large network of pro-Kremlin bots, and built a centralized video surveillance system with facial recognition technology.
In addition, GlavNIVTS participated in the development of the Russian analogue of Palantir — the American mass data analysis system used by the military and the CIA. Elements of this “Russian Palantir” — under names such as “Media Monitor,” “Sherlock,” and “PSKOV” — help the government monitor and de-anonymize Internet users, as Meduza reported back in 2019.
Bonus video:
