The messaging app Telegram has gained notoriety recently for its use by the Islamic State, or ISIL, to communicate with terror cells and supporters around the world. The app, launched in 2013 by Russian-born tech entrepreneur Pavel Durov, is a cloud-based messaging service that allows people anywhere in the world on any type of device to communicate with each other.
That may sound a lot like Facebook or other social media apps, but for ISIL the real perk of Telegram is its security. The app has a feature called "secret chats," which, according to Telegram, protects conversations with end-to-end encryption that prevents even Telegram itself from being able to decipher the content of messages. The secret chats function also offers a self-destructing messages feature that erases communications after a certain amount of time – and allows you to delete what you've written not only from the app on your computer but from that of the person on the other end of the conversation.
Jihadists aside, the non-commercial application's growing popularity among ordinary users has come as a reaction to both the Edward Snowden revelations about U.S. surveillance online as well as unease over the harvesting of user data that underpins Facebook and Google's multibillion dollar valuations. And with more than 100 million active users, using Telegram isn't inherently suspicious.
That and its relative security, says Grayson Clary, a cybersecurity researcher at the Wilson Center in Washington, D.C., makes it a cheap and relatively secure way for ISIL to reach sympathizers and communicate plans. Clary spoke with Global Journalist's Aaron Pellish about the challenges posed by ISIL's favorite app.
Global Journalist: Why does ISIL use Telegram?
Clary: The advantage of the way Telegram is set up is that you can create these [public] channels that are followed by a number of subscribers. And then you can also create secret chats. It's not an app that would be very much fun to broadcast on if there weren't already people with a common interest on it.
GJ: How secure is it?
Clary: Cryptographers tend to use a very strong definition of security. There's this idea of a system that is "provably secure." A security proof is basically a demonstration that an adversary shouldn't have some kind of material advantage in cracking the encryption relative to solving some kind of other mathematical problem.
The property that these researchers honed in on is called Indistinguishability Under Chosen Ciphertext Attack. What it's supposed to imply is that if I ask Telegram to encrypt two of my messages and give one of the encrypted versions back, it shouldn't be possible to guess which message they chose. The reason that's meaningful in theory is that you want your encrypted version of your message to be totally jibberish. You don't want it to just not be obvious what it means, you want it to be impossible for somebody trying to read it to get any information out of it.
In a very narrow tech sense, Telegram has not cleared that bar. [Telegram has] a good analogy for it...which is that someone could basically perform the equivalent of writing a message on your packet in invisible ink, but they wouldn't be able to open your package in transit and find out what was inside.
GJ: Does that mean Telegram isn't secure from surveillance?
Clary: Security is not binary. You really have to ask, "What is it that you're trying to secure, and who are you trying to secure it against?" Operational security requires a lot more than just the use of encrypted applications. There's this tendency, especially in national security circles, to ascribe every intelligence failure to encryption. The truth is, encryption is probably only responsible for a very small number of actual damaging intelligence failures because it is really hard to get every element of operational security right.
You have to be very careful about the metadata you're producing, the default settings you use, you have to [be sure] the devices you use aren't already compromised because that makes the whole thing moot. And you have to make sure that you're not using a [messaging] solution that's so unusual that it flags you for suspicion just by the mere fact of you using it.
GJ: Telegram designed its own encryption protocol for its app. Why are encryption experts critical of that?
Clary: Designing encryption is really hard. If you screw up any level than you've potentially compromised your solution. So one of the commandments of cryptography is "Don't roll your own crypto." Wherever possible, you should rely on an established approach, something that people have taken a run at before so that you know that it's not easy or obvious to crack.
One of the criticisms of Telegram is that they're protocol was designed by folks who are exceptionally proficient in mathematics, but who are not professional cryptographers. [They] made design choices that most folks in the security community probably would not have. It's not necessarily the case that those approaches are worse, but because they are different it's a lot harder to tell at a glance if they [can be] broken.
GJ: So if Telegram may not be perfectly secure, why does the ISIL use it?
Clary: Often you'll see folks criticizing ISIL's operational security, saying: "If they were really, really savvy, they'd use hardcore tools X, Y and Z." And the truth is, it's a situation where...they don't need to be infinitely secure against an omnipotent adversary. They just want to feel relatively secure right now, or for the lifetime of whatever operation they're plotting.