US Intelligence Agencies Tried To Bribe Our Developers To Weaken Encryption, Says Telegram Founder

In a series of tweets, Pavel Durov, the Russian founder of the popular secure messaging app Telegram has revealed that U.S. intelligence agencies tried twice to bribe his company's developers to weaken encryption in the app. The incident, Durov said, happened last year during the team's visit to the United States. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," he said. "And that was just 1 week. It would be naive to think you can run an independent/secure cryptoapp based in the US."

Telegram is one of the most secure messaging apps available today, though researchers have pointed flaws in it as well.

Don't trust US

[qbast]

Keep that in mind. If you are using VPN/encryption tool/secure communication network/etc. created by US based company, it is very unlikely that it is actually secure.

Re:Don't trust US

Before PGP was released there were encryption standards where a company could have encryption that couldn't be broken by a person or another company but it had to be weak enough that the NSA, CIA, etc... could break into it. When PGP was released it made it where companies went against this and could make encryption as strong as they wanted to. A side note they tried to prosecute the creator of PGP for violating the Arms Export Act but were unable to since he put the code online for free and never sold it.

The thing we are seeing now is the government is either trying to scare companies into giving them the information or bribing the developers into making the encryption weaker.

Re:Don't trust US

[jellomizer]

Also don't trust, Russia, China, Europe, India, Middle East, East Asia...
That is why I get all my software from Antarctica, those penguins just don't care about political pressure and they do just what they do.

However encryption from a bad actor state is still better than no encryption.
 

Re:Don't trust US

[cellocgw]

I get all my software from Antarctica, those penguins just don't care about political pressure and they do just what they do.

So you're saying all Linux software is safe? //bad joke

Re:Don't trust US

Is there any actual proof that these accusations are true? Or are we suppose to automatically believe everything a Russian company says just like every statement made by Putin is the truth and nothing but the truth? And since this is a Russian company they are required by Russian law to hand over their encryption keys and any other information the state security agencies ask them for or they cannot operate in Russia. And if the accusations are true than at least we have a couple government agencies doing their fucking jobs. It is still amazing people act surprised when they learn that an intelligence or counter intelligence agency actually spies. It's like an avalanche of stupidity has blanketed the world and wiped away any intelligent thought on the planet.

Good lord! People have picked sides and there is no amount of evidence or facts that would ever get them to alter their opinions. Todays' political upheaval has accelerated because the goal is not to fix any of the problems we currently face it is all about winning the argument and nothing else. And to win the argument all the various sides use lies, obfuscation, and screeching hyperbole. And all of this has been accomplished using the most effective weapon the world has ever seen. The Internet. It is easy to manipulate global public opinion.

Is it any wonder that this type of thinking is leading us into the next global war? Because WW3 has already started and by the time the mindless proles and trolls on the Internet realize that it will be to late. Every day the world's natural resources are becoming scarcer, the global population is increasing and accelerating the depletion of the natural resources, technology is replacing human workers in a world where there is already a shortage of jobs paying more than minimal subsistence wages, and the intertwined global economies are marching towards a global trade war which will inevitably lead towards real wars. At least the US citizens will finally receive a ROI for all the money spent on creating the strongest military on the planet.

I sense a new business model

[SuperKendall]

Step 1) Create messaging app with no users but strong encryption.

Step 2) Profit from government payoffs!

Step 3) ENDLESS PROFIT

Re:I sense a new business model

[KGIII]

Fuck... Now I have to change my password.

Published source is a huge help here

[davidwr]

It would be naive to think you can run an independent/secure cryptoapp based in the US.

Published source makes it a lot easier to spot problems with the code.

Also, with published source code you can, with the appropriate license, legally recompile it yourself using your own set of tools as a hedge against the publisher's tool-chain or binary-repository being compromised.

Granted, if your tools (anything from the bare metal on up) is compromised or if you are using it to talk with someone else who is using a different binary, all bets are off.

Re:Published source is a huge help here

[beelsebob]

Published source makes it a lot easier to spot problems with the code.

No it doesn't. It has been shown repeatedly that the idea that thousands of people will look at code and magically spot bugs is a myth.

In practice, people either 1) don't look at the code, or 2) don't have the domain knowledge to know what that very specific function is doing.

In reality, only the person who write it, and the 1 or 2 people who reviewed it really understand what's going on, and often not even the people who reviewed it.

Re:Published source is a huge help here

[alvinrod]

No it doesn't. It has been shown repeatedly that the idea that thousands of people will look at code and magically spot bugs is a myth.

You don't need thousands of people doing that, and if you had closed code and paid for an audit of it, the auditors wouldn't do that either. But it is by definition easier for me, you, or anyone who actually cares to evaluate open source code because we actually have access to the code.

If you wanted to evaluate it really well what I'd suggest doing is creating a set of test cases prior to even looking at the code. If something gets caught by some simple black-box tests, it's obviously not very good. Better yet, open source your test cases so then can be reused and built-upon. But since you can access the code, you could also analyze it from a white-box perspective with the test cases and look for any branches or paths that the test cases didn't cover, which may be sources of bugs or intentional tampering.

Hell, if you want cheap labor, just have an instructor make it a project for a testing or cryptography class. It gives the students something a little more real to work with, as well as the opportunity to get involved with an open source project.

Re:Published source is a huge help here

[zifn4b]

No it doesn't. It has been shown repeatedly that the idea that thousands of people will look at code and magically spot bugs is a myth.

If you have bad reviewers, you get bad reviews. Garbage in/garbage out. With quality reviewers, you get quality results. It's a qualitative problem not a quantitative problem.

Re:Published source is a huge help here

[nine-times]

Also, it's possible to disguise malicious code to look like it's doing something else (e.g. The Underhanded C Contest). It's entirely possible that intelligence agencies try to insert these kinds of things into open source projects.

But I don't think that was davidwr's point. I take the statement "Published source makes it a lot easier to spot problems with the code." to be pointing out that it's much ore difficult to identify weaknesses if you're provided a compiled binary, as opposed to having access to the source code. It's not that open source code is a guarantee that someone will spot bugs, but with closed source, you're completely at the mercy of the original developer.

Re: Published source is a huge help here

But if the code is closed, it's impossible. How is that better?

Re:Published source is a huge help here

[JohnFen]

Published source makes it a lot easier to spot problems with the code.

It makes it possible, not easier. When you're looking at the math, it's the next best thing to impossible to notice a weakening of the crypto unless you're a crypt expert. And even if you are a crypto expert, it's not an easy thing to spot.

Re:Published source is a huge help here

[wisnoskij]

often not even the people who reviewed it.

I don't know about you but as a software developer, sometimes I don't even understand how my code works.

Not the end of it.

[Gravis+Zero]

If the NSA failed to bribe their developers, it doesn't mean they are just going to give up. A bribe is just the most cost effective solution for the long term. Have no doubt that they will seek or even maybe even create a weakness in the application.

For real?

[Corbets]

While I wouldn't be terribly surprised if the various three letter agencies try this... would they really be stupid enough to let him know where they were from? It's not like they would have appealed to the Russian's sense of patriotism for the US.

On the other hand, this sort of publicity could drive users to his product, providing a motive to lie.

Methinks that we should remain a bit skeptical on this one.

OpenKeychain

[wasteoid]

Manage your own asymmetrical PGP keys and encryption, while using any messaging app. Not as integrated as Telegram or other streamlined apps, but secure communication is possible, just need to take a few extra steps.

Don't trust proprietary protocols

[Cajun+Hell]

It's not really about the US; the US government's behavior is merely helping to illustrate the deeper errors made by the users.

If you are using VPN/encryption tool/secure communication network/etc. created by US based company, it is very unlikely that it is actually secure.

More generally:

If you are using an app created by a company, which is only compatible with itself rather than complying with a public spec, it is very unlikely that it is secure. (It's also pretty unlikely that it won't suck in other ways too.)

Stop talking about apps, and start talking about protocols. Answer the "which of these apps works best for me?" question later, after protocol selection. If telegram doesn't work with anything else except telegram, then you can be pretty sure that telegram is the wrong choice.

Re:Don't trust proprietary protocols

[qbast]

No, it is in fact very much about US and willingness of the government to strong-arm developers into crippling their crypto solutions. All the compliance with public spec won't help you when developers have been pressured into introducing a subtle bug that allows to make encryption easier to break or to modify their official binary builds by adding a piece of code that will store your private key somewhere.

Re:Don't trust proprietary protocols

[MobyDisk]

Stop talking about apps, and start talking about protocols.

This is the problem with computing and the internet over the last 10 years. We switched from developers saying "I want to create a protocol that does X, and I'll make the first app that implements it" to developers saying "I want to sell ads, so I'll make a proprietary app that does X, and refuse to open it up to other developers." It's the pre-1983 IBM -vs- Compaq mentality.

"Those Evil Americans tried to bribe us!!!"

[Nutria]

Maybe. Or maybe you're just *saying* it to make yourself look better while bashing the US.

How will we ever know for sure?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Alternatives, we need alternatives

[what+about]

Telegram is an alternative to whatsapp or equivalent service from google.
Hopefully European politicians will not be so dumb to break it... (look out to fake "save the children" broadcast)

Any person that does any "professional" work must consider the sharing of contacts,documents, communications as a breach of contract with the client.

I am looking at what happens on the cellphone/tablet market and pray/hope that there will be a NON US based company providing some reasonable platform.

The amount of information that an Android phone share with Google by default (same with Apple) is way too much, real big brother on steroid.

Rabbit hole...

[bradley13]

This may be true, and he didn't accept the bribes; he may be saying this after accepting the bribes; he may be saying this as a publicity stunt; he may be saying this to deflect attention away from the backdoors already installed for the Russian government; he may be saying this because... ...we have no fricking idea. How deep down the rabbit hole do you want to chase your favorite conspiracy theory?

Granted, it's hard to be prepared for all eventualities, but it sure would be nice if he had a recording of the meeting, and the words exchanged.

Is it true?

[GuB-42]

While bribing developers to weaken encryption is most likely not above what intelligence agencies do, this could also be a PR move.
By saying an intelligence agency attempted to bribe your devs, it implies that :
- Your app is so secure that it can't be cracked by external means
- That your company standards are so high that bribes don't work
- That the government is watching and using unethical methods, and that an app like the one you offer is needed
- Competitors may have been bribed too, and if they aren't saying anything, they may have fallen for it

Considering the flaws of Telegram, this may be just an attempt to make it feel more secure than it really is.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Many eyes theory is mostly a myth

[drinkypoo]

Published source makes it a lot easier to spot problems with the code.

Demonstrably false in most circumstances. Just because the code is available does not mean competent people are looking at it and finding bugs.

Your logical fallacy is moving the goalposts. GP didn't claim that it meant that problems would be spotted.

Re:Who are the bad guys again?

Russia don't really need to break into civillian communications - because they have other methods:

If a "little guy" piss them off - he get beaten by some thugs and possibly a couple of years in prison. Maybe he learns his lesson, maybe he dies - there are enough people anyway and they can't sue the government.
If an oil billionaire pisses them off, he suddenly finds all assets frozen and gets a decade or two in prison.
If someone try to be clever and hide in the west after pissing them off - they might get the polonium diet.

So you may communicate securely in Russia. The day they really want you, they just kick down your front door anyway. No need for any "proof" first. No search is "unreasonable".

Russian authorities simply don't need to be subtle. American authorities still need to appear nice, so they need to snoop in silence. They can't blatantly beat information out of people, or tell them to "speak now, or you disappear to some fearsome interrogation camp for some years." So they want to listen in on everything instead. As long as nobody notices enough to prove anything, they aren't visibly violating the constitution or other laws.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Tried?

Technically, it's worth clarifying a few things:
- It's RSA the security company (peddling their encryption solution), not RSA the algorithm (there continue to be no known problems with the RSA algorithm).
- What they were paid the $10 mil for is to use the Dual_EC_DRBG random number generator (this is not a cipher, merely a random number generator for one).
- The Dual_EC_DRBG algorithm was a faulty backdoored standard certified for use by NIST for use in cryptographic software (NIST = the body that certifies crypto algorithms for use and consults with the NSA about security of the algorithms). EC ciphers in general, have not yet been proven to be insecure.
- The settings for Dual_EC_DBRG were not weakened, as it was never a secure algorithm in the first place. The magic constants the NSA defined, allowed them to reconstruct the seed value for the RNG algorithm from a very small number of inputs.
- After the Snowden leaks proved Dual_EC_DBRG insecure, NIST revoked the standard.