The FBI had sought to “control” how Telegram works, its founder Pavel Durov said
Key points:
Russian-born IT entrepreneur Pavel Durov said that he was “pressured” by the FBI during his stays in America
The US government had wanted a backdoor to Telegram in order to potentially spy on its users, the social media platform’s founder Pavel Durov said in an interview with American journalist Tucker Carlson. The attention from the FBI was one of the reasons Durov dropped the idea of setting up the company in San Francisco, he said.
In an interview published on Wednesday, Durov said that he visited the US several times and even met with former Twitter CEO Jack Dorsey. He was under the watchful eye of the FBI, which made his stays in America uneasy, he said.
According to Durov, one of his top employees once told him that he had been approached by the US government. “There was a secret attempt to hire my engineer behind my back by cybersecurity officers,” the businessman said.
“They were trying to persuade him to use certain open-source tools that he would then integrate into Telegram’s code that, in my understanding, would serve as backdoors,” Durov said. He added that he believes the employee’s account. “There is no reason for my engineer to make up (such) stories.”
Extremely alarming that there is a claim here certain open-source tools act as back-doors for the western intelligence agencies but it makes perfect sense. Engineered bugs in upstream libraries and tools used by tons of commercial and open source software would always get you your best bang for the buck compromising lots of things. Unlike for example the recent xz debacle I expect these are likely much more well hidden and engineered to hide their nature as nothing but mistakes. There are multiple ways to accomplish this from having NSA/GCHQ employees working directly on these projects as core contributors to paying off or blackmailing core contributors.
I expect this particular revelation to likely be ignored by many of the usual privacy people and spaces just because Tucker Carlson (who has grown funnily more hated for interviewing Putin than anything else he's done among liberals) was the interviewer and of course because Durov is a Russian.
This is an extremely serious issue and unfortunately not many people know about or understand it. Too many still believe that if something is open source then it can't have malicious code and backdoors in it, but unfortunately that's just not the case. We already knew that the mainstream platforms and western made hardware all have built in backdoors and co-operate with the intelligence agencies, but that this is now extending to the more fringe alternative platforms and OSS as well is very worrisome.
And there is nothing that guarantees that just because they managed to fend off one attempt at infiltration that no further attempts were already made and maybe even successful. I think that where this is all heading toward is that at some point people for who privacy and security against western governments is essential will have no choice but to use exclusively Russian and Chinese made products. Yes those will undoubtedly have backdoors for their respective states as well, but as long as they do not share their intelligence with the West i frankly couldn't care less if they know what i'm up to. The main government that you need to be worried about is always the one in your own country, doubly so if you live in the imperial core.
I don't think FOSS is being targeted in spite of being fringe, it's being targeted because it powers the internet. It isn't fringe at all in an enterprise server context, and I think it stands to reason that the gathered data from this kind of source would be significantly more valuable on average than that gathered from end-user desktops. But in turn, so long as there is a legal means for private companies to safeguard their privacy generally against any external actor, there is a significant vested interest in safeguarding FOSS against backdoors. Indeed the xz backdoor was disclosed by an employee of a company whose own enterprise server software product is proprietary.
Totally agree with that. Also good to note that in general it it easier to create a backdoor for FOSS because of the general code availability. For a proprietary product, you'd have to somehow gain access to the closed source, which is harder. Also, many FOSS projects have few maintainers doing a great amount of job for free, so with a bit of social engineering you can pressurise them into accepting code they don't entirely understand.
On the other hand, many FOSS projects have more than one maintainer, so more eyes watching the code. Also, you have to find a way to conceal the backdoor, so that it can't be easily identified.
All in all, open-source is certainly better, because you don't have to blindly trust some company, but there are many factors which come to play in both camps. Ultimately, trust is not the only thing that matters since even a trusted repository can be compromised/hacked. Then you can only rely on fast mitigation of consequences, that is hope that the compromised code hasn't been there for long.
PSA - remember to pin versions of the dependencies your software uses. Just recently there was a 0day vulnerability in libwebp with CVE severity score 10/10, and that library is extremely widely used.
Sometimes people forget that the police and the spy agencies often don't want what's good for you. They want what's good for them. Stories like this are a nice reminder.
Extremely alarming that there is a claim here certain open-source tools act as back-doors for the western intelligence agencies but it makes perfect sense.
That could explain how a backdoor almost get into the mainstream Linux distribution through xz Utils if not because of a bad actor sloppiness.
I think people will ignore this because it is on RT before even seeing that it involves Tucker Carlson.
I would be surprised if any country with a functioning spy agency doesn't try and put as many back doors into software as possible. Every single person on this planet should be pissed at the corruption of F/OSS and it's modules (if as widespread as suspected)... this is not an east vs west issue.
It really is though and I think it's a little naive to be saying that or buying the propaganda of the Eyes agreement nations frankly which of course has an inherent interest in portraying all its enemies as just as bad as it. Just as they did when they justified MKultra and every other heinous shitty thing they've done. Yet when the USSR archives opened after their fall we found out they weren't doing half of the things the CIA said they were and using to justify their own abhorrent behavior.
If it wasn't East vs West China wouldn't have gotten caught with their pants down with the USA mass mail intercepting Cisco devices and putting hardware implants into them. I think one of the reasons they even allowed Cisco to help China with the great firewall is because they knew they could use it to spy. Because they would have thought along similar lines and known to look harder.
Fact is America, NATO, Eyes agreements countries spy more, more pervasively, they violate norms, business agreements, etc.
I fully believe that the Chinese and Russians hack but I don't think they play dirty like the US does.
They don't have global intercept networks, they don't globally tap fiber lines, they don't implant malware in as many places as possible, they don't put backdoors in their hardware which could get caught and get them banned (notice how western accusations are never backed up with any kind of solid proof smoking gun stuff? Yet we have Snowden as proof of how far the US and its vassals go). They don't do this kind of mixing of trade and spying, hurting, using their industries and private companies as weapons. They see it as separate business which was historically how spying was seen.
And I further know this because we know from NSA whistleblowers that they had in the early 2000s a choice. Two paths advocated by alternative factions. One path was the one they took, spy on everyone, everywhere, all the time without exception, gather every ounce of data you can, invade everyone's private lives, spy on allies and enemies alike and then sift through the data after. The other which this whistleblower advocated was selective spying, getting warrants basically, getting mandates for spying for specific purposes. Targeted operations, targeted malware. So it's hardly hard to see the idea that these other countries might take another path, even if you think they're evil and worse than the US, you have to admit, pragmatically they have less resources, less ability to do these kinds of things even if they wanted to.
Fact is one of these two groups of nations is in a position to do all this stuff, is an empire, was the global hegemon after the fall of the USSR and decided to invade everyone's privacy in an attempt to maintain that power at all costs. And it isn't China or Russia. Equivocating here simply does not fit the facts of the global situation as we know them.
I haven't read a take this ignorant in a long time. The data is worth too much on a global scale for any country to not be intensely spying both internally and externally. Again, there is no "nice" player on the global field and the only people that consistently lose are we, the citizens.
The fact you believe that these countries hack, but don't "play dirty" is absolutely bananas.