Telegram's secret chats and bots a boon for ISIS

Telegram's secret chats and bots a boon for ISIS

The Islamic State in Iraq and Syria (ISIS) took to Telegram, an encrypted messaging application platform, to claim responsibility for the recent attacks in Jakarta, thrusting encrypted messaging apps into the limelight.

This comes on the back of Telegram's move to block access to 164 ISIS-related channels made by the terrorist groups and their supporters in the aftermath of the 2015 Paris attacks.

News of the ISIS statement was also circulated within pro-ISIS channels on Telegram. The revelations added to concerns raised since December 2014 that the secure messaging app was used by ISIS as a preferred choice to disseminate its propaganda.

Telegram has some attributes that make it particularly attractive to groups like ISIS.

Originally built by founders Pavel and Nikolai Durov to restrict Russian security agencies' access to their private communication, Telegram became popular as the fastest and most secure mass-market messaging system available, following the revelations by Edward Snowden of mass government surveillance by the United States.

Telegram has around 60 million users worldwide on its app. In the post-Snowden era, claims that it cannot be monitored or disrupted by government surveillance or interference has caused users from mass-market messaging platforms such as WhatsApp and Line to switch to Telegram.

Touted as an ultra-secure and easy way to upload and share videos, text and voice messages, Telegram offers three features that would find favour with secretive groups: Secret Chats, bots and Channels.

Although somewhat similar to Snapchat, where messages can be programmed to be deleted after a set time, Telegram takes it a level higher with Secret Chats, using end-to-end encryption of messages and allowing self- destruct timers for messages, photos, videos and files sent between two parties, which will disappear from both devices. The secret chat is protected by encryption keys, preventing potential man-in-the-middle attacks.

Bots are also used to propagate the ideology of ISIS. Bots can be created in a chat or channel, enabling third-party developers using simple Application Profile Interfaces to create a bot and allow it to connect with users. The bot then handles messages, with group members conversing with the bot as one would with a human.

Research conducted by the Washington-based Middle East Media Research Institute's Jihad and Terrorism Threat Monitor reveals that a handful of ISIS Telegram bots disseminate propaganda in different languages.

Telegram's new feature, Channels, enables the broadcast of individual messages to unlimited public audiences. These publicly available broadcasts enable ISIS to distribute propaganda, transfer very large video files and advertisements calling for monetary donations, share sermons and news of military victories and, more recently, broadcast press releases with the intention to recruit and inspire followers - all in real time. It was revealed that the group used Telegram to disseminate its claims of responsibility for the Parisian attacks and the October bombing of the Russian Metrojet airplane.

Furthermore, interested parties could easily connect with the group's members on these channels. The group has also directed its Twitter supporters to use Telegram channels, as Twitter accounts could be cross-checked and taken down. As of August last year, Telegram's volume of messages stood at an astounding 10 billion messages every day.


Security analysts estimate that these Telegram channels used by pro-ISIS supporters attracted up to 16,000 followers.

Many ISIS volunteers and supporters are digital natives who are up-to-date with the latest technological development, creating a challenge for security agencies which want to shut down these lines of communication. Even as ISIS-related channels were shut down, supporters began creating channels immediately in new locations on Telegram. One new channel, Trendit, has garnered up to 500 followers following the removal of the channels.

Telegram takes down offensive public content by reviewing user reports. Public broadcast channels, similar to Rich Site Summary (RSS) feeds, provide the potential for greater reach than private communications. Yet, unreported channels are still online and remain operational.

Though many ISIS-related channels were removed following Telegram's decision, direct channels between ISIS supporters in individual chats (such as Secret Chats) remain, allowing followers to forward information about new channels, with different aliases. This back and forth of account removal and creation will only continue as encrypted messaging apps provide room for the group's supporters to operate away from the eyes of surveillance.

In September last year, Mr Pavel Durov affirmed claims that terrorists were utilising Telegram to communicate, but stressed that privacy was more important than the fear of terrorism occurring. He highlighted that terrorists would use any available secure communication channel to communicate among themselves. The Parisian attacks may have pressured Telegram to take necessary action for the removal of ISIS-related channels.

However, Telegram was swift to stress that its founding principle of the freedom of speech remains unchanged, with Mr Durov stating that policies towards private chats will continue to remain as the status quo.

Some governments have used the Paris attacks as a clarion call for the weakening of technological capabilities such as encryption, stating that encryption hampers proficient intelligence and security gathering.

Encrypted messaging applications such as Telegram have resisted government and third-party interference until now. Mr John Brennan, director of the Central Intelligence Agency, recently highlighted the frustrations regarding national security agencies' inability to access content from encrypted communication applications in the surveillance of terror groups such as ISIS.

Governments, especially in the West, are often restricted by civil liberty concerns such as the right to privacy, which is highly espoused by Telegram. Fears that a close adherence to the right of privacy could lead to a blind spot for security agencies has seen others calling for the creation of "back doors" to apps such as Telegram. However, there is a danger of non-government actors hacking and exploiting the same back channel and accessing information. Legislation to weaken encryption efforts of technology providers will continue, with draft legislation being drawn up in Britain giving security agencies access to communication records of suspected extremists.

The question that governments, regulators and technology providers have to ask is where the line should be drawn, to balance the rights to privacy in communication and the right to disrupt any potential threats to national security.

There is no easy answer, but each attack made public puts the pressure on tech providers to co-operate more with security agencies.

This article was first published on January 19, 2016.
Get a copy of The Straits Times or go to for more stories.

This website is best viewed using the latest versions of web browsers.