Telegram, a global messaging app known for its emphasis on privacy founded by Pavel Durov, is facing new scrutiny after an investigation by Organized Crime and Corruption Reporting Project (OCCRP) and its Russian partner Important Stories. It revealed that the infrastructure routing its traffic is controlled by a Russian network engineer whose companies have previously worked with Russian intelligence and defense agencies.
Critical access controlled by Russian engineer
The investigation identifies Vladimir Vedeneev, a 45-year-old Russian engineer, as the owner of Global Network Management (GNM), which maintains Telegram’s servers and controls thousands of its IP addresses. Legal documents from a Florida court show Vedeneev had exclusive access to Telegram servers, signed contracts on its behalf, and even acted as its informal CFO under a power of attorney from Telegram founder Pavel Durov.
Vedeneev’s other companies — including GlobalNet and Electrontelecom — have provided services to Russia’s FSB, the GlavNIVTS computing center, and the state-run Kurchatov nuclear institute. Electrontelecom continues to assign over 5,000 Telegram IPs and manages surveillance systems used by the FSB in the St. Petersburg area.
Telegram blocks then unblocks chatbots used by Ukraine’s security services to get info on Russian activities
Metadata vulnerability through Telegram’s protocol
Despite Telegram’s claims of security, the MTProto protocol used in its encrypted messaging system includes an unencrypted “auth_key_id” element. Security expert Michał Woźniak explains that this allows anyone monitoring network traffic to identify a user’s device, IP address, and location even if the message content is encrypted.
Other experts, including John Scott-Railton of Citizen Lab, echoed these concerns, noting that metadata exposure could place users — especially those seen as threats by the Russian state — at serious risk.
Russian FSB has the keys to Telegram and Viber messengers and uses them for espionage — Ukrainian intelligence
Man-in-the-middle risk and physical infrastructure
A Ukrainian IT specialist said Russian forces used captured telecom infrastructure to conduct man-in-the-middle surveillance.
“In such an attack, the hackers aren’t even interested so much in the user’s correspondence,” he explained, “They get metadata to analyze… really, all possible information.”
Documents show that Vedeneev’s company owns a router inside the Telegram server room in Miami, and leases over 10,000 IPs to Telegram. Woźniak notes this allows potential access to user metadata, posing a major privacy concern.
Telegram’s founder under legal pressure
Telegram founder Pavel Durov, known for creating the VKontakte platform – the Russian clone of the early Facebook – and later launching Telegram in exile, is under judicial supervision in France over charges related to illegal content. Though he has denied any infrastructure in Russia or post-2014 visits, a leak showed over 50 trips to Russia between 2015 and 2021.
Politico: French investigation into Telegram’s founders reveals broader scope
Durov did not respond to OCCRP’s requests for comment. Vedeneev declined to publish his statements publicly.
Opaque partnerships and Russian state links
Vedeneev’s long-standing links to Russian state projects extend back to his partnership with Roman Venediktov, a former space forces officer and minority co-owner of GlobalNet. Their joint company, Peering, managed traffic for VKontakte through DATAIX and was acquired by GlobalNet in 2018.
The investigation also reveals that GlobalNet implemented Russia’s Deep Packet Inspection (DPI) system after the 2022 invasion of Ukraine, aligning itself with Roskomnadzor regulations.
“If someone has access to Telegram traffic and cooperates with Russian intelligence services,” said Woźniak, “this means that the device identifier becomes a really big problem — a tool for global surveillance of messenger users.”