Russian Intelligence Agencies Have Learned to Monitor Encrypted Communications in Messaging Apps

Russian intelligence agencies, including the FSB, have developed the ability to track communications of users on Telegram, Signal, and WhatsApp. While the messages remain encrypted, authorities can determine who is communicating with whom, when, and where, according to the New York Times.

One of the key players in this market is the company "Citadel," which was previously partially controlled by Alisher Usmanov. According to the New York Times, the most dangerous product is the NetBeholder program developed by Citadel's subsidiary, "MFI Soft." This program can track encrypted traffic in WhatsApp, Signal, and Telegram messengers. It allows the authorities to identify who is communicating with whom, when, and where, as well as detect the presence of attached files in messages. Previously, such information could only be obtained from the app developers.

NetBeholder also has the capability to detect the use of multiple phones by a single user, compile contact lists, and determine the geographic location of phones on a particular day. Using this program, it is also possible to determine the region from which a user originates or the country from which a foreigner arrives. The developers of Signal, Telegram, and WhatsApp acknowledge that their messengers have limited protection against such surveillance. While encryption can protect the content of messages, it cannot hide communication data. The companies recommend using additional features to complicate identification and traffic monitoring.

These surveillance tools are already spreading beyond Russia. Manufacturers are attempting to sell their products in Eastern Europe, Central Asia, Africa, the Middle East, and South America. According to Citizen Lab, Russian developments are already being used in Iran and the Russian-controlled regions of Ukraine.

"This makes people very paranoid because if you are communicating with someone in Russia, you cannot be sure if it is safe or not. The intelligence agencies are actively monitoring the traffic. It used to be only for activists. Now they use such tools for anyone who disagrees with the war," says Elena Popova, a Russian opposition politician and digital rights activist.

In February, the United States imposed sanctions on companies and individuals involved in developing software for the System for Operative Investigative Activities (SORM). According to U.S. authorities, SORM is used to suppress dissent, and the Citadel company holds a 60-80% share of the SORM market.