Pavel Durov, who built reputation on creating unhackable app, selected by NSO client government.
Amid the varied cast of people whose numbers appear on a list of individuals selected by NSO Group’s client governments, one name stands out as particularly ironic. Pavel Durov, the enigmatic Russian-born tech billionaire who has built his reputation on creating an unhackable messaging app, finds his own number on the list.
Durov, 36, is the founder of Telegram, which claims to have more than half a billion users. Telegram offers end-to-end encrypted messaging and users can also set up “channels” to disseminate information quickly to followers. It has found popularity among those keen to evade the snooping eyes of governments, whether they be criminals, terrorists or pr
In recent years, Durov has publicly rubbished the security standards of competitors, particularly WhatsApp, which he has claimed is “dangerous” to use. By contrast, he has positioned Telegram as a plucky upstart determined to safeguard the privacy of its users at all costs.
Without a forensic examination of Durov’s phone, it is not possible to say whether there was any attempt to install malware on the device.
An NSO source indicated Durov was not a target, meaning the source denies he was selected for surveillance using Pegasus, NSO’s spyware. The company insists that the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus.
Asked directly whether Durov’s phone was a target of Pegasus or any other activity related to the spyware, an NSO spokesperson did not directly answer the question. They said: “Any claim that a name in the list is necessarily related to a Pegasus target or potential target is erroneous and false.” Lawyers for NSO said its decision not to respond to certain allegations should not be treated as confirmation of those claims.
But the list, which the Guardian and other media had access to as part of the Pegasus project, an international collaboration, is believed to be indicative of individuals identified as persons of interest by government clients of NSO. It includes people who were later targeted for surveillance, according to forensic analysis of their phones.
Cybersecurity experts who have examined how NSO’s Pegasus spyware works say the software does not discriminate between encrypted messaging apps and can access pretty much everything on an infected phone. They say Telegram, as well as WhatsApp, Signal and other messaging apps promising end-to-end encryption, are in effect rendered powerless if the device on which they are installed is infected by hacking software as powerful as Pegasus.
Durov’s number, which appears on the list in early 2018, was the UK mobile number which has been linked to his personal Telegram account for years.
Neither the publicity-averse Durov nor Telegram’s press office responded to requests for comment sent to their Telegram accounts.
The list of governments and intelligence services that might be happy to get a look at the contents of Durov’s mobile phone is long. Durov left Russia in 2013 and has had several conflicts with the country’s security services. Telegram has also played a key role in driving protest movements in Belarus, Hong Kong and Iran.
However analysis of the leaked list suggests Durov might have been of interest to the United Arab Emirates (UAE).