Google confirms some of its own services are now getting blocked in Russia over the Telegram ban

A shower of paper airplanes darted through the skies of Moscow and other towns in Russia today, as users answered the call of entrepreneur Pavel Durov to send the blank missives out of their windows at a pre-appointed time in support of Telegram, a messaging app he founded that was blocked last week by Russian regulator Roskomnadzor (RKN) that uses a paper airplane icon. RKN believes the service is violating national laws by failing to provide it with encryption keys to access messages on the service (Telegram has refused to comply).

The paper plane send-off was a small, flashmob turn in a “Digital Resistance” — Durov’s preferred term — that has otherwise largely been played out online: currently, nearly 18 million IP addresses are knocked out from being accessed in Russia, all in the name of blocking Telegram.

And in the latest development, Google has now confirmed to us that its own services are now also being impacted. From what we understand, Google Search, Gmail and push notifications for Android apps are among the products being affected.

“We are aware of reports that some users in Russia are unable to access some Google products, and are investigating those reports,” said a Google spokesperson in an emailed response. We’d been trying to contact Google all week about the Telegram blockade, and this is the first time that the company has both replied and acknowledged something related to it.

(Amazon has acknowledged our messages but has yet to reply to them.)

Google’s comments come on the heels of RKN itself also announcing today that it had expanded its IP blocks to Google’s services. At its peak, RKN had blocked nearly 19 million IP addresses, with dozens of third-party services that also use Google Cloud and Amazon’s AWS, such as Twitch and Spotify, also getting caught in the crossfire.

Russia is among the countries in the world that has enforced a kind of digital firewall, blocking periodically or permanently certain online content. Some turn to VPNs to access that content anyway, but it turns out that Telegram hasn’t needed to rely on that workaround to get used.

“RKN is embarrassingly bad at blocking Telegram, so most people keep using it without any intermediaries,” said Ilya Andreev, COO and co-founder of Vee Security, which has been providing a proxy service to bypass the ban. Currently, it is supporting up to 2 million users simultaneously, although this is a relatively small proportion considering Telegram has around 14 million users in the country (and, likely, more considering all the free publicity it’s been getting).

As we described earlier this week, the reason so many IP addresses are getting blocked is because Telegram has been using a technique that allows it to “hop” to a new IP address when the one that it’s using is blocked from getting accessed by RKN. It’s a technique that a much smaller app, Zello, had also resorted to using for nearly a year when the RKN announced its own ban.

Zello ceased its activities earlier this year when RKN got wise to Zello’s ways and chose to start blocking entire subnetworks of IP addresses to avoid so many hops, and Amazon’s AWS and Google Cloud kindly asked Zello to stop as other services also started to get blocked. So, when Telegram started the same kind of hopping, RKN, in effect, knew just what to do to turn the screws. (And it also took the heat off Zello, which miraculously got restored.)

So far, Telegram’s cloud partners have held strong and have not taken the same route, although getting its own services blocked could see Google’s resolve tested at a new level.

Some believe that one outcome could be the regulator playing out an elaborate game of chicken with Telegram and the rest of the internet companies that are in some way aiding and abetting it, spurred in part by Russia’s larger profile and how such blocks would appear to international audiences.

“Russia can’t keep blocking random things on the Internet,” Andreev said. “Russia is working hard to make its image more alluring to foreigners in preparation for the World Cup,” which is taking place this June and July. “They can’t have tourists coming and realising Google doesn’t work in Russia.”

We’ll update this post and continue to write on further developments as we learn more.

Twitter banned Russian security firm Kaspersky Lab from buying ads

The U.S. government isn’t the only one feeling skittish about Kaspersky Lab. On Friday, the Russian security firm’s founder Eugene Kaspersky confronted Twitter’s apparent ban on advertising from the company, a decision it quietly issued in January.

“In a short letter from an unnamed Twitter employee, we were told that our company ‘operates using a business model that inherently conflicts with acceptable Twitter Ads business practices,'” Kaspersky wrote.

“One thing I can say for sure is this: we haven’t violated any written – or unwritten – rules, and our business model is quite simply the same template business model that’s used throughout the whole cybersecurity industry: We provide users with products and services, and they pay us for them.”

He noted that the company has spent around than €75,000 ($93,000 USD) to promote its content on Twitter in 2017.

Kaspersky called for Twitter CEO Jack Dorsey to specify the motivation behind the ban after failing to respond to an official February 6 letter from his company.

More than two months have passed since then, and the only reply we received from Twitter was the copy of the same boilerplate text. Accordingly, I’m forced to rely on another (less subtle but nevertheless oft and loudly declared) principle of Twitter’s – speaking truth to power – to share details of the matter with interested users and to publicly ask that you, dear Twitter executives, kindly be specific as to the reasoning behind this ban; fully explain the decision to switch off our advertising capability, and to reveal what other cybersecurity companies need to do in order to avoid similar situations.

In a statement about the incident, Twitter reiterated that Kaspersky Lab’s business model “inherently conflicts with acceptable Twitter Ads business practices.” In a statement to CyberScoop, Twitter pointed to the late 2017 Department of Homeland Security directive to eliminate Kaspersky software from Executive Branch systems due to the company’s relationship with Russian intelligence.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS asserted in the directive at the time.

France to move ministers off Telegram, WhatsApp over security fears

The French government has said it intends to move to using its own encrypted messaging service this summer, over concerns of the risks that foreign entities could spy on officials using popular encrypted apps such as Telegram and WhatsApp .

Reuters reports that ministers are concerned about the use of foreign-built encrypted apps which do not have servers in France. “We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia,” a digital ministry spokeswoman told the news agency. “You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead.”

Telegram’s founder, Pavel Durov, is Russian, though the entrepreneur lives in exile and his messaging app has just been blocked in his home country after the company refused to hand over encryption keys to the authorities.

WhatsApp, which (unlike Telegram) is end-to-end encrypted across its entire platform — using the respected and open sourced Signal Protocol — is nonetheless owned by U.S. tech giant Facebook, and developed out of the U.S. (as Signal also is).

Its parent company is currently embroiled in a major data misuse scandal after it emerged that tens of millions of Facebook users’ information was passed to a controversial political consultancy without their knowledge or consent.

The ministry spokeswoman said about 20 officials and top civil servants in the French government are testing the new messaging app, with the aim of its use becoming mandatory for the whole government by the summer.

It could also eventually be made available to all citizens, she added.

Reuters reports the spokeswoman also said a state-employed developer has designed the app, using free-to-use code available for download online (which presumably means it’s based on open source software) — although she declined to name the code being used or the messaging service.

Late last week, ZDNet also reported the French government wanted to replace its use of apps like Telegram — which president Emmanuel Macron is apparently a big fan of.

It quoted Mounir Mahjoubi, France’s secretary of state for digital, saying: “We are working on public secure messaging, which will not be dependent on private offers.”

The French government reportedly already uses some secure messaging products built by defense group and IT supplier Thales. On its website Thales lists a Citadel instant messaging smartphone app — which it describes as “trusted messaging for professionals”, saying it offers “the same recognisable functionality and usability as most consumer messaging apps” with “secure messaging services on a smartphone or computer, plus a host of related functions, including end-to-end encrypted voice calls and file sharing”.

Facebook, AggregateIQ now being jointly probed by Canada, B.C. data watchdogs

Privacy watchdogs in Canada and British Columbia are combining existing investigations into Facebook and AggregateIQ. The latter being a Victoria-based ad targeting tech company that has been linked to Cambridge Analytica, the political consultancy at the center of the Facebook data misuse storm.

CA whistleblower Chris Wylie — who last month gave public testimony revealing how millions of Facebook users’ data was passed to his former employer for political ad targeting — has described AggregateIQ as the Canadian arm of CA’s parent entity, SCL. (Although AggregateIQ has denied any affiliation with CA or SCL, claiming on its website “it is and has always been 100% Canadian owned and operated”.)

“The investigations will examine whether the organizations [Aggregate IQ and Facebook] are in compliance with Canada’s Personal Information Protection and Electronic Documents Act(PIPEDA) and BC’s Personal Information Protection Act (PIPA),” said Canada’s watchdog in a statement about the now joint investigation.

“The Office of the Information and Privacy Commissioner for BC opened its investigation into AggregateIQ late last year. Last month, the Office of the Privacy Commissioner of Canada launched an investigation into allegations about unauthorized access and use of Facebook user profiles.

“The two offices decided to jointly investigate these matters as Facebook and AggregateIQ are subject to both PIPEDA and PIPA.”

The statement does not go into any new detail about the investigations as it notes they are ongoing.

The OPCC’s Facebook investigation, which was launched on March 20, followed a complaint against the company. Facebook has since confirmed that more than 620k Canadian users had their data scraped and passed to CA — the majority of whom would not have consented or even known their information was being shared in this way.

Meanwhile AggregateIQ’s role in the UK’s 2016 Brexit referendum vote has been the subject of increasing scrutiny in the country, following a lengthy investigation by the Observer of London looking at links between the various entities involved and how money was spent by different groups campaigning for the UK to leave the European Union.

The company received £3.5M from leave campaign groups in the run up to the 2016 referendum, and has been described by leave campaigners as instrumental in securing their win.

AggregateIQ is now among 30 companies being investigated by the UK’s data watchdog, the ICO, as part of an ongoing (and now almost year-long) investigation into the use of data analytics for political purposes. Facebook and Cambridge Analytica are also part of that probe.

Giving an update on the investigation yesterday, the ICO said it looking at “how data was collected from a third party app on Facebook and shared with Cambridge Analytica”.

The watchdog secured a warrant to enter and search the London offices of CA last month.

The UK’s Electoral Commission is also investigation Brexit campaign spending — and has previously asked Facebook, Twitter and Google to provide information about ad spending linked to Russia.

Earlier this month Facebook revealed it had removed 70 Facebook accounts, 138 Facebook Pages, and 65 Instagram accounts run by the Russian government-connected troll farm the Internet Research Agency.

The company did not immediately respond to a request for comment on the now joint Canadian and British Columbian data probe.

Facebook is also facing shareholder lawsuits and a probe by the FTC into the data misuse scandal, among others.

Facebook, AggregateIQ now being jointly probed by Canada, B.C. data watchdogs

Privacy watchdogs in Canada and British Columbia are combining existing investigations into Facebook and AggregateIQ. The latter being a Victoria-based ad targeting tech company that has been linked to Cambridge Analytica, the political consultancy at the center of the Facebook data misuse storm.

CA whistleblower Chris Wylie — who last month gave public testimony revealing how millions of Facebook users’ data was passed to his former employer for political ad targeting — has described AggregateIQ as the Canadian arm of CA’s parent entity, SCL. (Although AggregateIQ has denied any affiliation with CA or SCL, claiming on its website “it is and has always been 100% Canadian owned and operated”.)

“The investigations will examine whether the organizations [Aggregate IQ and Facebook] are in compliance with Canada’s Personal Information Protection and Electronic Documents Act(PIPEDA) and BC’s Personal Information Protection Act (PIPA),” said Canada’s watchdog in a statement about the now joint investigation.

“The Office of the Information and Privacy Commissioner for BC opened its investigation into AggregateIQ late last year. Last month, the Office of the Privacy Commissioner of Canada launched an investigation into allegations about unauthorized access and use of Facebook user profiles.

“The two offices decided to jointly investigate these matters as Facebook and AggregateIQ are subject to both PIPEDA and PIPA.”

The statement does not go into any new detail about the investigations as it notes they are ongoing.

The OPCC’s Facebook investigation, which was launched on March 20, followed a complaint against the company. Facebook has since confirmed that more than 620k Canadian users had their data scraped and passed to CA — the majority of whom would not have consented or even known their information was being shared in this way.

Meanwhile AggregateIQ’s role in the UK’s 2016 Brexit referendum vote has been the subject of increasing scrutiny in the country, following a lengthy investigation by the Observer of London looking at links between the various entities involved and how money was spent by different groups campaigning for the UK to leave the European Union.

The company received £3.5M from leave campaign groups in the run up to the 2016 referendum, and has been described by leave campaigners as instrumental in securing their win.

AggregateIQ is now among 30 companies being investigated by the UK’s data watchdog, the ICO, as part of an ongoing (and now almost year-long) investigation into the use of data analytics for political purposes. Facebook and Cambridge Analytica are also part of that probe.

Giving an update on the investigation yesterday, the ICO said it looking at “how data was collected from a third party app on Facebook and shared with Cambridge Analytica”.

The watchdog secured a warrant to enter and search the London offices of CA last month.

The UK’s Electoral Commission is also investigation Brexit campaign spending — and has previously asked Facebook, Twitter and Google to provide information about ad spending linked to Russia.

Earlier this month Facebook revealed it had removed 70 Facebook accounts, 138 Facebook Pages, and 65 Instagram accounts run by the Russian government-connected troll farm the Internet Research Agency.

The company did not immediately respond to a request for comment on the now joint Canadian and British Columbian data probe.

Facebook is also facing shareholder lawsuits and a probe by the FTC into the data misuse scandal, among others.

More evidence ties alleged DNC hacker Guccifer 2.0 to Russian intelligence

It may be a while since you’ve heard the handle “Guccifer 2.0,” the hacker who took responsibility for the infamous DNC hack of 2016. Reports from the intelligence community at the time, as well as common sense, pegged Guccifer 2.0 not as the Romanian activist he claimed to be, but a Russian operative. Evidence has been scarce, but one slip-up may have given the game away.

An anonymous source close to the U.S. government investigation of the hacker told the Daily Beast that one one single occasion, Guccifer 2.0 failed to log into the usual VPN that disguised their traffic. As a result, they left one honest IP trace at an unnamed social media site.

That IP address, “identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow,” the Daily Beast reported. (The GRU is one of the Russia’s security and intelligence organs.)

Previous work by security researchers had suggested this, but it’s the first I’ve heard of evidence this direct. Assuming it’s genuine, it’s a sobering reminder of how fragile anonymity is on the internet — one click and the whole thing comes crashing down.

It’s a bit of a foregone conclusion now, since in the time since the hack the notion of Russian interference with the election has gone from unnerving possibility to banal fact. And while a single impression like that may sound a bit flimsy, investigators would of course be putting it together with all kinds of other activity and patterns to be clear this wasn’t just a random intern checking his feeds at an open terminal.

Under Russian pressure to remove content, Instagram complies but YouTube holds off

 Instagram has taken down content posted by Russian opposition leader Aleksei Navalny under pressure from a government agency, while YouTube has yet to do so. Navalny and others have criticized Instagram for complying to what they call a politically motivated move to silence him. Read More