The arrest of Pavel Durov, the founder and CEO of Telegram, on August 24, 2024, has ignited an international uproar with #FreeDurov and #OpDurov campaigns, focusing attention on the intersection of digital activism, social media governance, and freedom of speech.
Durov’s apprehension, stemming from allegations that Telegram has been utilized for illegal activities, has not only stirred global debates but also provoked a vigorous response from the hacktivist community.
For these digital rebels, Durov represents more than a mere tech entrepreneur; he is the visionary behind two crucial platforms: Vkontakte, Russia’s counterpart to Facebook, and the anonymous messaging app Telegram.
The Role of Social Media in the #FreeDurov and #OpDurov Campaign
Vkontakte, before being sold off by Durov, was a vital hub for communication and information exchange among Russian hacktivists. Its relatively lax stance on copyright enforcement made it a rich resource for illicit content and a key player in the hacktivist landscape.
According to the latest Cyble’s report, Telegram, Durov’s subsequent venture, continued this legacy by providing a secure platform for pro-Russian hacktivists to coordinate, share resources, and operate with minimal interference. Durov’s staunch support for privacy and free speech offered a conducive environment for hacktivist activities, making Telegram a haven for these groups.
Durov’s detention has brought together an unlikely coalition of supporters, including the Russian government, pro-Russian activists, and Russian opposition members in exile. Each group has expressed its discontent with the French authorities’ decision, albeit in varied ways. The Russian government and opposition issued official statements, while pro-Russian hacktivists swiftly mobilized to launch the #FreeDurov and #OpDurov campaigns.
The Emergence of #FreeDurov and #OpDurov Campaigns
News of Pavel Durov’s arrest spread rapidly through Russian activist channels on Telegram, sparking immediate reactions from hacktivist groups. The Collective Response Intelligence Lab (CRIL) began tracking the responses and activities of prominent hacktivist groups, including:
- People’s Cyber Army
- UserSec
- CyberDragon
- EvilWeb
- Rootsploit
- CGPlnet
- Overflame
- ReconSploit
- RipperSec
- 62IX (supported the campaign without active participation)
- High Society (alliance)
- Holy League (alliance)
UserSec was among the first to call for a collective response, urging other hacktivist groups to join the protest against France.
The High Society and Holy League alliances amplified this call through their Telegram channels. By August 25, UserSec and the People’s Cyber Army had already launched attacks on the Court of Cassation and the Administrative Court of Paris.
Escalation of Cyberattacks
As the days progressed, the coordinated cyber attacks intensified. By August 26, Russian and pro-Russian hacktivist collectives such as Cyber Dragon, ReconSploit, Evilweb, Rootsploit, CGPlnet, and RipperSec joined forces, targeting various French websites and EU-affiliated organizations.
The following day, August 27, UserSec and the People’s Cyber Army claimed responsibility for attacks on the French financial giant AXA Group. They also targeted airports in Bayonne and Marseille-Provence, ferry services in Corsica, the French customs agency website, and the Agence Universitaire de la Francophonie (AUF).
Despite initial claims of a massive cyber assault on the day of Durov’s court hearing, activities notably declined. However, on August 28, the People’s Cyber Army released a video claiming they had accessed the Industrial Control Systems (ICS) of a French dam, specifically targeting a power transmission control panel developed by ELEC-ENR at a wind farm in Brittany.
Adding a layer of intrigue to the situation, a data leak surfaced in mid-August 2024, involving the Russian FSB Border Service database. This leak, discovered on a Telegram-based database leak channel, revealed sensitive information about individuals crossing Russia’s borders between 2014 and 2023, including Pavel Durov.
The data contradicted Durov’s claims of severing ties with Russia, showing that he had traveled to Russia over 50 times since his emigration. Notably, he was present in Russia on the day Roskomnadzor lifted the ban on Telegram. The database, known as “Kordon 2023,” disappeared shortly after its appearance, raising questions about its origins and purpose.