India's Telegram ban disrupted UAE users via BGP hijacking, Telegram says; experts question intent

At a glance:

• India banned Telegram until June 22 over NEET exam leak allegations, requiring Telegram to disable message editing until June 30
• Telegram CEO Pavel Durov accused Reliance of BGP hijacking to disrupt users in the UAE and beyond, citing AS18101 routing data
• Network experts disputed the sabotage claims, attributing the global disruption to misconfigured domestic censorship leaking outward via FLAG Telecom

The ban and its global fallout

India's Ministry of Electronics and Information Technology invoked Section 69A of the IT Act on June 16 to restrict access to Telegram nationwide until June 22, acting on a recommendation from the National Testing Agency (NTA). A separate order requires Telegram to disable its message-editing feature in India until June 30. The ban came after question papers for the National Eligibility-cum-Entrance Test (NEET), India's largest medical entrance exam taken by millions of students, were allegedly leaked before the May 3 exam.

Telegram has challenged the ban in the Delhi High Court, which agreed to hear the matter urgently. The disruption extended beyond India's borders, however, with Telegram CEO Pavel Durov alleging that Indian telecom Reliance was deliberately disrupting Telegram access for users outside India, including in the UAE, through BGP hijacking.

Border Gateway Protocol (BGP) is the routing system that tells networks how to reach each other across the internet. A BGP hijack occurs when a network announces ownership of IP address ranges it does not control, which can redirect, drop or disrupt traffic for the real owner. Public routing data cited by network observers shows AS18101 began announcing Telegram prefixes around the time the domestic block went live, explaining why users outside India lost access.

Doug Madory, Director of Internet Analysis at Kentik, confirmed AS18101 hijacked Telegram's routes, though he noted RPKI route-origin validation and filtering limited how far the bad route propagated. Network researcher Anurag Bhatia independently verified this against public routing data. Technology policy researcher Pranesh Prakash traced the mechanics in a thread: the route leaked to the global internet via FLAG Telecom (AS15412), a former RCom-owned transit provider that failed to drop the RPKI-invalid announcement, causing users in the UAE and elsewhere to lose access.

What these analysts dispute is Durov's claim that the hijack was deliberate. Prakash stated he disagreed with Durov, calling intentional sabotage highly unlikely, and said he had seen zero evidence for it, interpreting the incident as a domestic block misconfigured into a global leak. Madory and Bhatia reached similar conclusions, comparing it to Iraq's 2023 block where an attempt to cut Telegram domestically leaked routes outward.

The corporate-rivalry angle is unresolved. AS18101 is registered to Reliance Communications, the insolvent Anil Ambani-era operator, not Reliance Jio, the Mukesh Ambani carrier in which Meta holds a roughly 10 percent stake. But Prakash noted Jio has absorbed some of RCom's spectrum and fibre assets, and stopped short of identifying who actually originated the hijack, calling it a question for reporters to dig into.

The routing anomaly is documented. The intent, and the identity of whoever triggered it, remain unclear.

Why India acted

The trigger for the ban was the National Eligibility-cum-Entrance Test (NEET), India's largest medical entrance exam taken by millions of students. Question papers were allegedly leaked before the May 3 exam through a paid WhatsApp group and coaching-centre networks in Rajasthan, with reports of a pre-circulated guess paper overlapping heavily with the real test. The exam was cancelled on May 12 and a re-test scheduled for June 21.

India's federal investigating agency, the Central Bureau of Investigation (CBI), took over the probe and has made multiple arrests, including NTA-appointed subject experts and coaching figures. The NTA says cheating networks used Telegram channels, groups and bots to sell access to exam material and spread misinformation, and that channel administrators abused the edit feature to backdate posts and pass off altered timestamps as proof of a prior leak. That is the stated reason for the editing restriction running to June 30.

The agency described the ban as a "last resort" after channel-by-channel takedowns failed to stop the fraud. Durov's counterargument is that the ban punishes the wrong people: Telegram removed hundreds of channels sharing leaked material and scams in India in recent weeks, and banning the app does nothing about the insiders responsible.

The ban drew sharp political reaction. Karti P. Chidambaram, Congress MP for Sivaganga, questioned on X whether blocking Telegram was really the master stroke that would stop exam paper leaks. Telegram replied suggesting the government should also shut every shopping mall in case one had a shoplifter, and close the roads because someone might be speeding.

The censorship dilemma

Digital rights group the Internet Freedom Foundation (IFF) calls the ban disproportionate and "constitutionally incompatible." It argues the directions exceed what Section 69A and the blocking rules permit, describing the move as a band-aid that fails the proportionality test: a nationwide block on a service used by more than 150 million people to address fraud committed by a handful.

The deeper issue is opacity. Section 69A blocking orders in India are routinely issued without public reasons, and the list of blocked sites is not disclosed. The UK's Daily Mail, for example, has been quietly inaccessible across Indian ISPs since 2022, returning DNS resolution errors, with no stated reason and no named ministry behind the decision. It joined thousands of other sites blocked under the same provision with no public explanation.

Telegram is unusual only in its scale and the fact that someone with 150 million users is shouting about it.

Collateral damage

The people hit hardest are the students the ban was meant to protect. NEET aspirants built their preparation around Telegram: free study material, paid coaching groups, lecture videos and notes that do not exist anywhere else as conveniently or as cheaply. Many legitimate resources were hosted on the platform.

One student's experience captured the asymmetry: "my brother's NEET PG notes, videos and paid study groups were all on telegram. telegram got banned. so now he's stuck messaging pirated-content scammers just to access what he already paid for. to stop one leaked NEET UG paper, you broke access for thousands of honest aspirants..."

That reflects the IFF's argument: the leak source walks free, the platform gets blocked, and the students who paid for legitimate access are the ones locked out.

Circumventing the block

Telegram has built-in support for exactly this scenario. The app ships with a proxy feature, MTProto (also called MTProxy), designed to route traffic around network-level censorship.

It works by obfuscating Telegram traffic and forwarding it through an intermediary node before reaching Telegram's servers, so an ISP blocking known Telegram IP ranges no longer sees a direct connection. The traffic stays end-to-end encrypted throughout, and the proxy operator cannot read messages or identify the account, though they can see the connecting IP address.

Anyone affected by the India or UAE disruption can point their app at a working MTProto proxy and restore access without a full VPN. There are public proxy lists maintained for this purpose, including StormyCloud's free MTProto proxy and the SoliSpirit project on GitHub publishing verified proxies refreshed automatically every 12 hours.

Users should only trust proxies from reputable sources: a malicious operator can log connection times and IP addresses even if it cannot see chats. Layering a trusted VPN on top closes that gap.

Looking ahead

For now, the restriction is set to lift on June 22, the day after the re-examination, with the editing-feature block running to June 30. Telegram's court challenge could shorten that, and the routing spillover into the UAE may resolve on its own as the India-side block is unwound.

Until then, affected users who rely on the platform have a working route back in through an MTProto proxy. As always, the proxy you choose is only as trustworthy as its operator.