India blocks Telegram, and Durov accuses Reliance of hijacking traffic: what really happened

Telegram made the news twice on June 16. The platform was hit with a regulatory block in India, the kind of move it has faced in plenty of other countries before. But the story did not stop there. A second, much stranger turn followed shortly after, with implications reaching far beyond India and touching on how the global internet itself is routed.

As a quick recap, Indian authorities have temporarily restricted access to the platform until June 22, following the leak of medical exam questions. We already covered that part of the story. What happened next, however, is much less obvious and considerably more interesting.

Telegram founder Pavel Durov accused Indian telecom Reliance of hijacking Telegram's internet traffic, not just inside India but in several other countries, including the UAE. The technique is known as a BGP hijack, and it allows a major operator to effectively claim part of someone else's network as its own.

Here is what happened, who is involved, and why it matters for the broader internet.

What happened

On paper, India's decision to block Telegram is tied to the upcoming retake of NEET-UG (National Eligibility cum Entrance Test), the main entrance exam for medical universities across the country. The test is taken by hundreds of thousands of applicants every year. It had to be cancelled back in May after the questions appeared publicly online ahead of the scheduled date.

According to India's National Testing Agency (NTA), organized groups were selling access to the exam papers through Telegram channels with names like "PAPER LEAKED NEET" and "Re-NEET 2026," charging anywhere from a few thousand to several hundred thousand rupees per applicant for what they advertised as "guaranteed" access to the questions. The retake has been scheduled for June 21, with the Telegram block set to lift the following day, on June 22.

The Indian government framed the restriction as a measure of last resort, arguing that earlier attempts to remove the offending content one piece at a time had failed to produce results, and that what was at stake was the fairness of an exam that would determine the future doctors of an entire country.

Digital rights advocates from the Internet Freedom Foundation called the measure disproportionate and questioned whether the law actually allows authorities to block an entire platform rather than just specific illegal content hosted on it.

Pavel Durov pushed back forcefully in his own statement, arguing that the block punishes 150 million ordinary Indian users instead of the people who actually organized the leak, and noting that the leaks themselves had simply moved to other apps as soon as the ban took effect.

In the same statement, Durov noted that Telegram had already removed hundreds of channels linked to the leaks and related scams before the block was imposed. The platform had also made its "edited" label on messages more visible to make backdating harder.

How India enforced the block

Section 69A of India's Information Technology Act allows the government to order the blocking of access to specific information through any "computer resource," citing reasons of national sovereignty, public order, or state security. The provision is normally applied to specific links, channels, or posts. This time, however, on the recommendation of the NTA, authorities went further and blocked access to the entire platform.

In practice, that meant ordering India's largest telecom operators, including Reliance Jio (remember this name), Airtel, and Vodafone Idea, to cut off access to Telegram at the network level. At the same time, the government secured the removal of the Telegram app from Google's Play Store and Apple's App Store.

Telegram was also required to disable the ability to edit already-sent messages within India until June 30, a uniquely targeted demand. The reasoning is that channel admins could publish a blank or neutral message in advance, and then, after the exam took place, edit it to include the real questions, presenting it as "proof" that a leak had happened before testing began. Disabling the edit function closes precisely that loophole.

Legal experts and digital rights groups argue that Section 69A speaks specifically about blocking information, not shutting down an entire service or forcing a company to redesign its product to suit a single country. In their view, the law simply does not grant formal authority for the second demand.

What BGP is, and what it means to "hijack" it

Everything described above, including the block and even the app store removals, is part of a generally official and legal toolkit that governments use to tighten censorship. The next part of the story, however, unfolds at the level of how the internet itself is routed. To understand it, the place to start is how BGP actually works.

BGP (Border Gateway Protocol) is the protocol that thousands of operators around the world use to coordinate which networks deliver internet traffic and where. Every major operator announces to its neighbors which blocks of IP addresses it can route, and those neighbors then pass the announcement onward, until the resulting routing map propagates across the entire internet.

The catch is that the protocol was designed back in the late 1980s, at a time when everyone on the internet effectively knew everyone else. By default, BGP trusts whatever a network claims about a route. No operator is technically required to verify whether a neighboring network actually has the right to claim a particular block of addresses before passing the announcement along.

When one network announces ownership of someone else's block of addresses, and its neighbors accept and propagate that announcement, a portion of the world's traffic intended for the real owner starts flowing somewhere else entirely. From there, it can be intercepted, slowed down, or simply dropped into the void.

When this is done intentionally, it is known as a BGP hijack. When it is the result of a configuration mistake, it is called a route leak. The difficulty is that the two scenarios are almost impossible to tell apart.

History has plenty of precedents for what this can look like in practice. In 2008, Pakistani authorities tried to block YouTube inside the country using exactly this method. A local provider announced a route covering YouTube's addresses to cut off domestic access, but the announcement leaked beyond Pakistan's borders, and YouTube went dark for users across multiple countries for nearly two hours.

Durov's response

This was the subject of a separate, far sharper statement Durov published on the same day, focused on the route hijacking rather than the legal ban.

In it, he accused Indian operator Reliance of sabotaging access to Telegram for millions of users outside India, including in the UAE, using exactly the BGP route hijacking method described above. According to Durov, the sabotage appears deliberate. The company, he said, had ignored several formal complaints about the issue.

In the same message, he suggested the underlying motive could be competitive. Reliance, he wrote, is partially owned by Meta, the parent company of Telegram's main competitor, WhatsApp. Durov called on network operators around the world to reject route announcements from Reliance carrying autonomous system number AS18101 (remember this number) so that their users would not lose access to Telegram.

AS18101 is a specific entry in the public internet registries, and it is easy to verify. We did exactly that.

Who Reliance actually is

The name Reliance Jio came up earlier in this article as one of the operators ordered to block Telegram inside India. It is the largest mobile operator in India, with more than 500 million subscribers, and it belongs to Indian billionaire Mukesh Ambani.

But the Reliance that Durov is accusing of intercepting traffic is not Jio. That distinction actually matters, which calls for a brief detour into the history of one Indian family.

The Reliance business empire was split between two brothers in 2005. After the death of its founder, Dhirubhai Ambani, his sons Mukesh and Anil could not agree on running the company jointly, and the family business was eventually divided between them.

Mukesh took petrochemicals, retail, and, from 2016 onwards, Jio, the operator he built essentially from scratch. Anil received Reliance Communications, a company that had previously been called Reliance Infocomm. It was the main telecom asset of the original undivided business.

The Jio brand most people know today, including Jio Platforms, the parent company of Jio Infocomm, only emerged in 2019. It was Jio Platforms that Meta invested in back in 2020, acquiring 9.99% of the company for $5.7 billion. Meta's stake is in Jio, Mukesh's company. Formally, Mark Zuckerberg's company has no connection to Reliance Communications, which belongs to Anil.

Checking the public internet routing registries, which list every autonomous system number in the world, reveals that AS18101, the number Durov flagged, is registered to Reliance Communications, not to Jio. The oldest records associated with the number, dating back to 2005, list it under the name "Reliance Infocomm," meaning this is literally the same telecom asset that went to Anil rather than to Mukesh when the business was divided.

The disruption itself appears to be real. Something on Reliance Communications' side did clearly happen.

The theory of a competitive war on behalf of WhatsApp, however, holds up less well. The company that AS18101 is formally registered to has no connection to Meta's investments, which sit in an entirely different and much more successful half of the former unified Reliance.

In short, the confusion comes down to the divided Reliance brands. The Reliance responsible for the Telegram disruption is one company, and the Reliance connected to Meta is another.

Telegram strikes back

With a working understanding of how BGP operates, Telegram's response becomes easier to follow. Internet routers default to choosing the most specific route available, so if a "hijacker" announces ownership of a broad block of addresses, the real owner can announce a narrower, more specific portion of the same block in response. Most of the internet will then automatically switch to the more specific route.

To understand what "most specific" actually means, it helps to recall how blocks of addresses are written down on the internet. They look like 149.154.160.0/20, where the number after the slash indicates the size of the block. The larger that number, the smaller the block. A block with a /20 mask contains 4,096 addresses, while a /22 block nested entirely within it contains only 1,024. The /22 is a narrower, more specific subset of the same range.

If two routes exist for the same address, one broad and one narrow, the narrow route wins, even if the broader announcement also technically points somewhere. So when the true owner of a block announces its rights specifically to its /22 subnet inside a "hijacked" /20, operators around the world automatically switch traffic over to that more specific route. The broader announcement of the surrounding IP pool simply stops working.

A more robust defense is called RPKI (Resource Public Key Infrastructure), a system in which the owner of a block of addresses cryptographically signs a record stating which autonomous system number is authorized to announce them. That record is known as a ROA (Route Origin Authorization), and any network that checks against it will automatically reject any route that does not match the signed record, even if the route looks technically valid.

This is not Telegram's first experience with the technique, and the address blocks used in the example above are not arbitrary. The same 149.154.160.0/20 block and its more specific /22 subnet were involved in a similar incident back in 2023, when Iraqi authorities attempted to block the service and the announcement leaked beyond the country's borders. Because Telegram had already set up ROA records for its address space, most networks around the world that verify RPKI automatically rejected the hijacked route, and no global outage occurred.

This time, Telegram appears to have used the same approach, quickly announcing more specific routes to its networks in order to override the broader route hijacked by Reliance Communications. The catch is that it does not happen instantly. While the new routes propagate across thousands of networks around the world, some users continue to see their traffic routed incorrectly for a while.

Dubai was one such case. According to data collected by Durov's Code, supported by the local version of Downdetector, Telegram access in the UAE was disrupted for roughly three hours before Telegram's more specific routes fully displaced the hijacked Reliance route.

The takeaway

The official block on Telegram in India is a fact, confirmed both by local authorities and by the messaging app itself. No one is disputing that, including Durov. His grievance is not with the block itself but with its proportionality.

The BGP route hijack is also a fact. AS18101 exists, it is registered to Reliance Communications, and its mismatch with Telegram's legitimate routes can be verified directly in the open internet registries.

Intent and motive, on the other hand, are not facts but interpretation. Neither Reliance Communications, nor Reliance Industries, nor Meta has commented on the situation, and the theory of a competitive war waged on behalf of WhatsApp remains unproven at this stage.

Even after all the formal block deadlines pass, the main question will probably remain unanswered. Who decided to hijack someone else's internet traffic during precisely these days, and why?

The broader takeaway is that the global routing of the internet still rests on trust and on principles laid down in the 1980s. Any major operator anywhere in the world can spend a few hours acting as an invisible middleman for other people's messages, and yes, redirect that traffic in whatever direction it chooses.