How a leaked trove of war crime confessions exposed the fatal vulnerability at the heart of Russia's war machine—and why Moscow's own crackdown may do more damage than any enemy operation
Executive Summary
- Russia's FSB and digital ministry have officially admitted that foreign intelligence services can access Russian military communications on Telegram, a platform used by frontline troops since the 2022 invasion—an extraordinary public concession that undermines Moscow's information security narrative.
- A devastating leak of three years of personal messages from Major General Roman Demurchiev has exposed systematic torture and execution of Ukrainian POWs, including photographs of severed ears and casual discussions of extrajudicial killings shared among senior commanders—evidence that war crimes are not aberrations but institutionally normalized behavior.
- Russia's retaliatory Telegram restrictions threaten to disrupt its own military command-and-control systems, creating a paradox where Moscow must choose between operational security and the communication backbone its forces depend on—a dilemma with no clean solution as the war enters its fifth year.
Chapter 1: The Leak That Shattered the Silence
On February 19, 2026—five days before the fourth anniversary of Russia's full-scale invasion of Ukraine—the investigative unit Schemes (part of RFE/RL's Ukrainian Service) published what may be the most damning evidence of Russian war crimes since the discovery of mass graves in Bucha in April 2022.
The material: three years of personal communications—text messages, audio recordings, photographs, and videos—purportedly sent and received by Major General Roman Demurchiev, commander of the 42nd Guards Motor Rifle Division and deputy commander of the 20th Combined Arms Army. The archive was provided by a person serving in the Ukrainian military. Forensic laboratories in the United States and data researchers in Germany verified the authenticity of the communications.
The content is staggering in its casual brutality. In October 2022, Demurchiev texted his wife, Aleksandra, a photograph appearing to show several human ears, blackened and hanging from a metal pipe, taken from captured Ukrainian prisoners of war. "What do you do with them afterward?" she asked. "I'll make a garland and give it as a gift," Demurchiev replied. "Like pig ears for beer," she wrote back.
This was not an isolated incident. The leaked messages reveal that Demurchiev discussed prisoner torture with at least five senior Russian military officers, including Lieutenant General Mikhail Kosobokov (commander of the 49th Combined Arms Army), Lieutenant General Oleg Mityayev (commander of the 20th Combined Arms Army), and Major General Igor Timofeev (first deputy commander of the 36th Army). In one exchange, Demurchiev sent a Russian-language meme reading: "It's not a war crime if it was fun."
In another message from October 2023, Demurchiev offered a Ukrainian prisoner to a military intelligence officer attached to the FSB: "I've got one prisoner… He's sitting in a pit… What should I do with him—dispose of him or give him to you?" He added: "We didn't have time to torture him, so the info was friendly. But you've got plenty of time—you can use tools that make people tell the truth."
RFE/RL identified the prisoner: a 42-year-old man from Zaporizhzhya who spent nearly two years in Russian captivity. Returned in a 2025 prisoner exchange, he reported severe beatings and electric shock torture but declined to speak in detail, citing poor physical and mental health.
Chapter 2: The Telegram Vulnerability—A Self-Inflicted Wound
The Demurchiev leak did not emerge in a vacuum. It landed alongside a far more consequential admission: Russia's own government publicly acknowledged that Telegram, the messaging platform its military has relied on since the start of the war, is compromised.
On February 18, 2026, Digital Development Minister Maksut Shadayev told the State Duma: "While Telegram was initially considered a fairly anonymized service and was used by our military at the start of the special military operation, there is now ample evidence confirmed by our agencies that foreign intelligence services have access to Telegram correspondence."
The FSB issued a separate statement through RIA Novosti on February 21, confirming that "the use of Telegram in combat areas has repeatedly endangered the lives of Russian servicemen."
This is an extraordinary concession. For four years, Russian forces have used Telegram as their primary communication tool—for coordination, intelligence sharing, logistics, morale, and even operational orders. Unlike purpose-built military communication systems (which Russia's underfunded and corruption-plagued defense establishment failed to deploy at scale), Telegram offered end-to-end encryption, ease of use, and broad penetration among Russian-speaking populations.
The problem: Telegram was never designed as a military communication platform. Its encryption protocols, while robust for civilian use, were not hardened against state-level intelligence operations. Ukrainian intelligence, likely with Western technical support, appears to have exploited these vulnerabilities systematically—turning Russia's own communication infrastructure into an intelligence goldmine.
The implications extend far beyond the Demurchiev case. If Ukrainian intelligence can access the personal messages of a major general, it can almost certainly monitor tactical communications between frontline units, logistics coordination, troop movements, and command decisions. The Starlink whitelist operation, which Ukraine implemented in late 2025 to cut off Russian forces using stolen terminals, now appears as part of a broader information warfare strategy that has comprehensively penetrated Russia's communication architecture.
Chapter 3: Moscow's Telegram Paradox
Russia's response has created what military analysts are calling the "Telegram Paradox"—a situation where every available option makes the problem worse.
Roskomnadzor, Russia's communications watchdog, announced new restrictions on Telegram's operations in Russia in mid-February, citing 150,000 ignored content removal requests and 150,000 fraud-related crimes committed via the platform. The move aligns with Russia's broader digital isolation strategy: YouTube has been blocked, WhatsApp restricted, and the government-backed messenger Max promoted as an alternative.
But Telegram is not Instagram or Facebook. It is the backbone of Russia's wartime information ecosystem. Pro-war military bloggers (milbloggers) use it to communicate with audiences of millions. Military units use it for coordination that their official systems cannot provide. Government officials use it for rapid communication. And critically, frontline soldiers use it because there is no viable alternative.
Some State Duma deputies and pro-war bloggers immediately criticized the restrictions, warning they could disrupt command-and-control systems for Russian forces. The Kremlin attempted to dismiss these concerns—spokesman Dmitry Peskov claimed it was impossible to imagine "that frontline communications are maintained via Telegram or some other messenger"—but this contradicts abundant evidence, including the Demurchiev leak itself.
Telegram founder Pavel Durov, operating from Dubai, accused Moscow of restricting the app to force Russians onto Max, which critics describe as a surveillance and political censorship tool. The irony is acute: Russia is simultaneously admitting that Telegram is insecure for military use while cracking down on it in ways that undermine military operations.
| Dimension | Status Quo (Telegram) | Max (State Alternative) | Dedicated Military Comms |
|---|---|---|---|
| Encryption | Compromised (per FSB) | State-controlled (backdoored) | Theoretically secure |
| User Base | 93.6 million in Russia | Minimal adoption | Near-zero deployment |
| Military Adoption | Universal at frontline | Negligible | Failed to scale |
| Intelligence Risk | Maximum | Different (domestic surveillance) | Low if properly deployed |
| Timeline to Deploy | Already in use | 6-12 months forced migration | 2-5 years minimum |
Chapter 4: The Normalization of Atrocity
The Demurchiev leak's significance extends beyond communications security. It provides forensic evidence of something long suspected but difficult to prove: that war crimes against Ukrainian prisoners of war are not isolated incidents but systematically normalized behavior among senior Russian commanders.
The messages show Demurchiev discussing torture with at least five generals and senior officers. His wife's reaction—"I thought those were tales from Chechnya times. Turns out it's true"—reveals that mutilation of prisoners has been a known practice within Russian military culture for decades, stretching back to the Chechen wars of the 1990s and 2000s. Human Rights Watch and the Russian rights group Memorial documented similar atrocities during both Chechen conflicts.
This pattern matters for several reasons:
Legal Implications: The leaked messages constitute potential evidence for International Criminal Court proceedings. Unlike satellite imagery or witness testimony, private messages between senior officers demonstrate command responsibility—the legal standard required to prosecute generals for crimes committed by their subordinates. Demurchiev's messages show not merely awareness but active participation and encouragement of torture.
Institutional Culture: The casual tone of the exchanges—memes about war crimes, jokes about severed ears, the sharing of torture content as entertainment—indicates that these behaviors are not hidden from the chain of command but are celebrated within it. The involvement of an FSB-linked intelligence officer suggests institutional complicity across Russia's security apparatus.
Historical Precedent: The Demurchiev archive echoes patterns documented in other conflicts where atrocity became routine: the Abu Ghraib photographs from Iraq (2004), the "Kill Team" photographs from Afghanistan (2010), and the trophy photographs from the Yugoslav Wars (1990s). In each case, the existence of photographic evidence shared casually among participants indicated systemic rather than individual failure.
As of February 2026, the BBC and MediaZona have verified over 186,000 Russian combat deaths—13 times the Red Army's losses during the entire decade-long Soviet war in Afghanistan. The scale of violence has created conditions where dehumanization of the enemy becomes self-reinforcing.
Chapter 5: Scenario Analysis—The Information War's Next Phase
Scenario A: Controlled Migration to Secure Platforms (25%)
Premise: Russia successfully transitions military communications to secure, purpose-built systems while maintaining Telegram for civilian/propaganda use.
Evidence Against: Russia has had four years to deploy secure military communications and has failed. The defense industry's chronic underfunding, corruption (exposed in the military procurement scandals of 2023-2024), and the pace of the war make a rapid transition nearly impossible. The Kremlin's own admission that it "hopes" soldiers will "over time" switch to another messenger suggests no viable alternative is ready.
Historical Parallel: The U.S. military's transition from commercial to secure communications after the WikiLeaks disclosures (2010) took years and billions of dollars, occurring during peacetime. Russia must attempt this during an active war with a degraded industrial base.
Scenario B: Telegram Compromise Deepens, Intelligence Exploitation Accelerates (50%)
Premise: The status quo continues with minor restrictions. Ukrainian and Western intelligence agencies deepen their access, while Russian forces continue using Telegram because no alternative exists.
Evidence For: The path of least resistance. Russian frontline troops lack alternatives. The FSB's admission suggests the vulnerability is known but unfixable in the short term. Ukraine's information warfare capabilities have consistently improved throughout the war, as evidenced by the Starlink whitelist operation and the growing volume of intercepted Russian communications.
Trigger Conditions: Continued Russian dependence on Telegram; Ukrainian/Western technical investment in exploitation capabilities; absence of viable Russian alternative platform.
Investment Implications: Continued degradation of Russian military effectiveness; potential for more intelligence-driven Ukrainian tactical successes similar to the Zaporizhzhia advances of early 2026.
Scenario C: Russia Forcibly Shuts Down Telegram, Causing Systemic Disruption (25%)
Premise: Moscow escalates restrictions to a full Telegram ban, causing severe disruption to both military operations and civilian information flows.
Evidence For: Russia's digital sovereignty push has been accelerating—YouTube blocked, WhatsApp restricted, Max promoted. The logic of escalation may override operational concerns, especially if additional leaks cause political embarrassment. Durov's accusation that Moscow wants to force migration to Max suggests this is already the long-term plan.
Risks: Immediate disruption to frontline coordination. Milblogger backlash could undermine domestic war support. Forced migration to Max would consolidate state surveillance but at the cost of functionality and user trust.
Historical Parallel: China's ban on Western platforms (2009-2014) succeeded because domestic alternatives (WeChat, Weibo) were already mature and widely adopted. Russia's Max has neither the functionality nor the user base to serve as a replacement—attempting the same strategy without the prerequisites risks systemic failure.
Chapter 6: Investment & Strategic Implications
Defense Technology: The Telegram vulnerability highlights the growing importance of secure military communications infrastructure. Western defense contractors specializing in encrypted communications (L3Harris, Thales, BAE Systems) benefit from the demonstration effect—NATO allies will accelerate procurement to avoid similar vulnerabilities.
Information Warfare: The leak demonstrates that intelligence exploitation of commercial communication platforms has become a decisive factor in modern warfare. Cybersecurity firms with military/intelligence clients (Palantir, Recorded Future, CrowdStrike) operate in a growth sector as demand for both offensive and defensive capabilities increases.
Russian Defense Stocks: The exposure of systemic communication vulnerabilities adds to the growing evidence of Russian military degradation. The Moscow Exchange defense sector faces long-term headwinds as the war's costs become increasingly unsustainable—oil revenues down 65% year-over-year, central bank forced into emergency rate cuts, and now the revelation that the military's basic communication infrastructure is compromised.
Telegram/Durov: The platform faces a potential forced exit from one of its largest markets (93.6 million Russian users). However, Telegram's global user base exceeds 900 million, and the company's pivot toward business services and crypto integration reduces dependence on any single market.
Conclusion
The Demurchiev leak and Russia's Telegram admission represent a convergence of two crises that together illuminate the deeper rot within Russia's war machine. The first crisis is moral: the systematic normalization of war crimes among senior commanders, documented in their own words and shared as casual entertainment. The second crisis is operational: the revelation that the communication platform underpinning Russia's military operations has been compromised by hostile intelligence services.
As the war enters its fifth year on February 24, 2026, these revelations land at a moment of maximum diplomatic sensitivity. The Coalition of the Willing summit, chaired by Macron and Starmer, will convene on the anniversary. The Geneva peace process continues its halting progress. And in Moscow, the Kremlin faces a choice it cannot delay: continue using compromised communications and accept the intelligence losses, or shut down Telegram and accept the operational chaos.
Neither option is good. That may be the most telling indicator of Russia's strategic position four years into a war it expected to win in three days.
Sources: RFE/RL Schemes Investigation (Feb 19, 2026); The Moscow Times (Feb 18, 2026); Al Jazeera (Feb 22, 2026); Bloomberg (Feb 21, 2026); ISW Russian Offensive Campaign Assessment (Feb 20, 2026); BBC-MediaZona Russian Casualty Verification Project
Leave a Reply