New research shows Telegram has become a hub for cybercriminals. Researchers have named the messaging app an alternative to the darknet. The main thing from the Financial Times report in today’s material.
How did it all start?
Cyberint, a cyber intelligence group with the support of the Financial Times, has discovered a growing network of hackers that are posting confidential data leaks and other personal information on Telegram. Sometimes she appears on channels with tens of thousands of subscribers.
Where do cybercriminals usually “work”?
The Darknet is a hidden network, the connections of which are established only between trusted peers, sometimes referred to as “friends”, using non-standard protocols and ports. The darknet uses its own DNS, that is, domains, and address space.
You can get into the darknet using special software – for example, Tor Browser or I2P. Tor is a browser that encrypts traffic when you are inside, but it can still be tracked in and out.
There are many different resources on the darknet, including those that specialize in leaking databases and selling information from them: (mobile operators, banks, government agencies). There are also anonymous postal services, portals for communication and discussion of any (including prohibited) topics, analogues of social networks and online libraries. Most of all, the darknet is known for its marketplace: there are resources for selling goods, the turnover of which is legally restricted or completely prohibited.
Most often, various databases are sold on the darknet, data from hacked accounts – mail, social networks, instant messengers, current accounts and bank cards issued for dummies, fake documents and much more.
What’s happening on Telegram?
“We recently witnessed over 100 percent growth in the use of Telegram by cybercriminals,” said Tal Samra, cyber threat analyst at Cyberint. “Its encrypted messaging service is becoming increasingly popular with fraudulent activities that sell stolen data.”
Experts have already called Telegram the new darknet. In many cases that experts have studied, published content resembles marketplaces on the darknet. It is the unpunished and accessible publication of confidential data that gives Telegram its resemblance to a shadow network.
Why Telegram
Cybercriminals are attracted by the platform’s ease of use and simple content moderation.
To get started, you do not need special equipment and software to register in Telegram. Content posting does not pass pre-moderation – other users can only complain about the content after posting. In addition, the messenger does not have a constantly working formed support – any appeal is considered by a group of volunteers.
Analysts also note that the growth of cybercriminal activity is caused by a new influx of users. In early 2021, Whatsapp delivered an ultimatum – everyone who uses the messenger is required to accept a new privacy policy. People and even departments began to abandon the application en masse. Sometimes in favor of Telegram. As you know, the messenger, according to its privacy policy, has access to the information that the user has indicated in his profile, the phone numbers of the user and interlocutors, messages outside of secret chats, the postal address, if specified by the user.
What’s next for Telegram?
The popularity of the platform among cybercriminals may increase pressure on the administration of the service to introduce more thorough content moderation. Earlier it was reported that the company plans to go public and is considering options for introducing advertising.
At the same time, according to Cyberint, the number of mentions in Telegram “Email: pass” and “Combo” has quadrupled over the past year.
Thus, experts discovered the combolist channel with more than 47 thousand subscribers, where hundreds of thousands of logins and passwords from various services, including Yandex, Google and Yahoo, were regularly published. The Telegram administration removed the channel at the request of the Financial Times.