Cybercrime is moving more and more from the dark web to Telegram, study finds



It was presented as an alternative to WhatsApp. The company that operates it has come under heavy criticism for not doing enough to curb vengeful pornography or counterfeit vaccination cards. Now, a new study has revealed that Telegram is, surprise surprise, an attractive home for cybercriminals.

The revelation comes from a study conducted by Cyberint for a Financial Times article. The cybersecurity company discovered that hackers sell and share data leaks on Telegram because it is easy to use and low in moderation.

In the past, these data dumps were largely the domain of the so-called “dark web,” a sort of west-west version of the Internet accessible only through special browsers and connections. Hackers find the dark web attractive because it lives in a corner of the deep web – that is, the part of the internet that does not show up in search engines – which is even more blocked against outside observers. and intrusions.

All of these obstacles come at a price, of course: not everyone can access the dark web. This is where Telegram comes into the picture. It’s easy to download the app and create an account. The service’s “secret” chats use end-to-end encryption, for added privacy. And while group chats don’t have the same protection, you still need a link or invite to enter. Telegram also allows massive group chats for up to 200,000 users.

These features caused what Cyberint threat analyst Tal Samra called a “over 100% increase” in Telegram usage among cybercriminals. “Its encrypted messaging service is growing in popularity among threatening players engaged in fraudulent activity and selling stolen data … because it is more convenient to use than the dark web.”

The boom in the move to Telegram was sparked, according to the study, by recent changes in one of the apps’ competitors, Facebook-owned WhatsApp. While Telegram and WhatsApp are both popular destinations for those seeking more privacy in their digital communications – both platforms offer some form of end-to-end encryption – the latter’s new privacy policy, if any. under siege, made the platform less appealing to users with unsavory goals.

Cyberint found that mentions of certain terms hackers use when peddling stolen emails and passwords “quadrupled” between 2020 and 2021. FT’s story also mentions a public channel (since deleted) Called “combolist” – whose name itself is a reference to hacker terminology – where data dumps were sold or just shared.

There were around 47,000 users on the channel when Telegram shut it down, a move that only came after FT inquired about its existence. The Cyberint study also found that there is a market on Telegram for financial data, personal documents, malware, and hacking guides, in addition to online account credentials.

The dark web itself is fueling Telegram’s growth, Cyberint has discovered. Company researchers noticed a massive increase in links to Telegram destinations shared on dark web forums between 2020 and 2021, from just over 172,000 last year to over 1 million this year.

Telegram has yet to respond to a request for comment from Mashable, but the company has maintained to FT that its policy is to remove personal data when it is “shared without consent.” Although with growing signs that the company is looking to bring in new money and go public, one wonders how long its supposedly lax moderation will last.

Follow Mashable SEA on Facebook, Twitter, Instagram, YouTube and Telegram.



Leave A Reply