The New Dark Web is Telegram

During October 4th’s full blackout of Facebook, Messenger, Instagram and WhatsApp, millions of people suddenly found themselves scrambling for the 6-hour window towards other means of communication, such as Twitter and LinkedIn.

To continue talking with friends and family, many flocked to alternative communication tools such as Viber and Telegram to communicate. In the case of Telegram, many did so not knowing that the fast messaging app that claims to be free and secure has emerged as the new dark web for cybercriminals.

The Unseen Threat

As recent as three weeks prior, cyber intelligence group Cyberint uncovered the growing network of hackers sharing data leaks on the messaging platform, across channels with tens of thousands of subscribers. The platform has made for easy use in buying, selling and sharing stolen documents and hacking tools in what has become the main alternative to dark web use.

In most cases, content resembled marketplaces found on the dark web, incorporating hidden websites used by hackers via specific anonymizing software. The current rise in cybercriminals using Telegram has seen a 100% increase.

Tools for Profit

The use of encrypted messaging has become widespread by threat actors conducting fraudulent activities and offloading stolen data for profit, making for convenient use as an alternative to the dark web. Many flocked towards Telegram earlier in 2021 following the Facebook-owned WhatsApp privacy policy change.

Initially launched in 2013, Telegram provided a way for users to broadcast messages to followers via channels and create private and public groups for others to access. The app allows for the sending of large data files directly, including text and zip files.

With over 500 million active users and 1 billion downloads in August alone, the current problems with the platform being a haven for cybercriminals could now put pressure on the platform – owned and headquartered in Dubai – to bolster content moderation before its planned public offering and introduction of advertising to the service.

Scary Figures

In total, the number of mentions in Telegram of “Email: pass” and “Combo” – hacker terminology to communicate the sharing of stolen passwords and emails – multiplied four times over 2021 to the figure of 3,400.

One Telegram channel “Combolist”, open to the public, has more than 47,000 subscribers alone. Here, hackers sell and share large data dumps of hundreds of thousands of stolen usernames and passwords. Some posts within offered 300,000 emails and passwords for hacking video game user accounts for Minecraft, Origin and Uplay.

Others have discovered 600,000 logins for Google, Yahoo and Yandex. Following the Financial Times contacting Telegram for comment, the channel was removed.

Telegram has since released a statement that it has a policy in place for removing personal data that is shared without consent and has a growing force of moderators removing over 10,000 public communities for service violations.

For more information about any upcoming IT Security events 2021/ IT Security events 2022, enterprise technology events, big data analytics or any identity management event, check out the upcoming events from Whitehall Media.