Telegram emerges as new dark web for cyber criminals

arstechnica.com
5 min read
fairly difficult
Growing network of hackers sharing data leaks on encrypted messaging app.
Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web.

An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks on the popular messaging platform, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation.

In many cases, the content resembled that of the marketplaces found on the dark web, a group of hidden websites that are popular among hackers and accessed using specific anonymizing software.

"We have recently been witnessing a 100 per cent-plus rise in Telegram usage by cybercriminals," said Tal Samra, cyber threat analyst at Cyberint.

"Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data... as it is more convenient to use than the dark web."

The rise in nefarious activity comes as users flocked to the encrypted chat app earlier this year after changes to the privacy policy of Facebook-owned rival WhatsApp prompted many to seek out alternatives.

Launched in 2013, Telegram allows users to broadcast messages to a following via "channels" or create public and private groups that are simple for others to access. Users can also send and receive large data files, including text and zip files, directly via the app.

The platform said it has more than 500 million active users and topped 1 billion downloads in August, according to data from SensorTower.

But its use by the cyber criminal underworld could increase pressure on the Dubai-headquartered platform to bolster its content moderation as it plans a future initial public offering and explores introducing advertising to its service.

According to Cyberint, the number of mentions in Telegram of "Email:pass" and "Combo"—hacker parlance used to indicate…
Read full article