Dark Web Alternative: The Telegram App Emerges As A Hub For Hackers, Research Found

Telegram, hacker

Telegram is a privacy-oriented messaging app. It's best known to preserve its users' identity, in order to prevent anyone to spy on their messages, or track their activities.

This is why people who value privacy, and those who want to free themselves from Facebook's grasp, use Telegram as their mean of communication. This is also why Telegram is popular among journalists and activists around the world.

But what is Telegram is lesser known for, is its popularity among cybercriminals.

Due to its approach in privacy, the messaging app slowly transformed itself to become a hub for hackers and alike, who wish to buy, sell and share stolen data and hacking tools.

Telegram has become the communication method, as many of those people started to see it as an alternative to the existing dark web.

That according to a research from cyberintelligence group Cyberint and Financial Times.

The research found that networks of hackers are sharing data leaks on the popular, with the number of times "Email:pass" and "Combo" were mentioned in the app over the past year reportedly rose fourfold.

Sometimes, these hackers publish their works in channels with tens of thousands of subscribers, sharing data dumps that can contain 300,000 to 600,000 email and password combinations for gaming and email services.

Through Telegram, cybercriminals are also selling financial information, such as credit card numbers, passport copies and hacking tools.

“We have recently been witnessing a 100 per cent-plus rise in Telegram usage by cybercriminals,” said Tal Samra, cyber threat analyst at Cyberint. “Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data... as it is more convenient to use than the dark web.”

What Cyberint meant by convenient is that, Telegram is easy to use, provides a far better functionality than the dark web, light on moderation, and is less likely than the dark web to be monitored by the authorities.

Launched in 2013, Telegram allows its users to communicate in private, and also broadcast messages to followers through “channels,” or create public and private groups that are simple for others to access. Users can also send and receive large data files, including text and zip files, directly via the app.

“In some cases, it’s easier to find buyers on Telegram rather than a forum because everything is smoother and quicker. Access is easier... and data can be shared much more openly.”

With the big name and the big promise, the encryption and the increasing number of people who use the app. All that combined made Telegram the platform of choice for an increasing number of cybercriminals, who wish to remain anonymous and enjoy the convenience of a modern chat app.

Hacker, Telegram
Advertisement for data posted on Telegram. (Credit: Financial Times)

The rise in nefarious activities came as users flocked to the encrypted chat app earlier this 2021, after a privacy policy change on the Facebook-owned rival WhatsApp prompted many to seek alternatives.

Angry users started to complain, forcing WhatsApp to publish statements to clarify that it still won't be able to read their private communications.

Even so, people migrated to rivals that offer secure similar messaging capabilities, which don't have Facebook or other money-oriented tracker-loaded company behind it. And Telegram that saw record numbers of new users, emerged as one of the most popular, gladly embrace those "refugees."

Apparently, those people who flocked to Telegram, also include cybercriminals and the likes. Those people also prefer Telegram because the app doesn't display users' phone numbers, which is unlike WhatsApp.

After conducting its research, Cyberint raises further questions about Telegram’s content moderation policies and enforcement at a time when founder and CEO Pavel Durov has said the company is preparing to sell advertisements in public Telegram channels.

In response to this, Telegram said that it has removed channels where people share massive datasets with email and password combos.

Telegram also said that it "has a policy for removing personal data shared without consent," and that it has an "ever growing force of professional moderators" who help it remove 10,000 public communities every day for violating its Terms of Service.

Earlier, those moderators were the ones who monitored the hundreds of channels that were created following the attack on the U.S. Capitol building.

Further reading: Comparing WhatsApp With Telegram And Signal, In A Privacy Perspective