Telegram is increasingly becoming a hub and hub for cybercrime. This comes from a study by the IT security platform Cyberint in cooperation with Financial Times emerged. Cyber criminals are increasingly trying to sell, purchase or share stolen personal data and hacking tools via the partially encrypted messaging service. The app and the social network behind it are thus an increasingly important alternative to the Darknet.
Telegram more convenient than the Darknet
According to the study, extensive leaked databases are partly offered for sale in Telegram channels with tens of thousands of subscribers. In many cases, the advertised goods were similar to offers that had previously been typical for online marketplaces on the dark web.
“We have seen a 100 percent increase in the use of Telegram by cybercriminals recently,” said Tal Samra, cyber threat analyst at Cyberint. across from the newspaper. The service is becoming increasingly popular with those involved in fraudulent activities because it is more convenient to use than common underground sales locations.
For the latter, it is necessary to set up the Tor browser and understand the concept of the anonymization service. The Darknet is also considered slow, services and sites often change their addresses. On Telegram, on the other hand, trading with easy-to-find providers ideally takes place in real time.
Telegram responds and removes channel for illegal email and password lists
According to Cyberint, the number of references to “Email: pass” and “Combo” via Telegram has quadrupled to almost 3,400 in the past year. This is hacking jargon for stolen email and password lists. In a public channel called “combolist”, which has over 47,000 subscribers, cyber crooks are said to sell or distribute large data sets with hundreds of thousands of usernames and passwords.
According to the analysis, a posting entitled “Combo List Gaming HQ” offered 300,000 email addresses and passwords that can allegedly be used to access video game platforms such as Minecraft, Origin or Uplay. Another seller claimed to have 600,000 logins for users of the services of the Russian Internet company Yandex. Combinations, for example for Google and Yahoo accounts, would also be traded. After a tip from the “Financial Times” Telegram removed the channel on Thursday.
Other types of personal information that can be obtained include financial information such as credit card numbers and associated codes, copies of passports, and credentials for bank accounts and platforms such as Netflix, according to the report. Online criminals also used Telegram to exchange malware, exploits and hacking instructions.
Collection basin for unsold information and right-wing extremists
The number of links to Telegram groups or channels shared on Darknet forums also rose from 172,035 in 2020 to more than a million this year. Cyber criminals are therefore increasingly referring potential customers to the platform as a simpler alternative or parallel information center.
Previously, researchers from the IT security company vpnMentor had discovered dumps of data on Telegram, which are said to have come from leaks from companies such as Facebook, the marketing software provider Click.org and the dating site Meet Mindful. Most of such stocks pop up according to this study only on Telegram after they have already been sold on the dark web or have not found a buyer there. Nevertheless, this new wave of Internet crime should be taken seriously, since it also addresses less technically savvy people.
A c’t analysis last year showed that more and more black market offers can be found on Telegram, for example for narcotics, weapons, prescription drugs and forged master craftsmen’s letters. Relevant groups are therefore managed by their administrators with the support of sophisticated bots. The Dubai-based service has also made a name for itself as a hub for right-wing extremists and conspiracy storytellers. The federal government has Telegram as an extremist catch basin in mind.
Telegram is hard to get hold of
The operator is known for deleting only a small amount of criminal content, even after reports and complaints from users. He only started deleting jihadist channels and groups with terrorist propaganda in late 2019. After the storm on the Capitol in January, the provider also cleaned up some right-wing extremist groups. Telegram only partially falls under the Network Enforcement Act, as it is geared towards the large social networks that are particularly relevant for the public exchange of views. However, the Federal Office of Justice is now taking action against the service, as the possibilities for complaint are not easily recognizable.