It has been marketed as an alternative to WhatsApp. It has been criticized for failing to curb revenge porn and counterfeit vaccination cards. A new study has revealed that Telegram is a popular home for cybercriminals.
Cyberint conducted a study for a Financial Times article. Cyberint's cybersecurity firm discovered that hackers are selling and sharing data on Telegram, which is easy to use and has not been heavily moderated.
These data dumps were once the domain of what was known as the "dark web", a type of West West internet that could only be accessed with special browsers or logins. Hackers love the dark web because it is hidden in the deep web, which is the area of the internet that is not visible in search engines. This makes it more difficult for outsiders and intrusion.
These barriers have a price: Access to the dark web is not available to everyone. Telegram is the solution. It is easy to download and create an account. For added privacy, the "secret" chats of the service use end-to–end encryption. Although group chats do not have the same protection as individual chats, they still require a link or invitation to gain access. Telegram allows you to host massive group chats with up to 200,000 people.
These features have led to what Cyberint threat analyst Tal Samuelra described as a more-than 100 percent increase in Telegram use by cybercriminals. Its encrypted messaging service is becoming more popular with threat actors who are engaging in fraudulent activity and selling stolen information... because it is easier to use than the dark internet.
According to the study, recent changes at WhatsApp, a Facebook-owned app, were the catalyst for the surge in Telegram users. Both Telegram and WhatsApp are popular options for people who want more privacy in digital communications. While both platforms offer encryption, the latter's recent privacy policies has made it less attractive for users with unsavory goals.
Cyberint discovered that hackers' use of terms when hawking stolen passwords and emails "rose fourfold" in the period 2020-2021. The FT also mentions a public channel called "combolist", which was formerly a reference to hacker terminology in which data dumps were shared or sold.
Telegram cut off the channel's 47,000 users when it was shut down. This only occurred after FT inquired about it. Cyberint also discovered that Telegram has a marketplace for financial data, personal documents and hacking guides.
Cyberint discovered that Telegram's growth is being fed by the dark web. Cyberint's researchers observed a huge spike in Telegram destination links being shared on dark internet forums between 2020-2021. This was an increase of more than 1 million from last year, when there were just 172,000.
Telegram has not yet responded to Mashable's request for comment. However, the company stated to FT that it follows a policy of removing personal data "shared without consent". With growing indications that Telegram is looking to raise money and go public eventually, it's not clear how long its apparently lax moderation will last.