What is Telegram?
Telegram is a cloud-based messaging platform focused on speed and security. It was launched in 2013 by brothers Nikolai and Pavel Durov amidst concerns over data privacy and a growing demand for more secure communication tools.
Why Do Cybercriminals Use Telegram?
By prioritizing security and ease of use, Telegram has made itself the platform of choice for millions of privacy-conscious individuals. However, this combination of features, along with a few other factors, has also led to its popularity within cybercriminal communities. We outline the reasons for this in more detail below:
- User Anonymity: Telegram allows users to create accounts and channels without revealing their true identities, providing a veil of anonymity that is useful when conducting illegal activities.
- End-to-End Encryption: Telegram’s “Secret Chats” functionality offers end-to-end encryption that ensures that only the intended recipient can access the message. Additionally, an auto-delete function allows messages to self-destruct after a specified period of time.
- Ease of Channel and Group Creation: Creating channels and groups on Telegram is quick and easy, enabling rapid setup and dissemination of information within criminal networks. On the other hand, a website on the dark web can take days to weeks to set up.
- Large Group Capacity: Telegram groups can have up to 200,000 members, while channels can have an unlimited number of subscribers, allowing cybercriminals to communicate and collaborate with a vast network of individuals simultaneously.
- File-Sharing Capabilities: Telegram permits the sharing of large files, a feature useful for distributing malware, stolen data, and other illicit materials.
- Bots and Automation: Telegram's support for bots allows for the automation of tasks and processes, which can be exploited for managing scams and distributing malicious content such as phishing links.
- Accessibility: Compared to the dark web, Telegram is much easier to access and does not require specialized browsers or technical expertise. This gives cybercriminals a much larger pool of potential victims and collaborators to draw from.
- Global Reach: Telegram’s availability globally allows cybercriminals from different parts of the world to connect, facilitating cross-border collaborations and expanding the reach of their criminal activities.
- Flexibility in Account Management: Users can easily create new accounts, rename accounts, and manage multiple profiles, making it difficult for authorities to track and monitor individual actors.
- Challenges in Surveillance: Compared to the dark web, Telegram is more difficult for law enforcement agencies to monitor, allowing criminals more freedom to engage in and continue their illicit activities.
Types of Cybercrime and Scams on Telegram
Within Telegram’s growing cybercrime ecosystem, users can find various channels and chats dedicated to specific illegal activities, ranging from the distribution of malware to the sale of personal information, financial scams, and even technical support for cybercrime campaigns.
- Malware and Ransomware Distribution
Cybercriminals use Telegram as a platform to share files or links that, when opened, infect the user's device. They set up specialized channels that distribute different types of malware, including ransomware, spyware, and Trojans. Additionally, they often provide tools and software for hacking and unauthorized access to systems
- Phishing Scams
Various channels on Telegram specialize in the sale of phishing pages–fake websites designed to collect personal information–as well as phishing kits and tools required to make these.
- Sale and Distribution of Stolen Data
Telegram channels often serve as marketplaces for selling stolen data, including personal identities, credit card information, and login credentials which may be used to carry out credential stuffing attacks or fraud.
- Sale of Drugs
Some Telegram groups and channels are used for the illegal sale and distribution of drugs, leveraging the app’s anonymity and encrypted communication to escape detection by law enforcement.
- Technical Support for Cybercrime Campaigns
Taking advantage of message privacy and encryption features, cybercriminals also use Telegram to provide technical support to other bad actors who need guidance in launching their criminal campaigns. - Botnet and DDoS Services
Channels that offer services for controlling botnets or launching Distributed Denial of Service (DDoS) attacks against targets.
The list above is not exhaustive. As cybercriminals continually expand their activities and adapt their methods, it is imperative to keep abreast of the new scams, techniques, and crimes on Telegram.