Encrypted communications lure cyber-criminals from dark web to Telegram app

News by Robert Abel

Cyber-criminals are branching out from the dark web and into encrypted messaging apps to conduct their nefarious deeds.

Cyber-criminals are branching out from the dark web and into encrypted messaging apps to conduct their nefarious deeds, while personal use of encryption is also growing dramatically according to new reports from CheckPoint and Venafi.  

CheckPoint researchers spotted an uptick in threat actors using Telegram channels to take part in cyber-crimes to communicate in a more secure and accessible manner, according to a firm's Telegram: Cyber Crime's Channel of Choice report.

The app is set apart by emphasis placed on its enhanced security capabilities which make it a viable alternative to the secretive forums on the Dark Web.

With the take down of Dark Web market places including Hansa Market and Alpha Bay cyber-criminals are turning to mobile messaging apps to do their bidding in order to evade authorities and continue their trade.

Cyber-criminals are using hosted chat groups on the app known as ‘channels' to broadcast messages to an unlimited number of subscribers. While the chat messaging history can be viewed publicly responses to public messaging can be done privately giving cyber-criminals more opportunities to disguise their activities.

This enables threat actors to have private end to end encrypted conversations while their identities remain hidden as opposed to dark web conversations that left all of the communications exposed.

In these channels, researchers spotted illicit job offers that were color coded with jobs that are dangerous and likely to entail legal risks marked as black with less threatening jobs marked as gray or white. Researchers also spotted advertisements for the sale of stolen documents or hacking tools.

Governments are already looking into new ways to combat the free reign theses encrypted devices in an argument that may spill over into the encryption of messaging apps as well. Earlier this month Attorney General Jeff Sessions said Congress may need to take action concerning federal law enforcement agencies unlocking encrypted devices tied to investigations.     

"Last year, the FBI was unable to access investigation-related content on more than 7,700 devices — even though they had the legal authority to do so,” Sessions said. “Each of those devices was tied to a threat to the American people," Sessions said, adding that the "stakes are high." 

He went on to say that he is working with stakeholders in the private sector, in law enforcement and in Congress to find a solution.

This may help refuel the debate of whether or not tech companies should put backdoors in their products which many warn could be exploited by law enforcement agencies or malicious actors who find the backdoors. 

Both Russia and Iran have banned Telegram.

In a separate survey by Venafi, sixty-four percent of security professionals reported that their personal encryption usage has increased due to recent geopolitical changes. The results of a survey querying 512 security professionals attending RSA Conference 2018 compares to forty-five percent of attendees with the same answer when asked the same question at RSA Conference 2017.

“We're entering a world where machines process and conduct transactions autonomously,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “As a result, it will be incredibly important to preserve privacy with the use of strong encryption. Despite the challenges this poses, it's excellent news that more than half of these security professionals use encryption to protect their personal privacy."

Venafi's survey also found that security professionals are becoming more apprehensive about encryption backdoors. Eighty-four percent of respondents say they are more concerned about them in 2018 than last year, compared with seventy-three percent who expressed similar concerns at RSA 2017.

Bocek added: “Research shows that concern over encryption backdoors is growing, especially as our adversaries become more sophisticated and better equipped to exploit weaknesses. We must secure the privacy of machines, including Docker containers, Kubernetes clusters and cloud instances – all of which can scale in milliseconds. These machines will represent a new challenge for the next generation of RSA Conference attendees.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews