So far, cybercriminals appear to be just shopping around for a Telegram alternative

Avatar

The Telegram app is becoming less friendly for cybercriminals, but a lot of them might stick around anyway, according to a new analysis.

Following the arrest of Telegram founder Pavel Durov and his subsequent pledge to combat illegal activities on the app, several hacker groups have indicated plans to migrate to alternative platforms, says researchers at U.S. cybersecurity company Intel 471. 

However, despite recent regulatory scrutiny of Telegram’s policies, a mass exodus hasn’t occurred. In fact, the researchers believe the majority of cybercriminals who use the app will remain on it due to its convenience and extensive reach.

“Migrating to a platform with a smaller user base would significantly diminish the potential audience and reach, adversely affecting activities that rely on widespread dissemination,” the researchers say.

Telegram also offers “a comprehensive suite of features” that would be hard to find on any existing platform, the report says.

Telegram’s new policies increase its security risks to about the same level as other platforms, Intel 471 says. However, these risks can be mitigated by using temporary or virtual phone numbers, unregistered SIM cards, and techniques to hide IP addresses, such as virtual private networks (VPNs), proxies or the Tor network.

In the near future, the company will likely be busy developing processes to handle the influx of law enforcement requests it will inevitably receive, according to the report.

Looking for alternatives

Telegram’s lack of cooperation with Western law enforcement and loose moderation have been an attractive feature for cybercriminals for years.

Since his arrest by French authorities earlier in August — on charges including complicity in running an online platform that allows illegal activity such as possession of child sexual abuse material, the sale of drugs and malicious hacking tools — Durov has made several statements regarding Telegram’s policies against cybercrime.

He said this week that the company has been disclosing IP addresses and phone numbers of “dangerous criminals” to relevant authorities for years and would further improve this practice. Telegram also launched a bot to report problematic content and mentioned that a dedicated team of moderators and artificial intelligence will monitor illegal activities.

Durov’s statements, along with increased scrutiny from various countries’ regulators, have raised concerns among cybercriminals.

“Nearly every top-tier [underground] forum began a thread where actors discussed the merits of alternative platforms, and the majority of participants signaled an intent to jump ship from Telegram,” researchers at Intel 471 said in a report released this week.

The preferred platforms include the open-source instant messaging protocol Jabber, the peer-to-peer instant messaging and video calling platform Tox, the open protocol for decentralized communication Matrix, and the open-source privacy-focused messaging app Session. More familiar and widely used Telegram alternatives include the encrypted messaging app Signal and the communication platform Discord.

According to research by the Israel-based cyber firm Kela Cyber Threat Intelligence, some criminals are discussing the idea of creating a custom messaging platform using Telegram’s graphical user interface as a foundation “to continue their activities with less risk of exposure.”

Few groups have actually left Telegram. Among them is the Bl00dy ransomware gang, researchers said. Some, like the RipperSec hacktivist group, have begun setting up backup channels on other platforms. Others, including GlorySec and Ghosts of Palestine, declared their intentions to seek out more privacy-centric platforms. 

After analyzing all of the services mentioned by cybercriminals, researchers concluded that hardly any of them can replace Telegram, as they lack features favored by cybercriminals, including extensive bot functionality, the ability to create large group chats, and the capacity to build custom tools and integrate various services into the app through the application programming interface (API).

Impact on cyber researchers

Telegram has been a rich source of cyberthreat activity for researchers, allowing them to track illegal actors and the services they sell. Intel 471 said it tracks more than 5,700 Telegram channels for such activity.

The hackers’ possible shift to other platforms “presents both challenges and opportunities,” the Kela researchers said. The company stated that it will continue to track and monitor activity across a wide range of forums and messaging apps.

“It’s not just about knowing the right sources — it’s about gaining access to these underground communities,” researchers added.

Authorities are likely to use the current situation with Telegram to gather more information about the criminals they want to pursue. Their first requests will most likely focus on the worst threat actors, such as those involved in child sexual abuse material, according to Intel 471.

According to Durov, Telegram is ready to cooperate: “We’ve always strived to comply with relevant local laws — as long as they didn’t go against our values of freedom and privacy.”

CybercrimeNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Critical Infrastructure Cyberforge Summit

Next Post

White House official says insurance companies must stop funding ransomware payments

Related Posts

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks. "In some instances, fraudulent workers demanded ransom payments from their former employers after gaining
Avatar
Read More