A look inside the hidden side of the Telegram network

[et_pb_section fb_built= »1″ _builder_version= »3.22.4″][et_pb_row _builder_version= »3.25″][et_pb_column type= »4_4″ _builder_version= »3.25″ custom_padding= »||| » custom_padding__hover= »||| »][et_pb_text _builder_version= »3.22.4″]

Telegram was founded in 2013 by two Russian brothers, Nikolai and Pavel Durov, who also created the social network VKontakte. Their goal? To offer a secure messaging application allowing users to exchange messages, photos, videos, URLs, and other files confidentially via an encryption system called MTProto. Although Telegram's encryption system has drawn some criticism, the social network has steadily gained visibility and users since its inception, reaching approximately 200 million regular users by the end of 2018 (representing roughly 15 billion messages sent daily). However, this network remains far behind Facebook, which has 2.2 billion users, and WhatsApp, which has 1.5 billion.

[/et_pb_text][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/graph.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="40%" module_alignment="center" custom_margin="||-1px|||"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4" custom_margin="||-44px|||"]

The fact that it's free and the promise of end-to-end encryption partly explains users' enthusiasm for Telegram. Indeed, the application offers a cat secret using encryption and through which messages are saved on the device used (smartphone for example) and not on the Cloud. Users can choose to delete messages without them necessarily being stored on the server. Furthermore, Telegram appears to be one of the most secure networks in terms of anonymity. A study[1] The survey conducted by the New York-based media outlet Outline gathered the opinions of 13 administrators and/or owners of channels offering illicit content. Most of them agree on one point: Telegram offers a wide variety of options to keep users' identities private. This is one of the main reasons why the creators and managers of channels distribute their pirated content via this application. Indeed, since 2015, Telegram has used a "bot" platform for developers. Thanks to the API system, users can manage how interactions take place and are protected on the network. Furthermore, and unlike WhatsApp, the user's phone number, required during registration, does not subsequently appear within the channels.

These privacy options combined with contextual elements are the reason for Telegram's rapid rise to power. Take, for example, the events of October 2014, when more than 1.5 million South Korean users switched from KakaoTalk (a South Korean messaging app) to Telegram. President Park Geun-hye had just announced the monitoring of all citizens' electronic communications, making it possible to arrest any user who expressed criticism or spread rumors against the regime. Another event that propelled Telegram to the ranks of globally recognized apps was the Brazilian government's decision to ban WhatsApp in December 2015. Since then, the messaging service has been available to citizens again, but it has reportedly been abandoned by some of its local users. Indeed, suspicions persist regarding the existence of campaigns to spread... fake news[2] via WhatsApp accounts owned by the government and its supporters. To bolster his position as the frontrunner, Jair Bolsonaro's campaign team allegedly funded the sending of hundreds of thousands of messages. Despite the closure of some accounts in response to the scandal, the WhatsApp social network reportedly experienced a decline in popularity in Brazil, further boosting Telegram's. The messaging app is said to have gained 3 million additional users following the outage that affected WhatsApp and Facebook on March 13th.

Furthermore, increased surveillance of the Tor network by the authorities (cf. the closure of two very popular black markets: Hansa Market and AlphaBay) promotes the migration of online communities, Whether malicious or not, users often migrate to other, more discreet networks. Inevitably, the privacy benefits offered by Telegram attract attention and often lead to censorship by authoritarian governments. Russia is a prime example.[3], Iran and China.

 

In order to understand and analyze the organization of malicious activities by hackers operating from this platform, our team of Cyber Threat Intelligence spent several months on Telegram. An overview of the threats present on this network.

 

Research method

 

Our immersion in the Telegram network began in the second half of 2018 and continued until the first quarter of 2019.

We have focused our research efforts on the detection of international Telegram groups gathered around fraud, hacking, and carding (in its broad definition, namely online trafficking of bank cards, bank accounts or any other information relating to personal data and obtained fraudulently), sharing stolen data and malicious tools. In short, we wanted to find out if the threats we detect every day for our clients were also present on Telegram, and in what form(s).

In total, these are over 150 Telegram groups gathered around these themes, which were integrated by our team, in order to collect as much information as possible on the malicious activities carried out by certain members of this social network. These groups were identified via OSINT-based search techniques :

Google dorks (invitation links to channels are indexed by Google): to do this, simply take the root of the Telegram invitation links:

https://t.me/joinchat/[ID] and launching Google searches that can potentially detect several thousand invitation links to Telegram groups:

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/google_dork_1.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="47%" module_alignment="center" custom_margin="34px||48px|||"][/et_pb_image][et_pb_text _builder_version="3.22.4"]

Then, you simply need to contextualize the search according to the targeted ecosystem to access the desired groups:

[/et_pb_text][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/google_dork_2.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="47%" module_alignment="center" min_height="272px" custom_margin="22px||-1px|||"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

These requests served as our starting point for carrying out our sourcing and allowed us to access channels private or public. Other methods have complemented our approach:

• Sharing Telegram groups on third-party communities (Reddit, forums, pastebin, etc.);
• Use of Telegram-specific search engines (Telegago, a custom search engine,com etc.): http://cse.google.com/cse?cx=006368593537057042503:efxu7xprihg#gsc.tab=0
• By pivoting within the channels integrated via the previous methods, by following user announcements relaying posts from other groups.

By doing so, we were able to join communities totaling more of 1.2 million users English, Arabic and French speakers. We analyzed the conversations, data and files that were shared there, in order to report on the type of information passing through this network.

During our investigation, we found that the Groups formed on Telegram could be very volatile. and possessed a variable lifespan, ranging from a few days or weeks of existence for some, to several months or years for others. User inventiveness leads to an instantaneous need, and subscribers readily abandon one discussion thread to follow another., that they deem more relevant. Besides the competitive dynamic, the lifespan of Telegram groups can be explained by several concurrent factors: the level of activity of the channel which allows users to gather and be retained over time (with the possibility of hosting up to 200,000 members in a single group), and the interdependence with other discussion groups: when a channel Telegram is referenced by others channels This directly contributes to its visibility, credibility, and influence. We should also mention the desire of a group's administrators to complicate the monitoring of their channel by the authorities, by regularly migrating to a new channel bearing a different name and address:

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/changement_channel.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="42%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

Having immersed ourselves in this social network, we wanted to answer several questions: How do internet users organize their malicious activities on this network, what content do they share, and what impact can this have on the users or companies targeted by these activities?

 

Telegram, an Eldorado for hackers seeking stolen data and new fraud techniques

 

From our immersion within these channels Telegram, it appears, is structured similarly to sections found on malicious forums on the Surface or the Dark Web. Thus, one finds... groups specializing in sharing stolen data (databases, user data, banking data), others in the sharing of information and documentation on malicious activities (hacking tutorials, fraud techniques, social engineering, etc). It is also possible to do so finding malicious tools, such as malware for sale or freely available on several channels.

 

 

User accounts and banking data at your fingertips

 

What is surprising, unlike some known malicious communities, is the free access and accessibility of shared information. While some products offered are only accessible via payment (Bitcoin, PCS, MasterCard, etc.), almost everything is made available to the community through loyalty programs run by Telegram group administrators., in the form of donations (« giveaways »). Furthermore, unlike other messaging services (Discord for example), there are very few restrictions on access to channels This allows any user who has detected a discussion group to join it at will. Login credentials and other personal data of online service users are thus shared continuously across the various platforms. channels that we have selected.

Based on our observations, The services whose user accounts are most popular are :

1. Video-on-demand services (Netflix is particularly targeted by pirates, but Origin, Hulu, etc. accounts are also found)
2. Music streaming services (Spotify, Deezer, Apple Music etc.)
3. Video games (Fortnite, Minecraft, Steam, etc.)
4. VPN Services (Express VPN, Nord VPN, Vyper VPN, Hide My Ass! etc.)
5. Services delivering pornographic content

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_3,1_3,1_3"][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/fortnite_credz.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="65%" module_alignment="center"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/netflix_credz.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="65%" module_alignment="center"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/spotify_credz.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="56%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_2,1_2"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/nordvpn_credz.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="52%" module_alignment="center"][/et_pb_image][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/hotstar_credz.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="54%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4" custom_margin="21px||21px|||"]

Bank card numbers and PayPal account details of legitimate users are also published for the community.. However, it is possible that these maps are deliberately shared by experienced hackers with less experienced users, so that the latter use them without caution and commit a fault that would protect those who hacked and exploited them in the first place. 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row custom_padding="||34px|||" _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/paypal_cb.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="45%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4" custom_margin="||32px|||"]

Proof of the phenomenon of hackers migrating to this social network, some illegal websites reselling bank cards have chosen to open their channel Telegram to share their latest discoveries with their community:

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/annonce_dump_card.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="37%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4" custom_margin="20px|||||" custom_padding="18px|||||"]

Knowledge for everyone, everywhere, all the time

 

Beyond the sharing of stolen data, the other characteristic feature of this network is the sharing documentation free of charge to all members, notably to inform them about the latest techniques of carding or hacking. These tips take the form of tutorials and may pursue futile goals – the creation of a bot to improve a video game character, for example – or entirely malicious: knowledge of fraud or hacking techniques (See belowThe sheer number of "training courses" offered by users is impressive and The documentation can sometimes reach several tens of gigabytes of content. (Each file must not exceed 1.5 gigabytes – the equivalent of a full movie – and it is possible to share as many as you wish):

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/77GB_hacking_tutorial.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="43%" module_alignment="center"][/et_pb_image][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/carding_tutorial.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="37%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

As part of our investigation, we were able to obtain copies of documentation highlighting malicious acts, such as these shares of tutorials detailing user techniques carding applicable on popular websites (that of a shoe and Hi-Fi brand) : 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_2,1_2"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/carding_method_1.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="60%" module_alignment="center"][/et_pb_image][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/carding_method_2.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="50%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

Members can thus freely obtain tips on fraud techniques and then put them into practice. Other groups have even chosen to dedicate themselves exclusively to teaching internet users these techniques:

[/et_pb_text][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/carding_method_for_free.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="53%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

After the initial training comes the refinement: sharing attack techniques, malicious tools, and databases is commonplace on Telegram.

 

Even more worrying than the sharing of stolen knowledge or data, Malicious tools and hacked databases circulate daily within Telegram groups. Some channels have indeed become veritable black markets for hackers seeking specific attack tools, either for free or for a few Bitcoins. Our immersion within the network allowed us to observe that the groups favored the tools dedicated to type attacks credentials stuffing, DDoS, brute force on CMS systems (content management systems) specific, or those facilitating attacks by ransomware, by RAT or via cryptominers :

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_2,1_2"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/tools_1.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="81%" module_alignment="center"][/et_pb_image][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/tools_2.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="93%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

Particularly prized by attackers, configuration files that work with software credentials stuffing apps like Sentry MBA, STORM, and SNIPR are numerous on Telegram.. These tools allow hackers to massively test usernames and passwords obtained from stolen databases on specific websites until they obtain a valid account. Less experienced users often seek out this type of file because of their development ex nihilo requires technical skills. The ability to Finding these files freely accessible on the network makes this type of attack accessible to all users..

We were able to obtain several samples of configuration files targeting well-known sites for which user accounts are particularly sought after:

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_2,1_2"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/conf_sentry_1.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="80%" module_alignment="center"][/et_pb_image][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/conf_storm.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="95%" module_alignment="center"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

THE cryptominers And ransomware are also highly sought after by attackers. Telegram is a breeding ground where attackers can easily find what they're looking for, whether by downloading free malware or funding actors who sell it. A few searches are all it takes to acquire cryptomining tools:

[/et_pb_text][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/cryptomonieur.png" align="center" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

Another user suggests, for example four ransomware known (Cerber, Crysis, Locky and Cryptolocker) for just a few Bitcoins (0.05, 0.08, 0.03, and 0.07 BTC respectively). Discovered in September 2013, CryptoLocker (screenshot belowThis malware is capable of encrypting files on the victim's computer and demanding a ransom for their decryption. For a fee of approximately 20%, some hackers even offer to handle the attack for their clients and pay them the profits. The three other malware programs also belong to the same family. ransomware, This highlights another characteristic of the Telegram network: the lucrative nature of the attacks. Based on our observations, although the range of malicious options is extremely broad, it seems that the content of channels it is used primarily by individuals and serves their financial needs.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_3,1_3,1_3"][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/ransomware.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/cryisis.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/cerber.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_2,1_2"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/locky_picture.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/cryptolocker-picture.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

 Finally, other users share the results of their own hacks—or those they find interesting—to benefit the community with their discoveries. Among the few examples that punctuated our exploration: login credentials for a camera exposed on the Internet, A A stockpile of nearly 1 terabyte of leaked data is being offered for sale for around one hundred euros. (including the recent databases "Collection 1# to 5#"):

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" column_structure="1_2,1_2"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/cctv_credz.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="74%" module_alignment="center"][/et_pb_image][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/1000GB-of-data.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="75%"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.22.4"]

Conclusion

 

Our observations have allowed us to draw the following conclusion: the application Telegram constitutes a vector of threats due to its ability to offer a summary of all the fraud schemes and hacking techniques available on the Web. The sheer volume of available information, coupled with the accessibility of this network, inevitably facilitates the spread of risk: a phone number, internet access, a few basic searches, and anyone can access numerous malicious chat groups. These changes in the parameters of access to harmful information significantly increase the challenge facing companies.

On the one hand, companies are facing a growing number of threat vectors: as we mentioned in the introduction, the vulnerability of forums hosted on the Tor network (recently[4] (again) leads to a shift of malicious actors to networks like Telegram, but not only; WhatsApp and Discord are also being targeted by attackers. On the other hand, they face new expectations, whether in economic terms (if a paid service is systematically circumvented by malicious users, its sustainability could be compromised) or in image terms (How can you maintain customer trust if user data is circulating freely?). The need to preserve the integrity of their systems, which notably contain... customer data, This then appears essential. Compliance and ethical objectives also reinforce the need to implement a strategy for detecting and responding to these threats.

However, the task can prove complex because Telegram is a communication tool that requires rigorous monitoring due to the instantaneous nature of exchanges and the volatility of... channels and the exponential growth of content. One possible course of action to overcome this problem is to carry out dedicated, recurring monitoring.. Through its team of monitors/linguists and under the cover of a phase of sourcing adapted, Intrinsic is able to implement this type of specific monitoring, in order to regularly observe developments in different networks and to identify, within a short timeframe, the latest shared fraud schemes or hacking techniques that could pose a risk to an entity. These detections then allow the companies concerned to launch investigations, which we oversee in order to implement in fine, appropriate countermeasures. Thus, if illegal content is detected, it is then possible to submit requests for takedown[5] to Telegram to request the closure of a channel. Other moderation tools are reportedly under development, but Telegram still appears to be a poorly monitored network. According to one owner of a channel interviewed by the media outlet Outline [6], there would be very few Telegram groups shut down. One of the creators, Pavel Durov, even presents Telegram as a network based on libertarianism, within which "« one cannot have more freedom ».

 

[1] SINGH Manish. In The Outline, « Telegram is the hot new source for pirated content »" 21/04/2018 https://theoutline.com/post/4143/telegram-is-the-hot-new-source-for-illegal-downloads?zd=1&zi=2okrhvvs.

[2] CARDONA François. “Brazil: When Bolsonaro supporters use WhatsApp for "fake news"«”25/10/2018, http://www.rfi.fr/ameriques/20181025-bresil-soutiens-bolsonaro-whatsapp-fake-news.

[3] KISELYOVA Maria, STUBBS Jack. “Russia starts blocking Telegram messenger”16/04/2018, https://www.reuters.com/article/us-russia-telegram-blocking/russia-starts-blocking-telegram-messenger-idUSKBN1HN13J.

[4] EUROPOL. “Global law enforcement action against vendors and buyers on the Dark Web”26/03/2019, https://www.europol.europa.eu/newsroom/news/global-law-enforcement-action-against-vendors-and-buyers-dark-web

[5] « Wait! 0_o Do you process take-down requests from third parties? ». In Telegram FAQ. https://telegram.org/faq#q-there-39s-illegal-content-on-telegram-how-do-i-take-it-down

[6] SINGH Manish. In The Outline, « Telegram is the hot new source for pirated content »" 21/04/2018 https://theoutline.com/post/4143/telegram-is-the-hot-new-source-for-illegal-downloads?zd=1&zi=2okrhvvs.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built= »1″ _builder_version= »3.22.4″ use_background_color_gradient= »on » background_color_gradient_start= »#c9202b » background_color_gradient_end= »rgba(204,42,45,0.56) »][et_pb_row _builder_version= »3.25″ column_structure= »3_4,1_4″][et_pb_column type= »3_4″ _builder_version= »3.25″ custom_padding= »||| » custom_padding__hover= »||| »][et_pb_text _builder_version= »3.22.4″ text_font= »Nunito Sans|||||||| » text_text_color= »#ffffff » text_font_size= »24px » text_line_height= »1.4em » header_font= »|||||||| » custom_margin= »-11px|||31px » custom_padding= »13px|| »]

 Do you want to know your level of exposure on the different layers of the Web and test our Cyber Threat Intelligence service?

[/et_pb_text][/et_pb_column][et_pb_column type= »1_4″ _builder_version= »3.25″ custom_padding= »||| » custom_padding__hover= »||| »][et_pb_button button_url= »https://www.intrinsec.com/contact » url_new_window= »on » button_text= »Contactez-nous » button_alignment= »left » _builder_version= »3.22.4″ custom_button= »on » button_text_size= »18px » button_text_color= »#e02b20″ button_bg_color= »#ffffff » button_border_color= »#ffffff » button_font= »Nunito Sans|700||||||| » button_icon= »%%86%% » button_icon_color= »#ffffff » button_icon_placement= »left » custom_margin= »21px|-30px||17px »][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]