A new report by KELA Cybercrime Intelligence outlines the ways in which Telegram is gaining ground on traditional darknet markets as a go-to platform for vendors seeking to sell illicit goods and services. The 59-page report not only compares and contrasts the differences between Telegram and the darknet but describes why it is an increasingly preferred choice among drug vendors and cybercriminals.
Services traditionally provided by darknet markets now being replicated on Telegram include sales of drugs and other illicit goods, stolen personal data, accounts, credit card information, social media services, and malware or malware-as-a-service subscriptions. KELA posits the reason for the growth of such markets on Telegram being that it “doesn’t require any knowledge of the cybercrime ecosystem and allows users to perform the whole process in a few clicks,” rather than having to download the Tor browser, create a darknet market account and learn PGP encryption.
Telegram channel offering the sale of marijuana and THC-containing products.
Also mentioned in the report were the downsides to using Telegram for purchases of drugs or other illicit goods, which include a strong likelihood of being scammed if a user does not know how to find a group or channel with a good reputation, as well as the fact that legitimate vendor feedback is often scarce and hard to find. There are almost no resources dedicated to community-led channel feedback to be found anywhere as well, making it very hard to determine which channels are legitimate versus which are scams.
While Telegram is a centralized service with its servers based in the country of Singapore (as opposed to the Tor network which is a distributed, community-run service), KELA points out that the app’s focus on user privacy render it a suitable platform for many vendors:
“The app’s features and design make it tough for security experts to gather evidence and hunt down offenders. The app’s use of anonymity, the ability for users to establish many identities and easily switch between them, the feature that allows users to delete conversation at both sides and to set a self-destruct timer for messages, as well as the use of non-personal phone numbers make researching criminality on Telegram a difficult process.
Furthermore, Telegram’s enormous and active user base makes monitoring and investigating all platform activities challenging.” – KELA Cybercrime Intelligence
Reliance on an app provided by a private company has its costs, however. The centralization of the service has reportedly been exploited, with threat actors claiming to provide access to Telegram’s service for a fee of $20,000, which they were able to achieve with the help of a Telegram employee. This could potentially allow anyone to read activity logs pertaining to specific channels and thus gain access to drug vendor sales records, customer shipping info, etc.
Launched in 2013 by Nikolai and Pavel Durov, Telegram is one of the world’s most popular messaging platforms, surpassing 700 million active users in June 2022. Its app is open source and one of the top five most downloaded in the world. The platform is renowned for its commitment to protecting user privacy, requiring no registration data from its users beyond a phone number.