Telegram: From Chatting to Crime—What’s Really Happening?

Pavel Durov, the CEO of Telegram, was arrested at Paris-Le Bourget Airport on August 26, 2024. This arrest is part of a broader judicial inquiry by French authorities, focusing on several serious allegations against Telegram and its use by cybercriminals.

Overview of the Controversy

• Key Issue: The controversy centers around the detention of Telegram's CEO by French authorities. This has brought into question the platform’s adherence to legal standards and its potential role in illegal activities.
• Legal Implications: The document discusses the potential legal outcomes for Telegram, including fines, restrictions, or even a possible shutdown in certain jurisdictions.

Background and Context

Telegram is a multi-platform messaging service launched by the Durov brothers in 2013. It allows users to send messages, photos, videos, and files up to 2GB, create groups and channels, and offers optional end-to-end encrypted chats. Telegram’s focus on privacy, encryption, and an open-source API has made it popular, but it also has downsides, such as limited transparency about its encryption and occasional cooperation with law enforcement.

Company Claimed Current Privacy and Security Features

• End-to-End Encryption: Telegram offers end-to-end encryption for its “Secret Chats,” meaning only the sender and receiver can read the messages. However, this feature is not enabled by default for regular chats.
• Anonymity: Users can join groups and channels without revealing their phone numbers, which provides a layer of privacy.

Charges against Pavel Durov

• Web-mastering an online platform in order to enable an illegal transaction in organized group. (complicity)
• Possessing pornographic images of minors (complicity)
• Acquiring, transporting, possessing, offering or selling narcotic substances (complicity)
• Criminal association with a view to committing a crime or an offense punishable by 5 or more years of imprisonment
• Providing cryptology services aiming to ensure confidentiality without certified declaration
• Providing a cryptology tool not solely ensuring authentication or integrity monitoring without prior declaration
• Offering, selling or making available, without legitimate reason, equipment, tools, programs or data designed for or adapted to get access to and to damage the operation of an automated data processing system (complicity)

Types of Potential Crimes taking place at Telegram

• Personal and Corporate Data - Telegram channels and groups are used to sell and share stolen personal and corporate data. This includes usernames and passwords for online services, personal identifying information (PII), and corporate documents.
• Ransomware and Data Extortion Groups - Ransomware and data extortion groups use Telegram to promote their attacks and leak stolen data. Groups like Lapsus$ and Stormous have gained attention for their high-profile attacks and use of Telegram to publicize their activities.
• Hacktivism - The platform’s features and lenient moderation policies make it a suitable tool for hacktivists to communicate and organize their activities.
• Illegal Physical Products - Telegram is used to sell various illegal physical products, including counterfeit luxury goods, COVID-19 documents, drugs, and guns.

Case Studies

1. SiegedSec - A Telegram channel that shares corporate, educational, and government-related databases. The group also defaces websites and promotes their hacking skills.
2. Checks Grub Shop - A group that sells stolen credit card information, counterfeit checks, and bank logs.
3. Lapsus$ - A data extortion group that targets high-profile entities and uses Telegram to publicize their attacks.
4. REDLINEVIP and Palm Team

• REDLINEVIP: A channel that sells logs harvested by info-stealers. The channel has gained popularity and increased its prices over time.
• Palm Team: A group of traffers that uses Telegram to coordinate activities and distribute malware. They offer various tools and support for their members.

5. Delhi Police Cyber Fraud Bust - In January 2024, the Delhi Police arrested four individuals involved in a significant cyber fraud operation using Telegram. The suspects, Harish Kumar, Vipul Sharma, Shiv Pratap, and Om Prakash were engaged in a scam worth ?60 lakh (approximately $80,000).

Suggestions for a Common Man using Telegram

Enable Security Features

• Two-Step Verification: This adds an extra layer of security to your account. To enable it, go to Settings > Privacy and Security > Two-Step Verification and set up a password.
• Secret Chats: Use Secret Chats for sensitive conversations. These chats are end-to-end encrypted and can be set to self-destruct after a certain period.

Be Cautious of Unknown Links and Files

• Avoid Clicking on Unknown Links: Cybercriminals often use links to spread malware. If you receive a link from an unknown source, do not click on it.
• Do Not Download Suspicious Files: Files from unknown contacts or groups can contain malware. Only download files from trusted sources.
• Check the Source: If you receive a message from an unknown contact or group, verify the information before taking any action. Scammers often impersonate legitimate organizations.

Report Suspicious Activity

• Report and Block: If you encounter illegal or suspicious content, report it to Telegram. You can do this by opening the chat, tapping on the contact or group name, and selecting Report and Block.
• Stay Informed: Keep up to date with common scams and threats. Awareness is key to recognizing and avoiding potential dangers.

Use Strong Passwords

• Create a Strong Password: Use a combination of letters, numbers, and special characters. Avoid using easily guessable information like birthdays or common words.
• Change Passwords Regularly: Regularly update your passwords to enhance security. Avoid reusing passwords across different accounts.

Be Mindful of Public Wi-Fi

• Avoid Sensitive Transactions on Public Wi-Fi: Public Wi-Fi networks can be insecure. Avoid conducting sensitive transactions, such as online banking, when connected to public Wi-Fi.
• Use a VPN: A Virtual Private Network (VPN) can provide an additional layer of security when using public Wi-Fi.

Suggestions for Cyber Professionals

Cyber Professionals play a crucial role in identifying, monitoring, and mitigating cybercrime activities on platforms like Telegram. Here are some steps they can take while tackling anything similar going ahead:

Continuous Monitoring and Threat Intelligence

• Automated Monitoring Tools and Advanced Threat Detection: Utilize automated tools (like Flare etc.) to monitor Telegram channels, groups, and chats for suspicious activities.
• Machine Learning and AI: Implement machine learning and AI techniques to predict and identify potential threats.
• Keyword and Pattern Recognition: Implement keyword and pattern recognition algorithms to detect coded language and alternative spellings used by cybercriminals.

Government and Law Enforcement Collaboration

Close cooperation with law enforcement agencies is crucial. Cyber researchers should work with these bodies to ensure that evidence is properly collected and can be used in court. Cyber officials at leadership forums should also advocate for better laws and regulations that facilitate such cooperation without compromising user privacy unnecessarily.

Legal and Regulatory Advocacy

Researchers should work with governments to create regulatory frameworks that require messaging platforms to take more responsibility for preventing cybercrime while protecting user rights.

Assessing 3rd party App's Security

• Bug Bounty Programs: If the third-party app has a bug bounty program, ethical hackers can legally search for vulnerabilities and report them through the proper channels.
• Responsible Disclosure: Ethical hackers can identify vulnerabilities and report them to the app’s security team under a responsible disclosure policy.
• Private Networks and Sandboxes: Ethical hackers can create controlled environments that mimic aspects of the third-party app’s operation and can test for common vulnerabilities.
• Social Engineering Simulations: Instead of targeting the app directly, ethical hackers can simulate how attackers might exploit the app for phishing or social engineering attacks.
• Open-Source Intelligence (OSINT): Researchers can gather information from public sources to identify potential vulnerabilities or threats related to the app.

How can organizations protect themselves from threats originating on Telegram?

To protect themselves from threats originating on Telegram, organizations can implement a comprehensive strategy that includes the following key measures:

Continuous Monitoring and Threat Intelligence

• Active Monitoring: This can be done by subscribing to threat intelligence services that specialize in monitoring encrypted platforms.
• Use of Threat Intelligence Platforms (TIPs): These platforms aggregate data from various sources, including Telegram, to provide insights into emerging threats.

Employee Education and Awareness

• Training Programs: This includes phishing awareness, secure communication practices, and incident response protocols.
• Public Awareness Campaigns: Conduct public awareness campaigns to educate users about the risks associated with using Telegram and other messaging platforms.

Network Security Enhancements

• Intrusion Detection and Prevention Systems (IDPS): Implement IDPS that can detect and block suspicious activity associated with Telegram-originated threats.
• Endpoint Security Solutions: These solutions should include anti-virus, anti-malware, and endpoint detection and response (EDR) capabilities.

Content Filtering and Data Loss Prevention (DLP)

• Content Filtering: Use content filtering tools to block access to known malicious Telegram channels and groups.
• Data Loss Prevention (DLP): Implement DLP solutions to monitor and control the transfer of sensitive data over Telegram.

Secure Access and Identity Management

• Multi-Factor Authentication (MFA): Enforce MFA for any Telegram accounts used for business purposes.
• Zero Trust Architecture: Adopt a Zero Trust approach, where every access request is treated as a potential threat until verified.

Incident Response Planning

• Incident Response Team: Ensure that the organization has a dedicated incident response team that is trained to handle breaches that may involve Telegram.
• Regular Drills: Conduct regular incident response drills that include scenarios involving threats from Telegram.

Conclusion

From distributing malware and stolen data to facilitating fraud and illegal trade, the platform’s misuse poses significant risks. To protect yourself, enable security features, be cautious of unknown links and files, verify information, and report suspicious activities.