Telegram has become popular among dark web users looking to leverage on its user friendly platform. There has been a rising trend where cybercriminals are using the messaging app for sharing leaked data and dark web-facing child sex abuse material.
A host of cybersecurity findings have pointed to the existence of data dumps in Telegram channels, some of which boast more than 10,000 members. In addition, it turns out that the threat actors are always holding open discussions to guide the process of exploiting the data.
Experts attribute this rise in popularity of Telegram to some of the advantages that users expect over the dark web. The main selling point has to be the lower barrier of entry for users, which rival dark web markets that are becoming increasingly difficult to access.
Telegram’s relative immunity to Distributed Denial of Service (DDoS) attacks appears to be another advantage that has kept Telegram channels teeming with dark web users. In the recent past, DDoS attacks have sent entire dark web markets to their knees through extortionist campaigns by fellow cybercriminals.
Further, some dark web users are choosing Telegram over the hidden markets in response to the growing likelihood of darknet law enforcement takedowns. Both concerns are pegged on the uncertainty suffered by cybercriminal establishments in light of sustained operations.
Telegram Cannot Be Trusted
Expectedly, Telegram has grown to a 100 million+ user base – you might even be one of them.
Contrary to the company’s marketing, analysts have lifted the lid on the fact that the messaging app is not as secure as we may all want it to be. Various encryption pundits have unmasked a wide range of security shortcomings that may place dark web users in harm’s way.
The first problem lies in the encryption itself – the app does not engage end-to-end encryption by default despite that same expectation by many of its users. The large majority of Telegram users have not realized that the app’s end-to-end encryption only works when the function is switched on by the user.
Worse, reports of Telegram leaking user metadata are not uncommon. Some threat actors have been able to figure out a method of accessing information about when a user was online or offline (despite the option being turned off by target user. This seemingly-harmless flaw may easily be exploited by cybercriminals to determine the identity of a user and when they use Telegram.
Cybersecurity experts also made a 2020 discovery about the vulnerability of Telegram’s supposedly-encrypted secret chat feature. They noted a security issue that allowed the storage of users’ passwords in pain text.
Against these backgrounds, if you are looking to communicate securely, we recommend that you do away with Telegram in favor of other encrypted messaging apps like Signal and Wickr. There is no escaping the fact that Telegram has too many potential flaws that may defeat your desire to communicate privately and securely.