Cybercriminals also like Telegram more and more

Telegram is a messaging app that over the years has managed to establish itself as a credible alternative to the even more widespread WhatsApp platform. A success based on the efforts of the developers who have made it more and more complete and feature-rich, and on what has always been a fundamental element of its DNA, that is to guarantee the confidentiality of its users. Telegram, like any communication tool, is inherently neutral, it can be used for purposes lawful, but also for those illegal .


In recent times it seems that Telegram has been increasingly used and appreciated by criminals . This was revealed by a recent survey conducted by the Financial Times in collaboration with Cyberint. The starting point is eloquent: recently, the study says, there has been an increase in 100 percent in the use of Telegram by cybercriminals. It is a significant detail, to such an extent that the source goes so far as to define Telegram like the new Dark Web .

This renewed interest seems to be attributable to the events that affected WhatsApp at the beginning of the year, after the announcement of the new terms of service and the new privacy policy, which, amid controversy and misunderstanding, have erroneously hinted that WhatsApp was leveling the way to new interference in personal data. Despite the reassurances and the subsequent turnaround, part of the users decided to abandon the platform by turning to Telegram, including cybercriminals who have found fertile ground to carry on their activities. The study points out:

His (by Telegram, ed.) Messaging service encrypted is increasingly popular with fraudulent businesses and sellers of stolen data because it is more convenient than using the dark web


Cybercriminals exploit the confidentiality of communications guaranteed by Telegram , but also the platform tools which are very useful for selling and sharing stolen data and the tools to carry out cybercrime. Think of the private channels , which can convey messages to a very wide but selected audience; or the ability to easily share large files (eg a large database of stolen data) away from prying eyes.

According to Cyberint, the number of mentions in Telegram of the terms “Emai: pass” and “Combo” (expressions used by hackers to indicate lists of stolen passwords that are shared) is quadrupled in ‘last year , touching quota 3. 400. The study takes as an example a (public) group of Telegram – we avoid reporting the exact name – formed by more than 47. 000 participants, used by hackers to sell or simply share database dumps consisting of hundreds of thousands of usernames and passwords. Or again, another group in which they offered themselves 300. 000 e-mail addresses and passwords, useful for obtaining illicit access to videogame platforms such as Minecraft , Origin and Uplay.

Another step of the investigation effectively explains why Telegram is eligible to take the place of the dark web and forum hackers:

in some cases it is easier to find buyers on Telegram rather than on a forum, because everything is smoother and faster. Accessing data is easier … and data can be shared much more openly generally less likely to be monitored by law enforcement.


Telegram is a communication tool for self neutral, it was said at the beginning, but it is also true that the contents disseminated within it must in any case comply with rules, and that not everything can be justified in honor of the right to confidentiality of communications. In this tension between the need to prevent crimes and respect for the privacy of users, Telegram staff has the difficult role of mediator. Telegram has confirmed that it has adopted a rule that provides for the removal of personal data (such as user names, passwords and emails) shared without the owner’s consent . 400. 000 active users – and in the end even the enhancement of the moderation tools may not be enough to annihilate illicit phenomena. In common with the Dark Web, Telegram highlights the ability of hacker groups to regroup as soon as a dark shop / forum channel is closed. For each group obscured, it is legitimate to take into account its reappearance until the members are identified and punished.

Law enforcement agencies are becoming aware of Telegram’s role as a tool used by cybercriminals (but also by criminals not cyber ) but have to deal with the position of the managers who sometimes collaborate effectively and sometimes less. For example, the request by the judiciary to close the no vax / no green pass group “Basta Dictatura” which continues to operate despite the prospect of (aggravated) crimes of instigating a crime for some of the participants.

Back to top button