Thursday, November 14, 2024

Telegram: ‘The dark web in your pocket’

Must read

BBC man smoking an illegal cigaretteBBC

A picture posted to one of the drugs channels by a member

About nine months ago while researching a story, I found myself added to a large Telegram channel which was focused on selling drugs.

I was then added to one about hacking and then one about stolen credit cards.

I realised my Telegram settings had made it possible for people to add me to their channels without me doing anything. I kept the settings the same to see what would happen.

Within a few months, I had been added to 82 different groups.

I changed my settings to stop it, but now every time I log on I am treated to thousands of new messages across dozens of extremely active illegal groups.

The arrest of Telegram’s billionaire chief executive in France has ignited a debate about moderation on his app.

Pavel Durov has been charged for suspected complicity in allowing illicit transactions, drug trafficking, fraud and the spread of child sex abuse images to flourish on his site.

There is no doubt that criminality is happening on other social networks too, but my experiment hints at a broader problem that many in law enforcement have been concerned about for years.

Here is a flavour of some of the groups to which I have found myself added.

All the images were posted to the groups, and we have altered the names of the channels so as not to advertise them.

Phone and a large amount of cash

Card Swipers group (15,700 members) sells stolen cloned credit cards and ships worldwide. Images and videos show criminals successfully draining ATMs using the faked cards and holding wads of cash

balls of marijuana

Drugs Gardens official (9,119 members) Sells marijuana, marijuana cookies, and illegal vapes. Videos and images of products and customer reviews are shared regularly

a list of different drugs being offered on the channel

Memories and Drugs (6,253 members) Almost every drug imaginable is being offered for sale, with strings of Telegram channels advertising dozens of vendors in cities all over the world

a hand holding a gun

Contraband Network (5,084 members) A group sharing advice, and vendors selling everything from prescription drugs to stolen credit cards and guns

A picture of the inside of an aeroplane cabin

Gift cards forum (23,369 members) A marketplace selling fake vouchers and gift cards for AirBnB, Marriott Hotels, American Airlines, Amazon, Apple, Walmart and dozens of other companies

Image of stolen passports

New Dawn Market (222 members) Marketplace selling hacking tutorials, malicious software and stolen credit cards and passports

It is no wonder some people, like cyber-security podcaster Patrick Gray, have been describing Telegram for months as “the dark web in your pocket”.

The dark web is a part of the internet that can only be accessed using specialist software and knowledge. Ever since the launch of the Silk Road marketplace in 2011, there has been a steady conveyor belt of websites selling illegal goods and services.

Speaking about the shock arrest of Mr Durov, Mr Gray said on his podcast Risky Business that Telegram has been a haven for crime for a long time.

“We are talking about child sexual abuse material, we’re talking about drug sales, we’re talking about absolutely dark web levels of criminality that they’re just doing nothing about,” he said.

A post promoting Telegram channels

Telegram has become a popular place for criminals to attract customers

Criminals like the dark web because of the anonymity it provides – internet traffic is bounced around the world, obscuring people’s locations. Pinpointing who is behind certain usernames is extremely challenging.

Researchers at cyber-security company Intel471 say that “pre-Telegram this activity was predominantly done in online markets hosted using hidden dark web services” but for lower-level, lesser-skilled cyber-criminals, “Telegram has become one of the most popular online destinations”.

The hacker group Qilin, which held NHS hospitals to ransom earlier this summer, notably chose to publish stolen blood test data on its Telegram channel before its dark web website. The deepfake service used to create fake nudes of schoolgirls in Spain and South Korea also runs its full service, including payment, on Telegram.

Some of the Telegram criminal channels I was added to seem to have a presence on Snapchat and drug dealers can be found on Instagram too, where deals are no doubt being made in private chats.

But drug dealers can often be seen advertising their Telegram channels on those other sites to funnel people to that platform.

In January, state police in Latvia set up a separate unit specialising in monitoring chat apps for drug trafficking and communication, and officials have named Telegram as a particular concern.

Child abuse material

Telegram says that its moderation is “within industry standards”, but this week we have seen evidence to the contrary related to an area of criminality far less visible (and one I did not search for) – child sexual abuse material.

On Wednesday, the BBC learned that while Telegram does respond to some takedown requests from police and charities, it is not participating in programmes aimed to proactively prevent the spread of images and videos of child sexual abuse.

Not doing enough to police child sexual abuse material (CSAM) is one of the chief allegations from French prosecutors.

“At the heart of this case is the lack of moderation and co-operation of the platform, in particular in the fight against crimes against children,” said Jean-Michel Bernigaud, the secretary general of French child protection agency Ofmin, on LinkedIn.

Telegram told the BBC it does proactively search for illegal activity, including child sexual abuse, on its site. It said undisclosed action was taken against 45,000 groups in August alone.

The press office did not respond to follow-up questions about this or anything else in this article.

Not co-operating with police

Moderation is only part of the problem for Telegram. Its approach to police requests to remove illegal content and pass on evidence is another criticism.

As Brian Fishman, a co-founder of Cinder, a software platform for trust and safety, posted: “Telegram is another level: it has been the key hub for Isis for a decade. It tolerates CSAM. It’s ignored reasonable law enforcement engagement for years. It’s not ‘light’ content moderation; it’s a different approach entirely.”

Some might argue that Telegram’s privacy features mean that the company does not have much data about this activity to report to police. This is the case with ultra-private apps like Signal and WhatsApp.

#freedurov imagery

A campaign began online to get Mr Durov released

Telegram offers users similar levels of privacy if they opt to create a “Secret Chat” which uses the same end-to-end encryption that those apps do. It means the activity inside a conversation is completely private and not even Telegram itself can view the contents.

However, this function is not set as default on Telegram, and it seems that most of the activity on the app – including on those illicit groups I was added to – are not set as “secret”. In fact, group chats can’t be set as ‘Secret’ at all.

Telegram could read all content and pass it on to police if it wanted to, but it states in its terms and conditions that it does not.

“All Telegram chats and group chats are private amongst their participants. We do not process any requests related to them,” the company’s terms and condition read.

In June Pavel Durov told journalist Tucker Carlson that he only employs “about 30 engineers” to run his platform.

Telegram’s cold approach to law enforcement is something that I have been told about on the fringes of press events by frustrated police officers.

French authorities noted in their statements about Mr Durov’s charges that police there and in Belgium had historically an “almost total lack of response from Telegram to legal requests”.

Freedom of speech

In spite of all the criticism against Telegram’s approach to moderation, there are some who are concerned that Mr Durov’s arrest is a troubling time.

Reuters Pavel DurovReuters

Mr Durov is not allowed to leave France and must regularly report to police stations

Digital rights organisation Access Now says it is watching developments with great concern.

In a statement, the campaigners for an open internet said that Telegram is “no model for corporate responsibility” and that the group had criticised the app many times in the past.

Access Now warns, however, that “detaining the staff of platforms that people use to exercise their rights to free expression and peaceful assembly, without demonstrable alignment with human rights principles, may result in over-censorship, and could further shrink civic spaces”.

Telegram itself has repeatedly said that “it is absurd to claim that a platform or its owner is responsible for the abuse of that platform”.

Elon Musk, fellow billionaire and owner of X (formerly Twitter), has condemned the arrest and described it as an attack on freedom of speech. He is calling for Mr Durov to be released.

So too are some of the criminals on the Telegram groups I am now a member of, with FreeDurov imagery being shared in English and Russian widely.

Latest article