In today’s increasingly digital world, cybercrime and online criminal activities pose significant threats to individuals, businesses, and governments alike. One of the most effective strategies in combating these threats is the comprehensive monitoring of criminal forums and platforms. This approach provides invaluable insights into emerging threats, criminal tactics, and potential vulnerabilities, allowing security professionals to stay one step ahead in the ever-evolving and fast changing threat landscape.
Criminal forums and hidden or encrypted services serve as hubs for illicit activities, where cybercriminals exchange information, trade stolen data, and collaborate on new attack methods. These platforms span a wide range of mediums, from dark web marketplaces to encrypted messaging apps and invite-only forums. By actively monitoring these spaces, CYJAX can identify emerging threats, track stolen data, understand criminal tactics, support disruption of criminal operations through partnerships, enhance threat modelling, stay ahead of ransomware trends and help identify and protect against insider threats.
The popular messaging app Telegram is one such hidden service. Telegram, launched in 2013, has become known for its strong encryption and commitment to user privacy. These features have made it popular among those seeking secure communication with over 950 million active users worldwide, including activists and dissidents in authoritarian regimes. However, these same attributes have also made Telegram attractive to criminal elements.
Law enforcement agencies worldwide have expressed concerns about Telegram’s use by terrorist groups, drug traffickers, and other criminal organisations. The platform’s secret chats feature, which offers end-to-end encryption and self-destructing messages, has been particularly controversial. Critics argue that this level of privacy makes it difficult for authorities to monitor and prevent illegal activities.
Of course, Telegram remains prominent as a means of secure communication for many, not least within the current Russia / Ukraine conflict where not only has Telegram been used to muster and coordinate the Ukrainian ‘cyber army’ but is also a vital tool for the Russian and Ukrainian troops on the ground for command and control of operations and intelligence flow. Accessing these public, sometimes hidden or closed channels is a vital source of geopolitical intelligence for CYJAX.
Pavel Durov, the founder of Telegram, was reportedly arrested on Saturday 24 September 2024 in France, sparking renewed debate about the platform’s role in facilitating criminal activities. The arrest has brought increased attention to Telegram’s policies and its usage by various groups. Although it is claimed that this is not a politically motivated arrest, the detention and subsequent bail with conditions of the founder has raised comment from leaders of countries including France and the UAE, which both provide citizenship for him. Additionally, comments from the leaders of Iran and Russia have provided understanding of the political impact Telegram has within these regimes. Within Telegram itself, the arrest sparked a significant spike in mentions of Durov’s name, especially within Cyber threat groups, protest groups and activist / extremist groups as highlighted in figure 1 below.
The importance of monitoring the groups within these hidden services is then highlighted by the identification of resulting retaliatory action by threat actors being monitored therein. While protest groups appeared to show interest in the arrest and then return to their usual behaviour, as seen in figure 2, cyber threat actors and extremist groups chose to discuss retaliatory action, raising the hashtag #FreeDurov and #FuckFrance, as seen in figure 3.
Hacktivist groups then picked up the “cause” with the result being a spike in Distributed Denial-of-Service attacks against French companies and infrastructure as seen in figure 4.
Durov and Telegram have consistently defended their stance on privacy, arguing that the benefits of secure communication outweigh the potential for misuse. They maintain that the platform cooperates with law enforcement to prevent terrorist activities while still protecting user privacy.
The arrest of Durov could have significant implications for Telegram’s future and for other platforms offering encrypted messaging. It may lead to increased pressure on the company to modify its policies or provide backdoor access to authorities. However, such changes could also drive users to alternative platforms, potentially fragmenting the secure messaging landscape.
As the situation develops, it highlights the ongoing tension between privacy rights and law enforcement needs in the digital age. The outcome of this case could have far-reaching consequences for how encrypted messaging platforms operate and are regulated globally.
It is important to note that while Telegram has been used for criminal activities, it also serves many legitimate purposes and is valued by millions of users for its security features. The challenge moving forward will be finding a balance which addresses law enforcement concerns without compromising the privacy and security that many users depend on.
CYJAX continues to provide threat intelligence across a number of threats themes, including cyber, protests and physical security, extremist and geopolitical. Monitoring hidden services such as Telegram is key to being able to provide strategic and tactical intelligence insights.
Receive our latest cyber intelligence insights delivered directly to your inbox
Simply complete the form to subscribe to our newsletter, ensuring you stay informed about the latest cyber intelligence insights and news.