A journey into the dark corners of Telegram, which has become a magnet for criminals peddling everything from illegal drugs to counterfeit money and COVID-19 vaccine passes
Just a few years ago, illicit services and contraband online originated from the hidden and largely untraceable depths of the internet: the dark web. People frequenting dark websites knew how to take advantage of the anonymity offered and often managed to evade law enforcement. However, a few years later, this pattern is changing. We now see illegal products and services advertised brazenly on popular social media, where criminal markets are open to the masses, often leaving the police with little to do but monitor.
When I researched online crime with the police, selling drugs on the dark web was big business. Marketplaces like Silk Road and AlphaBay were havens for potential buyers to compare and buy anything in their sights. Protected by a cloak of anonymity, a setup that allowed money to travel through an escrow, and even a system for reviewing products on offer, these dark websites were the obvious choice for miscreants to lay low.
However, the constant shutdowns of these marketplaces and the difficulty of attracting large numbers on the dark web has forced criminal enterprises to think differently about how they access their markets. At the same time, the COVID-19 pandemic has helped open up new avenues for criminal activity, from the increased vulnerability of working from home to restricted site access and the use of vaccine passports. People are online more than ever and may also be more susceptible to illicit offers.
Who still needs the dark web?
In recent years, new platforms have emerged that criminals have co-opted, Telegram being perhaps the most notable example. Telegram is a free, open-source, and cloud-based instant messaging platform that has grown in popularity because people want privacy-focused communications. Of course, this is a completely legitimate application offering end-to-end encrypted messages and calls so that ISPs and other third parties cannot access the data.
Unsurprisingly, however, the platform has also caught the eye of criminals eager to take advantage of this privacy. Everything is on offer, from drugs, counterfeit money, stolen credit card details and other personal data to hitman services (or rather hitman scams). Notably, some sellers are also offering fraudulent NHS COVID-19 vaccination passes, certificates to enable travel and vaccination cards, each for around £200.
Worryingly, these Telegram groups can be located in moments and just a few clicks. Perhaps even more disconcerting is the number of users this information reaches. Some groups have hundreds of thousands of members, opening up the new black market to a wide audience.
But it’s not just Telegram. TikTok users also offered drugs to a market in a cheeky style. Class A drugs could be found on the site within seconds, prompting people to use the chat function to order their narcotics. The move towards easily accessible services and the way dealerships are open to communication, even on an unencrypted platform, suggests the bold efforts they are heading in to capitalize on the market among young people. Moreover, the way young people perceive daily drug use and paraphernalia online quickly normalizes drug use, which in turn exacerbates broader related problems.
down the rabbit hole
I first downloaded Telegram in 2019, but it wasn’t until the following year that I dove into its Channels feature. Channels allow anyone who downloads the app and sets it up with their phone number to search for anything they might be interested in. So, with my criminal investigator hat, I quickly searched for illegal services and contraband. I was shocked at how quickly I was offered all kinds of seemingly criminal activity. In fact, I was able to download Telegram and access these channels in less than a minute.
Once there, I met several groups in several countries, all offering advertised cards and passes to work locally. The proposed cards look relatively simple – they could have been easy to steal from a hospital. Worse, passes can provide access to international travel and events, raising troubling questions about how these scams operate on a global scale. These vendors also go a step further and offer vaccination QR codes, vaccination passports, and the ability to hack codes into the database allowing international travel and entry to places requiring proof of vaccination.
It may seem less dangerous to buy through social media channels than the dark web, or even legal, but that’s actually part of the problem. A semblance of respectability can encourage both sellers and buyers, leading to increased illicit activity. Unfortunately, these sales often fund more malicious crimes and the cycle continues.
Telegram has over 500 million users and has become more popular in recent years due to its reputation as a more secure messaging and social networking platform. While apps like WhatsApp have come under scrutiny for their data privacy, users have turned to Signal and Telegram as a better option for privacy. Unfortunately, it can also be a bit of a double-edged sword. Of course, it is essential that users are confident that their personal information and messages are kept away from prying eyes, but it can also serve as a safety net for cybercriminals due to the way their communications may be guarded. under the radar.
Cybercriminals are just as confident in their ability to evade law enforcement on Telegram Channels as they were with the dark web, but now enjoy exponentially more customers. As more and more people flock to these privacy-focused apps, the underworld awaits them with open arms.
Why are cybercriminals hard to catch even on the “open web”?
Simply put, cybercriminals are using the underlying privacy protection in Telegram and other services. Coupled with virtual private networks (VPNs) and other tools to evade capture, it’s nearly impossible to track down those using Telegram in nefarious ways. Even if devices were to be seized (and from time to time large operations do succeed), there is unlikely to be enough or any hard evidence on the devices due to the nature of the messages going missing and other popular techniques.
Police are getting better at investigating online crime and using better tactics with more resources dedicated to digital crime. When I started investigating computer crime around 2008, I could see and copy every device and locate the vast majority, if not all, of what the suspect had ever done, because everything was logged and difficult to hide or erase. Over the past decade, however, the available evidence has diminished.
One could be forgiven for blaming Telegram and its lax content moderation or even suggesting that Telegram is the fuel for this fire. On the other hand, it can be very difficult to filter out illegal content without too rigorous monitoring of users and their intentions. Communications must be encrypted and our privacy must be protected in order to generate better cybersecurity. Telegram can and has filtered out certain keywords that cannot be searched like in social media hashtags, but the criminal fraternity circumvents this by conjuring up new words so that products and services remain searchable.
Unfortunately, where there is a market, there will always be a way. Telegram and some other social media services will likely continue to be used in more “colorful” ways to help the black market. With software and techniques now widely available to erase even a hint of evidence, it’s obvious that we are slowly removing any possibility of this happening anywhere anytime soon. Channels allowing privacy will always be favored by those who want to hide in the shadows, so it is vital that everyone is aware of the problem.