Cybercrime , Fraud Management & Cybercrime
Telegram Pledges Closer Cooperation With Police
Embattled CEO Pavel Durov Says Telegram Will Release IP Addresses, Phone NumbersEmbattled Telegram CEO Pavel Durov signaled a more cooperative relationship with law enforcement, telling users Monday the messaging service will provide IP addresses and phone numbers "in response to valid legal requests."
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Durov faces criminal charges in France, where authorities in late August arrested the native Russian, naturalized French owner of the messaging and social media platform on charges of complicity in hacking, distribution of child sexual abuse material and refusal to act on law enforcement requests (see: French Prosecutors Detail Motives for Telegram CEO Arrest).
The platforaficially based in the United Arab Emirates - where Durov also holds citizenship - gained fame for a combative stance against takedown requests and for refusing to turn over account holder information.
Durov also announced Monday on his Telegram channel that the company deployed artificial intelligence and content moderators to update the search engine and remove "problematic content."
"Telegram Search is meant for finding friends and discovering news, not for promoting illegal goods," Durov said.
Telegram hasn't always rejected government demands, winning in 2020 a reversal from the Russian government on a ban instituted two years earlier, after authorities said Durov demonstrated a willingness to cooperate with stopping "terrorism and extremism."
Monday's announcement should probably worry cybercriminals active on the site, said Allan Liska, principal intelligence analyst at Recorded Future. "It depends on their OpSec, which as we've repeatedly seen from recent takedowns, is not as good as most cybercriminals think it is."
Yelisey Bohuslavskiy, co-founder and a partner at threat intel firm RedSense, encouraged cybercriminals to be very worried. Most cybercriminals on Telegram come from the ranks of carders, hackers who sell stolen payment card data. "Telegram was considered secure for cybercrime communities," he told Information Security Media Group.
Unlike other hackers who prize security above all else, carders need a marketplace to sell stolen payment card data - and they created open channels on Telegram. "There are other channels for developing botnet malware, crimeware, especially financial crimeware, but they're all connected one way or another to the carding ecosystem," Bohuslavskiy said.
Although cybercriminals undoubtedly use VPNs or proxies to shield their real IP address, surrogate IP addresses can still provide law enforcement with useful information if they're able to obtain enough data to identify patterns such as the same IP address active carding and malware forums.
"I think phone numbers should be way more frightening for criminals," Bohuslavskiy said. IP addresses are easy to change; phone numbers are harder, he said. "Even criminals - they don't change phone numbers that often." Despite the terrible OpSec implications, more than one cybercriminal has even registered for accounts using a phone number tied to their real identity.
Criminals should also be concerned over Telegram's assertion that it beefed up its search engine to identify illicit channels, Bohuslavskiy said. It's possible that private channels could be subject to monitoring, once they're identified. The Russian version of Durov's Monday missive could be read as stating that improved search is not limited just to public channels, he added.
Monday's changes come after Durov in early September announced a raft of modifications, including the disabling of new media uploads to blogging tool Telegraph, "which seems to have been misused by anonymous actors," he said.