End-to-End Encrypted (E2EE) Messaging Apps – New Criminal Frontier?

Ed Alcantara
Chief Cyber Intelligence Officer   BLACKOPS Cyber

End-to-end Encrypted (E2EE) Messaging has become the latest craze, but what does it really offer? The principle behind E2EE is that no one, not even the messaging app provider, should have access to the messages between two individuals. This has created an explosion of E2EE messaging apps which has not gone unnoticed by criminal networks. In fact, criminals seem to be progressing from darknet forums to apps such as Telegram at an alarming rate.

Extremist propaganda, cryptocurrency scams, human trafficking, child exploit, illegal narcotics, cyber-crime, animal poaching, arms trafficking, counterfeit documents, counterfeit merchandise and more… In just under 24 months, we have observed the trend of illicit offerings migrating from darknet black market places (hosted on Tor, I2P, Freenet) to encrypted messaging apps. This is incredibly important since criminals were formerly restricted to the limited anonymity and obfuscated features of the darknet, and it is more secure to hide criminal activity inside an E2EE system.

The Telegram messaging app was built with 256-bit encryption encoding and can handle larger chats and channels of up to 50,000 users. To show how much traffic is going through just this one app, according to Wikipedia, in March 2018, Telegram stated that it had 200 million monthly active users. Additionally, according to Telegrams’ CEO Pavel Durov, a year ago Telegram was growing at a rate of over 50% annually. Conversely, TOR started out this year with over 4 million daily users and as of the end of March was running closer to 2 million daily users (see chart from metrics.torproject.org below).


Directly connecting users

Of late, Telegram has come under such scrutiny, that iTunes had banned the app due to it being a safe haven for pedophiles and terrorist organizations. Telegram has since allegedly re-mediated the reasons for being banned and is once again available in the iTunes store for download.

However, Telegram isn’t just a breed ground for illicit activities; it has also been used as a voice for protest groups in countries under state oppression. The most recent example of this is Iran, where during anti-government protests, the app was banned. There are other countries who have banned the app for various reasons, but the most prevalent seems to be to prevent the large amount of nefarious activity.

Is everything that runs through a system claiming to be E2EE encrypted? Not necessarily… Each company decides:  how secure they want to be, which messages are E2EE, or even allowing the users to toggle their own level of encryption.

During the last 7 days we have observed 12,907 links shared in criminal and terrorist group channels on Telegram.

Check back regularly, as we will be hosting a new topic each week based on darknet intelligence and trends.  We invite comments and discussion below.


New Search Event Sampling

Tags: , , , , , , , , , , , , , ,