Anyone looking for black market offers for narcotics, weapons or stolen accounts on the Internet usually had to try the Tor browser and know how to use it correctly. In the meantime, however, such offers can also be found easily via the Telegram messenger. All you have to do is use the global search function in Telegram and type in the desired goods. There, the app not only lists individual providers, but also entire groups and channels in which dealers present illegal goods of all kinds. During our research, it only took minutes to come across vendors selling hard drugs like heroin, cocaine, and crystal meth. We also found what we were looking for with other search terms and were presented with sharp weapons and fake master craftsmen’s certificates.
The technical hurdle at Telegram is so low that even less experienced users can find these groups and participate in them. All you need to use the messenger is a smartphone that can receive a one-time SMS for registration. Quite different in the “classic” Darknet: You would first have to set up the Tor browser and understand the concept of the Tor network. While the Tor network is notoriously slow and services and sites often change addresses, Telegram communication and trading happen in real time and the providers are easy to find. The framing of the professionally designed messenger also makes the channels look considerably more serious than the Tor platforms, which are often reminiscent of the web of the 90s. And on Telegram you will find all the offers in German.
Professional infrastructure
In so-called advertising groups, people post references to other groups or offers. The whole thing often looks like a loose composite of unsorted posts. The groups are managed by their administrators with the support of sophisticated bots. The bots separate people from other bots, greet new members and tell them the group rules. Such bots are also used in completely legal chat groups. There are also typical elements for legal trading platforms such as regular special offers, product evaluation systems or bonus programs. In many of the groups, at least the rules prohibit the trade in narcotics, drugs and weapons, but this is not consistently enforced.
The offers in the groups do not only include weapons and drugs. The dealers also offer prescription drugs, anonymous SIM cards or stolen accounts from streaming services. Hollywood films are uploaded on some channels – alternating with conspiracy propaganda. Telegram allows files to be uploaded up to a maximum of 2 GB in size. But that’s enough for a full-length feature film in Full HD. Anonymous SIM cards and software copies for various operating systems are also traded there.
Counterfeit documents and products
Classic counterfeit products were previously more likely to be found on Facebook and in forums. Now they have spread to Telegram. The dealers offer counterfeits from luxury brands such as Dolce & Gabbana or Gucci. Product review fraudsters who falsify shop reviews will also find so-called “testers” here. These providers reimburse customers for the purchase price of certain products on platforms such as Amazon if they write positive product reviews. The aim is to upgrade the often very cheap products. Providers of illegal IPTV and card sharing services also report to the groups almost every day.
There is also a trade in forged documents. One of the providers we found in the course of our research gives you fake registration certificates, master craftsmen’s certificates or MPU reports for 70 to 1250 euros – payable by Bitcoin. According to the provider, the documents are all provided with real signatures and stamps on “original paper”. The interaction with the dealer shows how professional the service works. Communication takes place using a sophisticated Telegram bot that has submenus for numerous document types. Once you have clicked on the desired product, you get a link to a Bitcoin payment service provider.
The bot sends users who do not have bitcoins links to services that help them convert cash into bitcoins. If you have further questions, you will find a detailed collection of FAQs that provide information on delivery times and necessary dates. Customer insecurities are dispelled with well-made info texts that claim that the documents were created by “partners & employees of the respective institution”. The forged documents are then sent by post or as a PDF with delivery times between three days and four weeks.
Telegram does not delete
The fact that Telegram is so attractive for such offers as it is for extremists is due to the fact that the operator only deletes very little, even after reports from users. The groups that we reported eight weeks ago had not been deleted by the time we went to press, despite obviously illegal trade.
In addition, Telegram sticks to the fact that it is safer and more anonymous than other messengers. But that’s only partly true. While with the often scolded WhatsApp all communication is end-to-end encrypted, with Telegram you have to start a private chat for this. A normal chat is only transport-encrypted and runs in plain text via the Telegram server. In principle, Telegram cannot encrypt group chats and channels end-to-end. In addition, the encryption called MTProto was developed by the company itself and has been criticized by some cryptologists.
That seems to give some users and providers a feeling of security, so that they appear with real names or visible telephone numbers. Perhaps, however, the low entry barrier will take its revenge and users are not aware of its easy identification.
Authorities have little access
For the police, trading via Telegram is difficult to punish, because Telegram does not give out any data on users. It is not known where the servers of the service are located. The Russian company has already resisted attempts by the Russian government to pass on the encrypted data of its users. In the meantime, the government has stopped its efforts and lifted a ban on the messenger.
It is known that the BKA has been monitoring Telegram for a long time. For this, there is the possibility of using several devices with one Telegram account. All that is required to register is an SMS, which the authorities can easily intercept. This only works if two-factor authentication is not active.
The BKA told c’t that the offers on the Darknet have become more professional over the years, but it is also noticeable in Telegram groups that “more and more administrative structures such as moderators who check dealers are being formed . ”
At the request of c’t, the Bavarian State Criminal Police Office announced that it was known “that the Telegram chat platform is occasionally used for criminally relevant matters”. However, there are no findings on specific current processes on the platform. Furthermore, the Bavarian LKA assumes “that potential incriminated transactions are preferably carried out via the Darknet or TOR network, since there is a much higher technical effort to conceal the identity of buyers and sellers”.
According to the Federal Ministry of Justice, the Network Enforcement Act (NetzDG) does not apply to Telegram, which obliges providers to report such cases. “When the NetzDG was created, the focus was deliberately placed on the large social networks that are particularly relevant for the public exchange of views,” said a spokeswoman for the Federal Ministry of Justice.
Old patterns, new ways
The trade in illegal goods is not a new problem. Until now, however, a minimum of technical expertise was required on the Internet to get such offers. The findability via Telegram lowers the hurdle massively. Even inexperienced users can find drugs, weapons and counterfeits in seconds.
This article is from c’t 18/2020.(mls)
