Telegram a new alternative of Dark Web:

What is Telegram?

Telegram is a popular instant messaging service presented by Telegram Messenger Inc. It’s is just a platform like Instagram and Facebook in other words it’s a messaging app. It is compatible with Android, iOS, Windows, Mac, and Linux operating systems, and the official website is telegram.org. At the beginning of the year, the service was used by 200 million monthly active users, and this number has surely risen throughout the year.

Telegram is a freeware, cross-platform, cloud-based instant messaging (IM) software. The service also provides end-to-end encrypted video calling, VoIP, file sharing and several other features. It was launched for iOS on 14 August 2013 and Android in October 2013 by brothers Nikolai and Pavel Durov. The servers of Telegram are distributed worldwide to decrease data load with five data centers in different regions, while the operational center is based in Dubai. Various client apps are available for desktop and mobile platforms including official apps for Android, iOS, Windows, macOS and Linux. There are also two official Telegram web twin apps – WebK and WebZ – and numerous unofficial clients that make use of Telegram’s protocol. All of Telegram’s official components are open source, with the exception of the server which is closed-source and proprietary. And this is a big step up from a closed source client. If you are using WhatsApp, or any closed source app for that matter (like Messenger, Skype, etc.), you can’t know what it’s doing with your Mobile/Desktop/Laptop.

Users can send text and voice messages, animated stickers, make voice and video calls, and share an unlimited number of images, documents (2 GB per file), user locations, contacts, and audio files. In January 2021, Telegram surpassed 500 million monthly active users. It was the most downloaded app worldwide in January 2021. Unfortunately, popularity always attracts cybercriminals. Of course, big companies have better resources to ensure that their customers are safe and content, but securing Telegram is not always easy. We’ll be discussing about this in a while.

What is Dark Web?

Dark web is the hidden part of the internet that is not indexed on Google and mostly there are illegal things going on. Dark web and Deep web is quite two different things and I’ve explained it in detail in my earlier blog post. You can read it here.

So, what’s there to see on the dark web, It features 90’s styled web pages, hard to see text due to minimized TOR browser window, with no video playing & no downloading. You can see various illegitimate content links Red Rooms, Pedophilia, Hitmen for hire, Drug trafficking (remember Silk Route), Arms and weapons, Human trafficking etc. There is an onion wiki website which provides details about most of the sites available in the dark web. It is difficult that you may actually stumble across any of the aforementioned “dark contents” today because these kinds of websites or links are regularly taken down by either govt agencies (FBI) or other by hacking groups like Anonymous and other White hats hacker(s) and/or group(s).

So if curiosity is killing you by now, go ahead and download TOR and try exploring Dark Web. As I said earlier accessing and browsing dark web is detailed in my earlier blog post.

P.S. – Don’t use Windows to access the dark web, Linux will be a safer and recommended choice. Due to the number of “back doors & vulnerabilities” in Windows, the most innocent thing that would happen if someone from Dark web is on your PC is that your system might be a part of massive planned DDoS attack on some Govt sites, and it’s the best case scenario, things only get worse from there.

Is telegram really an alternative for dark web?

Over the last year, many users have shifted to chatting and texting apps such as Signal and Telegram. One of the more reputable and old texting applications, Telegram saw a torrential flow of users coming to it leaving WhatsApp. It has some great interactive features for texting which enhance the way users communicate with each other. An investigation by cybersecurity researchers into the messaging platform has revealed that private data of millions of people are being shared openly on groups and channels that have thousands of members.

Another investigation conducted by NortonLifeLock has found evidence of a “thriving illegal marketplace” on Telegram where everything from Covid-19 vaccines, personal data, pirated software to fake IDs are up for sale. The vpnMentor researchers have detailed their findings in a report where they examine the growing trend of cybercriminals sharing leaked data on Telegram. Their team joined several cybercrime-focused Telegram groups and channels to experience the illicit exchanges between bad actors for themselves. To their surprise they discovered hackers openly posting data dumps on channels, some with over 10,000 members. More worryingly, the unscrupulous users don’t even shy away from discussions on how to exploit the data dumps in various criminal enterprises.

Traditionally, data dumps like these are usually exchanged over the dark web. Moving these exchanges to Telegram has its advantages including “protecting the privacy of its members”. Also, Telegram has a lower barrier for entry as compared to the dark web and this messaging platform is also immune to Distributed Denial of Service (DDoS) attacks, web takedowns that can threaten how cybercriminals work on the normal web.

Research from VPN provider vpnMentor further cements Telegram’s position as a safe haven for cybercriminals, finding cybercriminals are using the popular encrypted communications platform to share and discuss massive data leaks exposing millions of people to unprecedented levels of online fraud, hacking, and attack.

Is there a way to keep telegram safe?

It has some great interactive features for texting which enhance the way users communicate with each other. If you are worried about privacy and security on Telegram, we will help you to keep your Telegram safe. The vpnMentor report has mentioned that Telegram has taken “limited steps” to remove groups related to hacking, but that hasn’t made much of a difference. If you did not secure your Telegram account, the risk of someone hacking it is much bigger. Generally, when the attacker hacks the account, the login is compromised. Hackers would not be able to do anything unless they gained access to your insecure Telegram account. So, how exactly can hackers breach seemingly well-guarded accounts? They often employ brute-force attacks to guess login data. If you think that cybercriminals spend hours typing in random password and username combinations to make a correct guess, you are mistaken. Hacking techniques are much more advanced nowadays, and they can use hardware and software to perform a successful brute-force attack within minutes or mere seconds. The task is especially easy if the password and username are predictable, such as password123 and admin123. Of course, passwords are not generally used to sign into Telegram.

When you sign into Telegram, you need to enter your phone number to receive a verification code that grants you access to your account. If you think that that makes your Telegram secure, you are not 100% right. In 2016, hackers were able to compromise Telegram accounts in Iran using a flaw in the SMS protocol. According to Reuters, the verification codes sent via SMS were intercepted and leaked to hackers. This allowed them to gain full access to the affected Telegram accounts, as well as add new devices to the same account to continue the attack. The flaw also made it possible for hackers to identify 15 million unique phone numbers registered with Telegram. In a situation like this, unless hackers change passwords and block your access to the account, or they send messages that you can see in your chat history, you might be unaware of the hack at all. Ultimately, if insecure Telegram accounts are hacked, attackers can spy on users and gather sensitive information that, later on, could be used to hack bigger accounts and do more harm.

We’ll start with using complex passwords and then move further with different methods to enable layers of security features which are already available. If you have already set those, you can skip this section.

How to set Password Complexity?

Telegram enables you to create a password that is strong.

Tips for complex passwords:

Usage of multiple cases of alphabets along with symbols, special characters etc.

thisislowercase
THISISUPPERCASE
ThisIsPascalCase
thisIsCamelCase
This_is_snake_case
THIS_IS_SCREAMING_SNAKE_CASE
this-is-kebab-case

Few examples,

“I love you so much” – IL0v3Y0U5OMuch
“Humpty Dumpty sat on a wall” — HumtyDumty$@t0nAwa11
“It is raining cats and dogs”– 1tsR@in1NGc@ts&Dogs!

Try adding some additions to the above,

“I love you so much.” - IL0v3Y0U5OMuchPer10d
“Humpty Dumpty sat on a wall” + Google — HumtyDumty$@t0nAwa11+G00gl
Netflix + “Humpty Dumpty sat on a wall” — humTdumt$@t0nAwa114netFLX

How to Set a Passcode on Telegram?

First of all,

  • Open the application
  • You will notice a three-line menu on the top left, tap on it.
  • Select ‘Settings’ and tap on ‘Privacy and Security’.
  • Under the ‘Security’, tap on the ‘Passcode Lock’, and you will be asked to enter a four-digit passcode.
  • Enter the passcode twice to save it. Your telegram passcode will be active.

How to Set Fingerprint Lock on Telegram?

Once you have set up the passcode, whenever you try to open the app, you will also see an option of unlocking the app with your fingerprint. You can also disable the feature if you don’t want it. Do note that the fingerprint option will only come if you have entered fingerprint data for unlocking the device under the device settings itself. It will use the same biometric data entered into the system of your device in the first place.

How to Set Auto Lock on Telegram?

For further safety of your chat data, you can also set an ‘auto-lock’ timer. By default, Telegram auto-locks the application after 1 hour. But that is too long a time, to change that, go to the ‘Auto-Lock’ option from the settings of the application, and you can keep the timer anywhere between 1 minute to 1.45 hours. You can also disable the feature from here.

How to enable two-step verification on Telegram?

You must be familiar with two-step verification, also known as 2FA or two-factor authentication. You probably have it set up on several other accounts, such as Gmail, AWS etc. If you have not secured Telegram using the two-step verification feature, we suggest you take care of that as soon as possible. Once that is done, you will need to enter a password when you sign in from a new device. Here’s a guide that shows how to secure Telegram by setting up two-step verification via the Telegram app.

  • Open the Telegram app and sign in.
  • Tap the “menu” button on the top-right corner.
  • Go to “Settings” and then to “Privacy and Security”.
  • Tap “Two-Step Verification”.
  • Create a strong password and re-enter it for confirmation.
  • Create a hint for the password.
  • Enter your email address and tap the “green check” icon.
  • Go to your inbox, open the email, and click the “confirmation link”.

How to terminate Active Sessions on Telegram?

If someone has signed into your Telegram account, you can see it in the Active Sessions menu. The feature enables you to terminate unwanted sessions, which, hopefully, should help you kick hackers to the curb.

  • Open the Telegram app and sign in.
  • Tap the “menu” button on the top-right corner.
  • Go to “Settings” and then to “Active Sessions”.
  • Tap “Terminate All Other Sessions” or select one session at a time and tap “OK” to terminate.

References:

Disclaimer

This is a personal blog. All content provided on this blog is for informational purposes only. They are collated from different sources and some are my own. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner of THIS BLOG will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information