Attaining a secure information exchange is a challenge within the current digital landscape.
Authorities and surveillance agencies are increasingly poking their nose into our personal lives, all with the facade of maintaining law and order.
But even if we manage to swallow this bitter pill for the greater good and succumb to online surveillance, cybercriminals are always the looming threat.
But let’s backtrack a bit! The very notion of any third party monitoring our data is nonetheless blood-curdling. Therefore, encrypted messaging services have become more or less a dire need.
However, like every good privacy enabling tool, helping innocent people gain internet freedom, these encrypted messaging services can potentially face exploitation.
Such as the TOR network designed for online anonymity now has a tainted reputation due to its connection with the dark web.
And now, encrypted messaging services will likely become the modernized dark web version! But how is that even possible?
Encryption has long been a secure and reliable method of securing information and internet traffic. It is the method that converts data into unreadable form preventing anyone other than the intended receiver from viewing it.
Quite like that, an encrypted messaging service or secure messaging ensures data protection and security while in transit. These platforms protect anyone from monitoring or snooping into private conversations.
These services provide end-to-end encryption to ensure protection from the sender-to-receiver end and vice versa.
Within various apps, this end-to-end encryption also extends to phone calls made on these applications.
This end-to-end encryption method is by far the most secure method of information exchange and communication.
Its security stems from the fact that the encryption occurs at the device level-meaning that the data gets encrypted before it leaves your device and only gets decrypted once it reaches the receiver’s device.
With this, while in transit, the information remains secure, and any threat actor willing to monitor or snoop into information does not have access to it since they don’t have the designed decryption key.
Instead, secure messaging services have secret encryption and decryption keys embedded within the user’s device, making it harder for any theta actor to access it.
This end-to-end encryption method utilizes the private-public key pair, which uses separate cryptographic keys for encryption and decryption of messages at respective ends. The public key encrypts a message allowing users to send secure messages.
The private key works in harmony with the public key and is already present with the receiver. It decrypts the encrypted message sent through the public key.
Each person has its own set of public and private cryptographic keys within end-to-encryption deployed by encrypted messaging services.
The dark web is the deepest part of the internet, where secretive activities often occur.
While it is notorious as a digitized criminal underworld, the dark web has initially been a platform for anonymous information exchange, which is why whistleblowers, activists, and even journalists often use it.
While the dark web is notorious for criminal activity, it continues to thrive as the users remain inaccessible to the government and surveillance agencies.
They access the dark web through the TOR network, which maintains online security and anonymity.
Therefore any information exchange that goes on over the dark web can potentially remain hidden from law enforcement and surveillance agencies, making it a suitable place for illicit activities,
When it comes to encrypted messaging platforms, things are somewhat similar. They protect user identity and privacy through a strict no-log policy and secure encrypted messaging.
Admittedly these measures allow secure information exchange and help maintain online privacy. And that is undoubtedly a good thing since privacy is a fundamental human right.
However, cybercriminals can use such platforms for various illicit activities.
Secure encryption and the absence of logs hinder surveillance agencies from monitoring online activities on encrypted chat platforms giving threat actors the liberty to use them for their evil intentions.
So far, the notion of encrypted chat platforms getting exploited for illicit activities has largely been a concept.
This very concept has led various surveillance groups into pressuring private messaging and email platforms into sharing user information. A good example is ProtonMail.
However, threat actors have taken to breathing life in this concept over Telegram.
Launched in 2013, Telegram has more than 500 active users primarily because the platform is secure and easy to use.
Moreover, it has several features that make it an ideal platform for extensive group activities, such as:
Such features and security have helped the platform receive popularity, and now it has exploded as the hub of criminal activities.
Threat actors have started using this secure messaging platform to share stolen data and hacking tools or carry out the drug trade.
Previously, there have also been issues of fake vaccine card sales on Telegram.
In recent research conducted by the cyber threat intelligence group Cyberint, a growing network of hackers sharing data leaks and carrying out illegal activities was discovered.
There was massive information trade going on with hackers sharing information like:
All such activities are starkly similar to what is present over the dark web, which is nothing less than alarming.
Other private and encrypted chat applications include Signal and Session.
Threat actors have long since been exploiting secure platforms, and they will most likely continue doing that in the future.
Amidst this, we can’t surely stop using cybersecurity tools because we need to remain private and secure online, and there is no third party that can be trusted with private information.
Therefore, the best course of action we can take is to ensure our cybersecurity, avoid harmful activities, and hope that law enforcement is quick to catch cybercriminals.