FOGINT: UN Says Telegram Is a Dicey Outfit

October 14, 2024

The only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.

One of my colleagues forwarded a dump truck of links to articles about a UN Report. Before commenting on the report, I want to provide a snapshot of the crappy Web search tools and the useless “search” function on the UN Web site.

First, the title of the October 2024 report is:

Transnational Organized Crime and the Convergence of Cyber-Enabled Fraud, Underground Banking and Technological Innovation in Southeast Asia: A Shifting Threat Landscape

I want to point out that providing a full title in an online article is helpful to some dinobabies like me.

Second, including an explicit link to a document is also appreciated by some people, most of whom are over 25 years in age, of above average intelligence, and interested in online crime. With that in mind, here is the explicit link to the document:

https://www.unodc.org/roseap/uploads/documents/Publications/2024/TOC_Convergence_Report_2024.pdf

Now let’s look briefly at what the 142 page report says:

Telegram is a dicey outfit.

Not bad: 142 pages compressed to five words. Let look at two specifics and then I encourage you to read the full report and draw your own conclusions about the quite clever outfit Telegram.

The first passage which caught my attention was this one which is a list of the specialized software and services firms paying attention to Telegram. Here is that list. It is important because most of these outfits make their presence known to enforcement and intelligence entities, not the TikTok-type crowd:

Bitrace
Chainalysis
Chainargos
Chainvestigate
ChongLuaDao (Viet Nam)
Coeus
Crystal Intelligence
CyberArmor
Flare Systems
Flashpoint
Group-IB
Hensoldt Analytics
Intel 471
Kela
Magnet Forensics
Resecurity
Sophos
SlowMist
Trend Micro
TRM Labs

Other firms played ball with the UN, but these companies may have suggested, “Don’t tell anyone we assisted.” That’s my view; yours may differ.

The second interesting passage in the document for me was:

Southeast Asia faces unprecedented challenges posed by transnational organized crime and illicit economies. The region is witnessing a major convergence of different crime types and criminal services fueled by rapid and shifting advancements in physical, technological, and digital infrastructure have have allowed organized crime networks to expand these operations.

Cyber crime is the hot ticket in southeast Asia. I would suggest that the Russian oligarchs are likely to get a run for their money if these well-groomed financial wizards try to muscle in on what is a delightful mix of time Triads, sleek MBAs, and testosterone fueled crypto kiddies with motos, weapons and programming expertise. The mix of languages, laws, rules, and special purpose trade zones add some zest to the run-of-the-mill brushing activities. I will not suggest that many individuals who visit or live in Southeast Asia have a betting gene, but the idea is one worthy of Stuart Kauffman and his colleagues at the Santa Fe Institute. Gambling emerges from chaos and good old greed.

A third passage which I circled addressed Telegram. By the way, “Telegram” appears more than 100 times in the document. Here’s the snippet:

Providing further indication of criminal activity, Kokang casinos and associated companies have developed a robust presence across so-called ‘grey and black business’ Telegram channels facilitating cross-border ‘blockchain’ gambling, underground banking, money laundering, and related recruitment in Myanmar, Cambodia, China, and several other countries in East and Southeast Asia.

The key point to me is that this is a workflow process with a system and method spanning countries. The obvious problem is, “Whom does law enforcement arrest?” Another issue, “Where is the Telegram server?” The answer to the first question is, “In France.” The second question is more tricky and an issue that the report does not address. This is a problematic omission. The answer to the “Where is the Telegram server?” is, “In lots of places.” Telegram is into dApps or distributed applications. The servers outside of Moscow and St Petersburg are virtual. The providers or enablers of Telegram probably don’t know Telegram is a customer and have zero clue what’s going on in virtual machines running Telegram’s beefy infrastructure.

The report is worth reading. If you are curious about Telegram’s plumbing, please, write benkent2020 at yahoo dot com. The FOGINT team has a lecture about the components of the Telegram architecture as well as some related information about the company’s most recent social plays.

Stephen E Arnold, October 14, 2024

Written by Stephen E. Arnold · Filed Under cybercrime, Fogint, News, Social Media

Comments

Got something to say?

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.