FOGINT: Telegram Gets Some Lipstick to Put on a Very Dangerous Pig
December 23, 2024
Information from the FOGINT research team.
We noted the New York Times article “Under Pressure, Telegram Turns a Profit for the First Time.” The write up reported on December 23, 2024:
Now Telegram is out to show it has found its financial footing so it can move past its legal and regulatory woes, stay independent and eventually hold an initial public offering. It has expanded its content moderation efforts, with more than 750 contractors who police content. It has introduced advertising, subscriptions and video services. And it has used cryptocurrency to pay down its debt and shore up its finances. The result: Telegram is set to be profitable this year for the first time, according to a person with knowledge of the finances who declined to be identified discussing internal figures. Revenue is on track to surpass $1 billion, up from nearly $350 million last year, the person said. Telegram also has about $500 million in cash reserves, not including crypto assets.
The FOGINT’s team viewpoint is different.
- Telegram took profit on its crypto holdings and pumped that money into its financials. Like magic, Telegram will be profitable.
- The arrest of Mr. Durov has forced the company’s hand, and it is moving forward at warp speed to become the hub for a specific category of crypto transactions.
- The French have thrown a monkey wrench into Telegram’s and its associated organizations’ plans for 2025. The manic push to train developers to create click-to-earn games, use the Telegram smart contracts, and ink deals with some very interesting partners illustrates that 2025 may be a turning point in the organizations’ business practices.
The French are moving at the speed of a finely tuned bureaucracy, and it is unlikely that Mr. Durov will shake free of the pressure to deliver names, mobile numbers, and messages of individuals and groups of interest to French authorities.
The New York Times write up references profitability. There are more gears engaging than putting lipstick on a financial report. A cornered Pavel Durov can be a dangerous 40 year old with money, links to interesting countries, and a desire to create an alternative to the traditional and regulated financial system.
Stephen E Arnold, December 23, 2024
FOGINT: Big Takedown Coincident with Durov Detainment. Coincidence?
December 19, 2024
This blog post is the work of an authentic dinobaby. No smart software was used.
In recent years, global authorities have taken down several encrypted communication channels. Exclu and Ghost, for example. Will a more fragmented approach keep the authorities away? Apparently not. A Europol press release announces, “International Operation Takes Down Another Encrypted Messaging Service Used by Criminals.” The write-up notes:
“Criminals, in response to the disruptions of their messaging services, have been turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity. While the new fragmented landscape poses challenges for law enforcement, the takedown of established communication channels shows that authorities are on top of the latest technologies that criminals use.”
Case in point: After a three-year investigation, a multi-national law enforcement team just took down MATRIX. The service, “by criminals for criminals,” was discovered in 2021 on a convicted murderer’s phone. It was a sophisticated tool bad actors must be sad to lose. We learn:
“It was soon clear that the infrastructure of this platform was technically more complex than previous platforms such as Sky ECC and EncroChat. The founders were convinced that the service was superior and more secure than previous applications used by criminals. Users were only able to join the service if they received an invitation. The infrastructure to run MATRIX consisted of more than 40 servers in several countries with important servers found in France and Germany. Cooperation between the Dutch and French authorities started through a JIT set up at Eurojust. By using innovative technology, the authorities were able to intercept the messaging service and monitor the activity on the service for three months. More than 2.3 million messages in 33 languages were intercepted and deciphered during the investigation. The messages that were intercepted are linked to serious crimes such as international drug trafficking, arms trafficking, and money laundering. Actions to take down the service and pursue serious criminals happened on 3 December in four countries.”
Those four countries are France, Spain, Lithuania, and Germany, with an assist by the Netherlands. Interpol highlights the importance of international cooperation in fighting organized crime. Is this the key to pulling ahead in the encryption arms race?
Cynthia Murrell, December 19, 2024
FOGINT: The Telegram – Visa Tie Up
December 18, 2024
This blog post is the work of an authentic dinobaby. No smart software was used.
This is Stephen E Arnold. Since the detainment of the Pavel Durov by French authorities, Telegram has ramped up its public disclosures about its crypto ambitions. In November 2024, Telegram linked itself publicly with Holders (a crypto services firm) and Visa, Inc. More information is available in a video is available on YouTube. Its title is “Visa: Building a Bridge between TON and Real World Use Cases.” It is at this url: https://www.youtube.com/watch?v=YhdXeybiG0I. The presenter is Nikola Plecas, who is identified as the senior director, global head of GTM & Product Commercialization, Visa Crypto. The “GTM” means “go to market.” In our lecture yesterday (December 11, 2024) for the CyberSocial Conference, we mentioned this tie up with crypto. By coincidence, the video was posted. We anticipate that this deal will ripen in 2025. Thank you.
Stephen E Arnold, December 18, 2024, 716 am US
FOGINT: Telegram Steps Up Its Cooperation with Law Enforcement
December 12, 2024
This short item is the work of the dinobaby. The “fog” is from Gifr.com.
Engadget, an online news service, reported “Telegram Finally Takes Action to Remove CSAM from Its Platform.” France picks up Telegram founder Pavel Durov and explains via his attorney how the prison system works in the country. Mr. Durov, not yet in prison, posted an alleged Euro 5 million with the understanding he could not leave the country. According to Engadget, Mr. Durov is further modifying his attitude toward “free speech” and “freedom.”
The article states:
Telegram is taking a significant step to reduce child sexual abuse material (CSAM), partnering with the International Watch Foundation (IWF) four months after the former’s founder and CEO Pavel Durov was arrested. The French authorities issued 12 charges against Durov in August, including complicity in “distributing, offering or making available pornographic images of minors, in an organized group” and “possessing pornographic images of minors.”
For those not familiar with the International Watch Foundation, the organization serves as a “hub” for law enforcement and companies acting as intermediaries for those engaged in buying, leasing, selling, or exchanging illicit images or videos of children. Since 2013, Telegram has mostly been obstinate when asked to cooperate with investigators. The company has waved its hands and insisted that it is not into curtailing free speech.
After the French snagged Mr. Durov, he showed a sudden interest in cooperating with authorities. The Engadget report says:
Telegram has taken other steps since Durov’s arrest, announcing in September that it would hand over IP addresses and phone numbers in legal requests — something it fought in the past. Durov must remain in France for the foreseeable future.
What’s Telegram going to do after releasing handles, phone numbers, and possibly some of that log data allegedly held in servers available to the company? The answer is, “Telegram is pursuing its next big thing.” Engadget does not ask, “What’s Telegram’s next act?” Surprisingly a preview of Telegram’s future is unfolding in TON Foundation training sessions in Vancouver, Istanbul, and numerous other locations.
But taking that “real” work next step is not in the cards for most Telegram watchers. The “finally” is simply bringing down the curtain of Telegram’s first act. More acts are already on stage.
Stephen E Arnold, December 12, 2024
Telegram: Edging Forward in Crypto
December 12, 2024
This blog post flowed from the sluggish and infertile mind of a real live dinobaby. If there is art, smart software of some type was probably involved.
Telegram wants to be the one stop app for anonymous crypto tasks. While we applaud those efforts when they related to freedom fighting or undermining bad actors, the latter also uses them and we can’t abide by that. Telegram, however, plans to become the API for crypto communication says Cryptologia in, “DWF Labs’ Listing Bot Goes Live On Telegram.”
DWF Labs is a crypto enterprise capital firm and it is launching an itemizing Bot on Telegram. The Bot turns Telegram into a bitcoin feed, because it notifies users of changes in the ten main crypto exchanges: Binance, HTX, Gate.io, Bybit, OKX, KuCoin, MEXC, Coinbase Alternate, UpBit, and Bithumb. Users can also watch foreign money pairs, launchpad bulletins, and spot and/or futures listings.
DWF Labs is on the forefront of alternative currency and financial options. It is a lucrative market:
“In a latest interview, Lingling Jiang, a Associate at DWF Labs, mentioned DWF Labs’ place on the forefront of delivering liquidity providers and forging alliances with conventional finance. By offering market-making assist and funding, Jiang stated, DWF Labs provides tasks the infrastructure needed to grasp of tokenized belongings. With the launch of the brand new Itemizing Bot, DWF Labs brings market information nearer to the retail consumer, particularly these on the Telegram (TON) community. Following the introduction of HOT, a non-custodial pockets on TON powered by Chain Signature, DWF Labs’ Itemizing Bot is one other welcome addition to the ecosystem, particularly within the mild of the latest announcement of HOT Labs, HERE Pockets and HAPI’s new joint crypto platform.”
What’s Telegram’s game for 2025? Spring Durov? Join hands with BRICS? Become the new Morgan Stanley? Father more babies?
Whitney Grace, December 12, 2024
Dark Web: Clever and Cute Security Innovations
December 11, 2024
This write up was created by an actual 80-year-old dinobaby. If there is art, assume that smart software was involved. Just a tip.
I am not sure how the essay / technical analysis “The Fascinating Security Model of Dark Web Marketplaces” will diffuse within the cyber security community. I want to highlight what strikes me as a useful analysis and provide a brief, high-level summary of the points which my team and I found interesting. We have not focused on the Dark Web since we published Dark Web Notebook, a complement to my law enforcement training sessions about the Dark Web in the period from 2013 to 2016.
This write up does a good job of explaining use of open source privacy tools like Pretty Good Privacy and its two-factor authentication. The write up walks through a “no JavaScript” approach to functions on the Dark Web site. The references to dynamic domain name operations is helpful as well.
The first observation I would offer is that in the case of the Dark Web site analyzed in the cited article is that the security mechanisms in use have matured and, in the opinion of my research team, advanced to thwart some of the techniques used to track and take down the type of sites hosted by Cyberbunker in Germany. This is — alas — inevitable, and it makes the job of investigators more difficult.
The second observation is that this particular site makes use of distributed services. With the advent of certain hosting providers to offer self managed virtual servers and a professed inability to know what’s happening on physical machines. Certain hosting providers “comply” and then say, “If you try to access the virtual machines, they can fail. Since we don’t manage them, you guys will have to figure out how to get them back up.” Cute and effective.
The third observation is that the hoops through which a potential drug customer has to get through are likely to make a person with an addled brain get clean and then come back and try again. On the other hand, the Captcha might baffle a sober user or investigator as well. Cute and annoying.
The essay is useful and worth reading because it underscores the value of fluid online infrastructures for bad actors.
Stephen E Arnold, December 11, 2024
FOGINT: Pavel Durov: A Waffling Borzoi with a Shock Collar Now?
December 11, 2024
Information from the FOGINT research team. No smart software involved.
Cointelegraph, one of the “future of money” news services covering crypto ran an interesting story on Saturday, December 7,2024. “Telegram Found Pavel Durov Questioned in Paris Court for First Time: Report.” We know this is a blog post about a write up sharing information from another source. Keep this dicey chain in mind.
The core of the story is that Pavel Durov was under the control of French authorities in August 2024. Wikipedia reports that Mr. Durov may have met with Vladimir Putin before jetting to Paris and landing at Paris-Le Bourget Airport. In the last three months, information about Mr. Durov’s and his lawyer’s interaction with the French authorities has been limited. After 90 days of having his movements restricted, Mr. Durov has been rumored to:
- Expressed a desire to cooperate with law enforcement when duly authorized requests for alleged bad actors is provided to “Telegram”, which is Mr. Durov for practical purposes. Pavel’s brother Nikolai seems pre-occupied with technical issues related to the Telegram platform.
- Telegram has apparently agreed to interact with organizations focused on preventing human trafficking and child sexual abuse material
- Reversing course on his statements about responding to government pressure. One example was Telegram’s blocking of Ukrainian content from Ukrainian government agencies to Telegram users in Russia and possibly other countries in the Russian Federation.
Here’s what Cointelegraph reported:
Durov appeared in a Parisian court at 10 am CET on Dec. 6, alongside his lawyers David-Olivier Kaminski and Christophe Ingrain.
The lawyers have offices at 126 Boulevard St. Germain. Kaminski’s Web site says:
We specialize in criminal defense. The Kaminski law firm has built up recognized expertise in all areas of criminal defense. We can represent our clients at any stages of the judicial procedure, including police custody, preliminary investigation, judicial information, criminal court and before the assize court). The firm defends individuals as well as companies, legal entities, or institutions (Non-governmental organizations, associations, professional bodies). Kaminski’s catchphrase is, “The culture and practice of criminal defense is respect for fundamental freedoms.” https://www.kaminskiavocats.com/
Christophe Ingrain is part of the defense team. He was / is affiliated with Darrois Villey Maillot Brochier. He was named one of the 30 most influential lawyers in France, and he appeared on a list of the “best layers” in France. His office is on Avenue Victor Hugo.
According to Cointelegraph:
An anonymous source familiar with the matter told the Agence France-Presse (AFP) that the questioning focused on the allegations tied to Telegram’s potential use for illicit transactions. When asked about the legal proceedings, Durov reportedly told the AFP that he “trusts the French justice” system but refused to elaborate on the case.
His “refusal” to comment means that the 40 year old with more than 100 children is listening to his French attorneys. He may also have been informed about France’s low profile prison system. La Santé was built in 1867 and entertains a number of high-risk criminals. For those who chat with French law enforcement officials, La Santé is often described as a place one goes but never leaves. This prison has a VIP section which is somewhat different from the VIP services available for online gamblers in pursuit of an ejunket. It is located in the 14th arrondissement. There are two other facilities in Paris as well. France also has some special purpose prisons located near military bases and allegedly a couple of in-ground facilities in North Africa. If “in-ground” does not resonate with you, you may not want to know the set at these alleged incarceration facilities. As a point of reference, French prisons are overcrowded but c’est dommage. As a rule of thumb one may want to avoid getting ensnared in the French judiciary or prison system. Red tape is a specialty of French bureaucrats, and it can be a challenging situation for defendants and their lawyers.
Cointelegram observes:
Industry insiders are worried that the case against Durov raises alarming concerns for privacy-preserving Web3 technologies.
The Web3 reference includes blockchain technology, distributed infrastructures like Telegram’s, distributed finance, and a number of other innovations. These can add to the investigative burden of law enforcement and tax authorities.
Durov has paid bail of $5 to $6 million. However, Cointelegraph points out:
If convicted, Durov could face up to 10 years in prison and a fine of €500,000 ($550,000).
Was Durov’s interaction with French authorities an accident or coincidence? No. France allegedly began a preliminary investigation if February 2024. In July 2024 that was promoted to a judicial inquiry. In August, he was apprehended.
Sean Brizendine, a blockchain researcher, told Beyond Search:
Mr. Durov definitely appears to be listening to his high-power legal team. He is obviously aware that everything is at stake.
Net net: FOGINT wonders if the prosecution of CSAM perpetrators will ramp up as Durov demonstrates his willingness to cooperate. What’s at risk for Telegram is that the significant push into crypto services could be derailed. Other “free speech” advocates will create alternative services, but that will be expensive and time consuming. The core of Telegram is not available as open source software. Most cyber professionals are not aware of the scope of the Telegram platform.
Stephen E Arnold, December 11, 2024
Hiding Messages: The You-Will-Not-Pay-Attention Tactic
December 9, 2024
This blog post flowed from the sluggish and infertile mind of a real live dinobaby. If there is art, smart software of some type was probably involved.
I worked on a project in Bogota, Columbia. One of the individuals with whom I interacted talked about steganography. This is a method for placing “content” inside of images. At the time which was probably a decade ago, the law enforcement officials in Columbia had encountered certain bad actors passing messages using steganography within images of a day at the beach with kids, beach balls, and happy gringos.
“Square Zero: Hide Silly Messages in Decorative Borders” explains how an innocuous graphic element in an image or any content object can convey information about a drug deal, a weapons pick up point, or a money laundering contact location. The write up says:
So how successful was the card [containing the swizzled border]? Well, we sent out about 40 of them; almost no one realized there was a puzzle on the card. Once nudged, most folks realized it was the border, and quite a few guessed binary was involved. At this point I’d suggest decoding it. The most common reply? “I think I’ll go on living my life, but thanks”
That’s the purpose of steganography: Making the message invisible or “secret.” Steganography, according to the online ad vendor Google, is “the practice of concealing information within another message or physical object to avoid detection.” The example described in the cited blog post works.
If you want to fiddle around with the technology, the cited article contains code and some technical explanation. I want to call your attention to what might be accomplished in an activity involving big money and real life-and-death circumstances. Consider this border which I downloaded from Free Clipart:
Let’s assume that a bad actor has encoded a message in this clip art.
To make the challenge more interesting, the bad actor has included additional information is an image embedded in the manipulated clip art frame:
How can this double up message embedding be accomplished? The answer is, “Use the sample code provided and some odds and ends from GitHub, and you are good to go.”
Does this application of “borders” and embedded images pose challenges to analysts, investigators, and law enforcement professionals? Some information, as I have stated before, should not be out and about, providing bad actors with ideas and enablers.
Stephen E Arnold, December 9, 2024
Creeping Crypto: Regulators Adapt to What People Have Been Doing
November 28, 2024
This write up is the work of a humanoid who admits he is a dinobaby; that is, deadwood too old to employ. By the way, the “dinobaby” lingo allegedly emerged from IBM during its housecleaning event years ago. The art, however, is from MidJourney and definitely AI fakery.
I don’t want to make a big deal of the “real” news in “Apple Pay, Cash App, and Other Digital Wallets Will Be Regulated More Like Banks Now.” The write up reports:
Major digital payment providers will soon be subject to bank-like supervision from the US Consumer Financial Protection Bureau (CFPB). On Thursday, the CFPB issued a final rule that will regulate digital payment apps that process over 50 million transactions each year, covering services like Apple Pay, Google Wallet, PayPal, Cash App, and others. The new rule is meant to ensure digital payment providers adhere to the same laws as credit unions and large banks. It will give the CFPB the authority to oversee their compliance with federal laws surrounding privacy, fraud, and other rules through “proactive examinations.”
Some governments move slowly and others not at all. This “adjustment” reminds me that the world of digital payments, particularly the use of crypto currency, is moving a bit faster than the regulators mentioned in the Verge’s story. (Wow, that log strikes me as weird.)
I want to point out that in the last few days, Telegram turned on its Messenger app’s linkage to the CryptoCasino operation. Here’s a snapshot of what Telegram is engineering. (I drafted the following text for a couple of the law enforcement professionals who pay some attention to my research team’s work related to Telegram, the The Open Network Foundation, and TON Social. (If there are goods in the following summary, let me know. I feel like the Lone Ranger when I try to figure out what the Russia-flavored online messaging outfit is up to.)
Here’s the snapshot I provided as background information:
CryptoCasino.com went live earlier this week. Telegram provides access to the service owned by Armchair Online BV is an experienced online gaming firm based in Willemstad, Curaçao, Netherlands Antilles. Information about the “organization” is sparse.
A Telegram user can access more than 5,000 games via the Telegram Messenger application. No additional registration is required. Plus Telegram’s platform provides the integration of the multiple steps required to engage in online gambling. This service illustrates the “new” Telegram which shifts from messaging functionality to programmatic services running on the distributed Telegram platform.
The gambling games range from poker to crypto horse racing. Live dealer sessions are available to VIP members who pay for additional privileges. The system uses a new $CASINO coin. This coin is available at a low rate and includes the same “bet on this coin’s value” functions as other Telegram “click to earn” games.
Why would Telegram offer a comprehensive online gambling services? The answer is, in the opinion of the Arnold research group is, “Revenue.” Telegram had previously agreed to team up with Ku Group, an organization indicted in the US for money laundering.Organizations identified by Telegram as being involved in this new initiative are:
- Altcoin Edge
- AvatarUX
- Betby
- Coinbase
- Covey
- Decubate
- Evolution Gaming
- Fast Track
- Fireblocks
- Hacksaw
- MetaMask
- MyAffiliates
- Oddin.ggg
- Pragmatic Play
- Push Gaming
- Spribe
- Trust Wallet
- Wallet Connect
- Zealy
Users the Telegram or CryptoCasino.com Web site are blocked from accessing the site from the US for most users. The work around is to use a VPN (virtual private network) which provides service from Malta, Spain, or a similar nation state. Telegram continues with its effort to engage in high-profit activities and building out the Telegram platform as an application programming interface for an unregulated financial system. Telegram is, intentionally or unintentionally, furthering the effort to reduce or shift global financial markets from the US dollar to crypto currency.
The reason I mention this Telegram development is three fold:
First, it illustrates what I call the “high frequency” deals Telegram is doing even though its founder is in France under the supervision of French authorities. Services which could facilitate money laundering are examples of a CEO with a healthy sense of disdain for laws designed to regulate mere mortals. (Telegram’s founder has allegedly sired more than 100 children. He is offering free in vitro fertilization for those qualified to extend his genetic superbness.)
Second, the purpose of the CryptoCasino in Telegram is to make it really easy for about one billion people to engage in activities which are at present somewhat challenging for investigators to track in real time. Telegram games like the more than 5,000 in the CryptoCasino deal include VIP (very important person) memberships, speculative bets on $Casino coins, and options for moving crypto through multiple wallets. Tracking transactions in one wallet can be done. But multiple wallets activated in short time cycles can make the time and resources budget dwindle quickly.
Third, regulators are likely to struggle to develop rules, regulations, and guidelines able to deal with the array of crypto-ized traditional financial services Telegram explained at its November 2024 Gateway Conference. Other than Group I-B what security centric firm attended the event in Dubai?
So, the Verge’s article provides some information about regulatory velocity. Now the more significant and difficult regulatory work has to be accelerated. In a race between the tortoise and the hare? If you want to bet on the winner, head to the Telegram CryptoCasino service, become a VIP, and interact with one of the 24×7 customer support staff. It is probable that the tortoise and the hare bet can be accommodated.
Stephen E Arnold, November 28, 2024
FOGINT: Telegram Shifts from Pretending to Promoting Its Casino Play
November 26, 2024
An online service named “EuropeanGaming.eu” published an interesting story about Telegram. As you may know, the founder of VKontakte.ru and Telegram Messenger has been detained by French authorities. Coincident with this restriction on Pavel Durov’s travel, the organizations with which he has been associated have been doing fast-cycle innovation.
The story “CryptoCasino.com Launch to Disrupt iGaming with Groundbreaking Telegram Casino” reports that Telegram has launched:
an innovative Telegram casino that is set to drive player acquisition in the rapidly growing blockchain betting space.
The features of the Telegram casino include — obviously — crypto currency and blockchain as well as:
- 6,000 online slots and table games
- A live dealer casino
- An extra fee sports betting service
- Support for a number of crypto currencies.
The CryptoCasino will feature a new “token” called $CASINO. After the US Securities & Exchange Commission put pressure on Telegram’s fund raising for its GRAM coin, Mr. Durov rejiggled the Telegram operation to accommodate a non-profit operation focused on free speech, building support for broader financial services based on crypto, and a nominal owner of the TON coin. (TON coin is the GRAM crypto renamed and donated to the Open Network Foundation.)
This “casino play” adds to Telegram’s revenue stream opportunities. The write up points out:
CryptoCasino is catering to the over one billion unique Telegram users by building a Telegram Casino integration that allows anybody to immediately join and begin playing with just one click.
The commissions and other fees are one potentially lucrative revenue stream for Telegram.
A second revenue opportunity is the introduction of “VIP” services or “very important person” services. The United Nations’ 2024 UNODC reports in January and October do a very good job of explaining the “value” of casino activities and revenue. You can locate the United Nations’ reports at https://www.unodc.org/.
To get this “casino play” off the ground, the European Gaming report says:
the CryptoCasino .com team understands that the key to rapid growth comes from partnerships with trusted names in the online gaming business. That is why CryptoCasino has partnered with several major names in betting and blockchain including Pragmatic Play, Evolution Gaming, Betby, Oddin. gg, Decubate, Covey, Fireblocks, and others. Certified through CertiK and as a fully licensed platform under Curacao and Anjouan gaming authorities, the platform will provide the highest level of player safety and security, complying with all regulatory statutes for the best crypto betting experience possible.
Will this initiative succeed? Will the French authorities pursue an inquiry into this facet of Mr. Durov’s business interests? How will the Telegram CryptoCasino.com “player” move currency from one wallet to another in Telegram’s crypto environment? Will Telegram extend its cooperation with law enforcement to the new CryptoCasino.com “play”?
Several observations are warranted:
- Telegram is pushing the boundaries of its cooperation and compliance with some regulatory authorities
- The push into overt casino activities complements the effort to move from traditional financial regulatory restrictions to less regulated and controllable gambling activities
- The companion services for the new CryptoCasino.com “play” will have some appeal to those who seek to obfuscate certain types of financial activities.
Net net: Telegram may be responding to the government efforts to get Telegram to cooperate more enthusiastically with investigators by saying, “Okay, you want user names and mobile numbers, check out our encrypted blockchain based crypto play.”
Stephen E Arnold, November 26, 2024