• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

FOGINT: Ukraine Government Telegram Restrictions

The only smart software involved in producing this short FOGINT post was Microsoft Copilot’s estimable art generation tool. Why? It is offered at no cost.

“Ukrainian Parliament to Restrict Telegram Usage” reports that Telegram faces new restrictions due to security concerns. The news story says:

The Verkhovna Rada (the Ukrainian parliament) will introduce restrictions on the use of the Telegram messenger app for official purposes.

Mr. Durov’s willingness to cooperate with government requests for user information is not the primary reason for this set of restrictions on Ukrainian government staff use of Telegram. The write up points out:

These measures are justified by past incidents where third parties gained access to government employees’ data through Telegram or created fake accounts

What are the measures used by Ukrainian officials to discourage the use of Telegram? Among those in use are:

• No contact synchronization
• No official information transmitted on a Telegram channel
• No Telegram app on work computers, government-provided mobile phones, or personal devices used for government communication
• “Technical blocks” will be implemented to prevent Telegram usage.

Will these measures work? The answer, “To some degree.” However, the increase in interest in alternatives has created a mini-boom for the Simple X end-to-end encrypted application. Certain ultra leaning groups are moving to other secure messaging systems.

A person who looks a bit like Pavel Durov demonstrates his patented exercise: A sudden twist and back flip from a cell in a French prison. Thanks, MSFT Copilot, good enough like some many things in 2024.

The problem, however, is that Telegram has more than 900 million users and offers a number of user-centric features not available in other E2EE applications; for example, Telegram does not charge for data storage or bandwidth. The fix is to acquire a burner phone or use specialized services.

The interesting facet of this move is that it comes after Telegram’s decision to block certain Ukrainian produced content from distribution to Telegram users in Russia. Prior to Telegram’s surprising action Ukrainian government officials disseminated text content to Russians who were members of Ukrainian Telegram channels.

That action made clear that Telegram was demonstrating its flexibility. Pavel Durov then did a cirque de soleil vault with his fancy move to cooperate with legitimate requests for information from unnamed government authorities.

FOGINT thinks Mr. Durov is confident he stuck his landing for this trick and scored a 10. FOGINT scored Mr. Durov an imaginary number.

Stephen E Arnold, October 7, 2024

Russian Crypto Operation: An Endgame

This essay is the work of a dumb dinobaby. No smart software required.

The US Department of the Treasury took action to terminate “PM2BTC—a Russian virtual currency exchanger associated with Russian individual Sergey Sergeevich Ivanov (Ivanov)—as being of “primary money laundering concern” in connection with Russian illicit finance.” The DOT’s news release about the multi-national action is located at this link. Fogint has compiled a list of details about this action.

The write up says:

Today, the U.S. Department of the Treasury is undertaking actions as part of a coordinated international effort to disrupt Russian cybercrime services. Treasury’s Financial Crimes Enforcement Network (FinCEN) is issuing an order that identifies PM2BTC—a Russian virtual currency exchanger associated with Russian individual Sergey Sergeevich Ivanov (Ivanov)—as being of “primary money laundering concern” in connection with Russian illicit finance. Concurrently, the Office of Foreign Assets Control (OFAC) is sanctioning Ivanov and Cryptex—a virtual currency exchange registered in St. Vincent and the Grenadines and operating in Russia. The FinCEN and OFAC actions are being issued in conjunction with actions by other U.S. government agencies and international law enforcement partners to hold accountable Ivanov and the associated virtual currency services.

Here’s a selection of the items which may be of interest to cyber crime analysts and those who follow crypto activity.

• Two individuals were added to the sanctions list: Sergey Ivanov and Timur Shakhmametov. A reward or bounty has been offered for information leading to the arrest of these individuals. The payment could exceed US$9 million
• The PM2BTC and Cryptex entities has worked or been associated with other crypto entities; possibly  Guarantex, UAPS, Cryptex, Hydra, FerumShop, Bitzlato, and an underground payment processing service known as Bitzlato
• Among the entities working on this operation (Endgame) were Europol, Germany, Great Britain, Latvia, Netherlands, and the US
• In 2014, the two persons of interest want to set up an automated (smart) service and may have been working with PerfectMoney and Paymer
• The activities of Messrs. Ivanov and Shakhmametov involved “carding” and other bank-related fraud

Russian regulations provide wiggle room for certain types of financial activity not permitted in the US and countries associated with this take down.

Several observations:

1. The operation was large, possibly exceeding billions in illegal transactions
2. The network of partners and affiliated firms illustrates the appeal of illegal crypto services
3. One method of communication used by PM2BTC was Telegram Messenger.
4. “The $9 Million US reward / bounty for those two Russian crypto exchange operators wanted by US DOJ is a game changer due to the enormous reward,” Sean Brizendine, blockchain researcher told  the FOGINT team.

Additional information may become available as the case moves forward in the US and Europe. FOGINT will monitor public information which appears in Russia and other countries.

Stephen E Arnold, October 3, 2024

FOGINT: New Lingo for Crypto Laundering

“Moving Bricks: Money-Laundering practices in the Online Scam Industry? uses a number of interesting terms. These may be of value for those who monitor bad actors’ behavior when crypto payments are laundered. The terms which caught FOGINT’s attention were:

Bricks. A block of crypto to be laundered.

Channel. A “gateway” through which laundered money flows.

Frozen. A dead bank account.

Gateway. A channel thorough which the crypto flows.

Motorcades. Bank account providers.

Money farm. A traditional or modern money laundering operation.

Moving bricks. The business process of laundering crypto.

Pankou. Scam groups preying on money laundering businesses and individual operators.

Right buyers. Entities which would receive funds to be laundered.

Risk control risk. The friction of anti-money laundering efforts by law enforcement.

Sellers. Entities which provide accounts set up to launder crypto.

Telegram. The next-generation stock exchange, a ready-made technology platform.

Trading groups. Private groups on Telegram working in money laundering.

Trading rules. Guidelines the laundering service provider enforces.

Water house. Another terms for a company which maintains and accesses bank accounts.

As we notice other terms, the FOGINT team will post them.

Stephen E Arnold, October 2, 2024

Hamster Kombat: Does It Matter?

This essay is the work of a dumb dinobaby. No smart software required.

The Fogint team pays attention to crypto plays like Hamster Kombat. Those engaged in cyber fraud investigations, analysis, and research may want to take a quick look at what is called a “click to earn” game. I was asked the question at a recent lecture to cyber fraud professionals, “Why should I care about Hamster whatever?” This free, public blog is not the place for a detailed answer. However, I am willing to share several observations offered by Coin Telegraph.

First, check out this chart. From zero users in late March 2024 to a few weeks ago. The hockey stick is what is reported at 300 million users. Anecdotal information suggests that one third may be agentic; that is, bots. And “only” 100 million are people looking to make a quick buck on a crypto play.

Note that the chart only shows growth through June 2024. The number cited above is derived by normalizing user estimates from a range of sources which the Fogint team has compiled and reviews on a daily basis.

Second, the word game does not convey exactly what Hamster Combat and similar “games” offer their users. Cointelegraph.com reports that an expert named Sébastien Borget uses the phrase “play to earn games.” The question some may pose is, “What is a play to earn game?” The clicks on icons or the actions of the user generate money in the form of crypto for those who play them. The easiest way to understand the business model is to get a burner mobile phone, a pay-as-you-go SIM, a disposable email address, and the Telegram app. Search for Hamster Kombat and “play.” If you cannot figure out the interface, ask a mobile-dependent teen.

Third, this facet of Telegram is one that helps differentiate its “games” from those available on other platforms. Everything in Hamster Kombat is about revenue generation, the belief that the HMSTR coin will be increasingly valuable, and the addictive nature of clicks, buying software items from Hamster Kombat, and becoming “addicted” to or dependent upon the Open Network, a “spin off” or “spin up” from Telegram and its plumbing.

The Fogint team believes that Telegram itself will be monitoring more closely than the fate of Pavel Durov (Telegram’s founder who is possibly enjoying the ministrations of the French bureaucracy) how the TON blockchain handles validation. This process is not going to be explained in this blog post, but for those who are curious, just email benkent2020 at yahoo dot and a Fogint professional will respond with options for getting more information about what is likely to be a significant digital fraud event in 2025. “INDOAX Exchange the first Exchange to list Hamster Kombat coin does not allow US residents to open accounts,” Sean Brizendine, blockchain researcher told the FOGINT team.

When this post becomes public, the mining of HMSTR coins will be underway. Hamster Kombat is a combination of old-fashioned online games, crypto mining, and human enthusiasm to get rich quick. And what does one need to join in the craze? The Telegram application and the mini app Hamster Kombat.

Stephen E Arnold, October 2, 2024

FOGINT: Telegram Changes Its Tune

This essay is the work of a dumb dinobaby. No smart software required.

Editor note: The term Fogint is a way for us to identify information about online services which obfuscate or mask in some way some online activities. The idea is that end-to-end encryption, devices modified to disguise Internet identifiers, and specialized “tunnels” like those associated with the US MILNET methods lay down “fog”. A third-party is denied lawful intercept, access, or monitoring of obfuscated messages when properly authorized by a governmental entity. Here’s a Fogint story with the poster boy for specialized messaging, Pavel Durov.

Coindesk’s September 23, 2024, artice “Telegram to Provide More User Data to Governments After CEO’s Arrest” reports:

Messaging app Telegram made significant changes to its terms of service, chief executive officer Pavel Durov said in a post on the app on Monday. The app’s privacy conditions now state that Telegram will now share a user’s IP address and phone number with judicial authorities in cases where criminal conduct is being investigated.

Usually described as a messaging application, Telegram is linked to a crypto coin called TON or TONcoin. Furthermore, Telegram — if one looks at the entity from 30,000 feet — consists of a distributed organization engaged in messaging, a foundation, and a recent “society” or “social” service. Among the more interesting precepts of Telegram and its founder is a commitment to free speech and a desire to avoid being told what to do.

Art generated by the MSFT Copilot service. Good enough, MSFT.

After being detained in France, Mr. Durov has made several changes in the way in which he talks about Telegram and its precepts. In a striking shift, Mr. Durov, according to Coindesk:

said that “establishing the right balance between privacy and security is not easy,” in a post on the app. Earlier this month, Telegram blocked users from uploading new media in an effort to stop bots and scammers.

Telegram had a feature which allowed a user of the application to locate users nearby. This feature has been disabled. One use of this feature was its ability to locate a person offering personal services on Telegram via one of its functions. A person interested in the service could use the “nearby” function and pinpoint when the individual offering the service was located. Creative Telegram users could put this feature to a number of interesting uses; for example, purchasing an illegal substance.

Why is Mr. Durov abandoning his policy of ignoring some or most requests from law enforcement seeking to identify a suspect? Why is Mr. Durov eliminating the nearby function? Why is Mr. Durov expressing a new desire to cooperate with investigators and other government authority?

The answer is simple. Once in the custody of the French authorities, Mr. Durov learned of the penalties for breaking French law. Mr. Durov’s upscale Parisian lawyer converted the French legal talk into some easy to understand concepts. Now Mr. Durov has evaluated his position and is taking steps to avoid further difficulties with the French authorities. Mr. Durov’s advisors probably characterized the incarceration options available to the French government; for example, even though Devil’s Island is no longer operational, the Centre Pénitentiaire de Rémire-Montjoly, near Cayenne in French Guiana, moves Mr. Durov further from his operational comfort zone in the Russian Federation and the United Arab Emirates.

The Fogint team does not believe Mr. Durov has changed his core values. He is being rational and using cooperation as a tactic to avoid creating additional friction with the French authorities.

Stephen E Arnold, October 1, 2024

« Previous Page

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • FOGINT: Security Tools Over Promise & Under Deliver
  • More Googley Human Resource Goodness
  • Point-and-Click Coding: An eGame Boom Booster
  • China Smart, US Dumb: LLMs Bad, MoEs Good
  • Management Brilliance Microsoft Suggests to Customers, “You Did It!”

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org