Adding encryption to chat messages helps secure the privacy of the innocent, but it also allows those with criminal intent to do their jobs easier. Norton claims that secure messaging apps have become hubs through which criminals can peddle wares under the secrecy of encryption.

How Criminals Use Encrypted Chat Apps for Illegal Means

On the NortonLifeLock Research Group Blog, the company details everything they've found while studying encrypted chat apps and how they're used.

In the report, the cybersecurity company claims that any encrypted chat app can potentially become a hive for illegal activity. However, the company specifically names Telegram as one that criminals especially like.

Norton claims that criminals flock to Telegram because of how well the service protects its user's details. For instance, the app supports end-to-end encryption, which means that nobody outside of a chatroom can peek in at what's being said; not even Telegram itself.

This is fantastic news for users who don't want people spying on what they say. However, these users can range from the privacy-minded civilian to a criminal selling their wares.

As a result, Norton has unearthed a hive of illegal activity lurking within Telegram:

In our analysis, we found a wide variety of illegal goods are being sold on Telegram, including people’s personally identifiable information (PII), likely stolen gift cards, fake documents, pirated software, and tools to facilitate cybercrime such as distributed denial-of-service (DDoS) infrastructure. In recent months, we have also found several accounts dedicated to selling “COVID-19 vaccines,” targeting users in a variety of countries including the United States, China, India, Malaysia, and Russia.

Norton then proceeds to show proof through screenshots. The images reveal a whole world of criminal activity taking place within these chat apps, hiding under the shade that encryption gives them.

Some images proudly show off fake goods for low prices, some of which openly admit that they're selling replicas of the real thing. Others show purchasable COVID-19 vaccines, fake passports, cloned credit cards, and even botnets to carry out Direct Denial of Service (DDoS) attacks.

The market even shifts and moves to meet current demand. For instance, Norton notes that a seller advertised hacked GameStop accounts right after the company's stock soared.

Norton doesn't explicitly state what it believes would be the solution to the problem. However, it does say that "scammers, fraudsters, and hucksters of illegal goods" are usually ahead of the public when it comes to tech. It points out that cybercriminals were the first to flock to cryptocurrencies before the public arrived on the scene.

As such, Norton reckons that legitimate and legal merchants may soon catch up to the cybercriminals and begin using it to sell their goods too. If this does happen, Telegram's security may eventually become a secure way for people to sell legal goods, rather than act as a hub for criminal activity.

A Double-Edged Sword for Encrypted Messaging Apps

Encryption is valuable for sending messages online, as it protects the privacy of those who do not wish to be spied on. While this does also open the floodgates for cybercriminals, it may encourage merchants to sell their goods over such apps as well.

In fact, if a company does opt to use weaker encryption methods to catch criminal activity, it just means that malicious agents will shift to abusing the system to steal user data. As such, it's always a good idea to encrypt your data and communications while online.

Image Credit: Syda Productions/Shutterstock.com