Blog

New Telegram Policy Changes Spark Talks from Threat Actors of a Platform Exodus

Telegram’s recent policy shift following founder Pavel Durov’s arrest has sparked concerns over cybercriminal migration on one of the world’s largest messaging platforms.

Default Author Image
September 25, 2024

The Incident

On August 26, 2024, the founder of Telegram, Pavel Durov, was detained at Paris-Le Bourget airport, igniting a global debate around privacy, platform responsibility, and free speech. Held in custody for four days before being released on bail, Durov now faces multiple charges, including accusations of facilitating illegal activities through Telegram. This high-profile arrest has sent ripples through both legitimate user bases and underground cybercriminal communities.

A Shift in Telegram’s Privacy Stance

For years, Telegram has been a preferred platform for cybercriminals, emerging as a vital alternative after the takedowns of Dark Web marketplaces like AlphaBay and Hansa in 2017. With its encrypted messaging and strong user privacy, Telegram served as a haven for those wary of more mainstream social platforms.

However, in the wake of Durov’s arrest, Telegram announced on September 23 that it will now comply with law enforcement requests to share user data—specifically IP addresses and phone numbers—with valid warrants. This marks a major departure from the platform’s former policy, which limited data-sharing to cases involving terror suspects.

Telegram’s decision comes at a critical juncture. With 900 million users globally and projections of reaching 1 billion in 2024, this policy shift could jeopardize the platform’s appeal. Additionally, the platform has begun implementing stricter content moderation, supported by AI tools, to remove problematic content from its public search features. While these changes aim to maintain the platform’s integrity, they have raised concerns across underground communities, who see this as a signal that Telegram is no longer a safe haven.

Cybercriminal Migration: Where Could They Go Next?

Telegram’s new policies are prompting cybercriminals to seek alternative platforms. As underground communities grapple with these changes, potential replacements like Discord, Signal, and Matrix have entered the conversation. Each of these platforms offers varying degrees of encryption, community features, and content moderation, but none provide the exact combination of functionalities that has made Telegram such a popular hub for illicit activities.

As discussions continue within these underground networks, the sentiment that “Telegram is not safe” has spiked, driving further uncertainty. Some threat actors have already announced their migration to Signal groups or begun utilizing Telegram’s secret chat feature to evade the platform’s evolving moderation.

The Future of Privacy and Cybercrime

Durov’s arrest and Telegram’s policy changes reflect a broader challenge facing many technology platforms today: balancing privacy with the responsibility to combat illegal activity. As governments push for more stringent content moderation and user data sharing, platforms like Telegram must carefully navigate this landscape to maintain user trust while complying with legal requirements.

Ultimately, Telegram’s future may hinge on its ability to manage these opposing forces. Will the increasing pressure from law enforcement push these groups to the fringes of new, decentralized and unmoderated platforms? While newer platforms may offer a short-term replacement, they do not replicate the Telegram features that make it compelling to threat actors. It is possible that Telegram will serve as a centralized messaging app while threat actors share alternative apps to reach them.

Only time will tell, but one thing is clear—privacy and platform responsibility will continue to be central themes in this evolving narrative.

See Flashpoint in Action