Former Uttar Pradesh Cyber Crime Superintendent of Police Triveni Singh was unearthing scams on Telegram, a messaging platform. The investigation started with a complaint filed by a girl who was cheated of money through a part time job scam. She received a lucrative offer on WhatsApp first and then was directed towards a Telegram channel wherein her bank details were taken.
When the police reached out to Telegram, the messaging platform did not respond to their queries. For months, Singh tried establishing contact with Telegram through multiple follow up emails asking for KYC and IP addresses to track down the scammers.
Instead, Singh said, Telegram embroiled the investigation team in diversionary tactics— asking for proper permissions on official letter pad, investigating officer’s name, then they asked for crucial probe related documents repeatedly and also asked for IPC (Indian penal code) sections under which information is being sought.
“Finally, after providing every detail, Telegram stopped communication,” Singh told Decode.
“We cracked the cases with the help of cyber crime experts and found out how these scammers operate on Telegram but unfortunately, Telegram didn’t cooperate with us at all. Telegram rarely shared any information whenever I have asked for in cybercrime cases investigated by me,” he added.
Telegram, the messaging platform which launched on 14th August 2013 has over a billion downloads on Google play store. The platform is where all kinds of groups emerge. Crimes related to sextortion, fake investments and drugs are quite common. But police across the country are desperately seeking ways to get the platform to co-operate with them to solve the crimes that they say are often linked to China, Dubai, Cambodia and Singapore among other countries.
The case that SP Triveni Singh started investigating turned out to be a 4,200 crore rupees scam. “We asked experts from NPCI (National Payments Corporation of India) to track the money flow, that is, to which account was the money paid to, registered email id, Ip Addresses, whether VPN(Virtual private network) has been used and found out that the money had been transferred to accounts in China via bitcoins,” he said.
The Drug Mafias On Telegram
Telegram is the new “dark web” for all kinds of illicit activities and is being successfully used by several cybercriminals owing to the platform’s strong privacy features, like end-to-end encryption and self-destructing messages.
Decode accessed reports of cyber threat analysis organisations, Innefu and Cloudsek, on Telegram channels being created to freely operate drug selling businesses across the nation.
‘Exotic weed on Sale’, ‘Deepawali special order’, ‘Discreet strain’ are some of the terminologies used by the dealers to market their products to peddle drugs via several Telegram groups. These groups namely, Indian Marijuana Shop, Indian Ganja Store or Indian Marijuana Stoner Group are among many others which are openly setting up shops and posting about cocaine, ecstasy pills, MDMA, weed and there is no mechanism to stop this transaction.
This reporter has been part of such groups for several months investigating how the entire network functions.
Groups which have maximum 148-250 subscribers post new products twice a month, which is casually advertised as any other online products on sale like clothes or shoes or makeup items. There are high definition pictures along with prices for “discreet” products wrapped in thermocol-laced cardboard boxes and an assurance that safety is prioritised for the customers.
When someone finds a link (mostly from Facebook pages), they join them on Telegram. MDMA crystals are sold for 1300 rupees for 3 gms; Kerala gold at the rate of 3000 rupees for 30 gms or super malana cream at 6000 rupees for 1 tola (1000 gms). The deal is struck on DMs (Direct messages) and payments are accepted via UPI or cryptocurrency.
Laxmi Nagar and Subhash Nagar Metro stations in Delhi, S.S. Bars and Shackles in Goa, and Lane 14 on Silichar Link Road in Assam are a few locations which have been identified where drugs are supplied.
So why is Telegram the most feasible platform for such illicit activities? And why is it becoming increasingly difficult for cops to nab the culprits?
“Secret chat and self-destructing time set for messages are a potent combination that works in favor,’’ says Ritesh Bhatia, a Cybercrime investigator and director of V4WEB cyber security told Decode.
“A unique key is generated in a chat between two people which stays only between them and whatever deal is struck on drugs or any other exchange of illegal materials are end to end encrypted. On WhatsApp, the messages disappear after a week or so but on Telegram one can set a 5 seconds or a 10 seconds self-destructing timer, which makes it impossible for the cybercrime cops to get hold of the chats. Even Telegram cannot decrypt these messages. All one can access is just the IP address and nothing else. Just a user name is visible, no phone numbers can be seen and if one gets into trouble, one just have to change the user name and that’s it. Privacy and anonymity are foremost on telegram. And it’s just going to get worse.”
Brijesh Singh, Principal secretary to Maharashtra CM Eknath Shinde, who has investigated several cyber fraud cases says that under 91 CrPc, any platform is bound to reveal documents or any important files to cooperate with the ongoing legal proceedings, but Telegram often deflects and doesn’t cooperate in giving any information.
“This is increasingly becoming an issue in cracking the scams or drug network being run openly on Telegram,’’ he said.
A senior police official in Uttarakhand cybercrime unit, requesting anonymity, reveals the obstacles faced in solving scams via Telegram. “We are aware of other illicit activities like child pornographic materials, drug peddling channels and arm deals that are underway on Telegram. Every day we receive complaints of people losing money via financial fraud scams or job scams. While WhatsApp allows only 1124 members in a group formed on the platform, a group formed on Telegram allows over 2 lakh participants, thus the pool of suspects are huge.”
The police official said that dummy name, dummy photo and fake handles can be easily created on Telegram. Sometimes criminals use VPN (Virtual Private Network) or proxies to run a handle on Telegram which withholds the IP addresses.
With only having access to all these information, it becomes extremely important for the platform to comply with the legal proceedings and help the police in getting hold of these fraudsters.
“On writing to Telegram for IP addresses to track down, Telegram initially delays the process by seeking FIR copy, screenshots of the chats, investigating officer’s signature on several documents. Then upon insistence, the last IP address of the suspected handle is shared with us, which is of no use because the IP addresses are constantly being changed by the handler. By the time we track down the last IP address shared with us, the handler is quite ahead of us and has changed it’s dummy name, KYC or handle and operating freely,” the officer from Uttarakhand said.
Unlike the Dark Web, which requires specific software (like Tor Browser) and knowledge to access, Telegram is readily available as a mainstream messaging app. “We may see expansion into areas like cyber espionage, trafficking of stolen data, or even radicalization, given the platform's capabilities,” said Brijesh Singh.
Telegram also allows use of proxies for the user, making it difficult to investigate. User onboarding can also be done using virtual or temporary numbers with no further verification or KYC of the mobile number and one account can be used on multiple devices without limitation, thus, it reduces the risk of being tracked by authorities and some of the biggest piracy networks are easily run on it, Singh added.
However, Advocate Prashant Mali , Cyber Lawyer practicing in Bombay High Court says, “Telegram channels are being tracked by implanting cops impersonating as someone else, but they take its encryption as excuse many a times to avoid being responsible. It’s the will of the cops that’s required, no technology is blocking them, every police force has cracked the code and thus, we need lots of economic support for police backed by the government.”
The case that Mali handled were of drug peddlers who have implemented AI based chat bots to avoid human based errors on this popular communication messaging app.
“Peddlers harp on the fact that users perceive chatbots as a private communication partner and an anonymous way of getting information without being tracked. Customers believe that chatbots are private and easy to trust as they will not leak information. Therefore, they are more relaxed and willing to share sensitive information that they would not disclose to a physical person. Hence the usage by peddlers,” he said.
So what’s the way forward to stop these drug peddling networks to operate and also stop other scams from taking place?
Threat Intelligence Researcher of Cloudsek, Mudit Bansal, who worked on several reports on how Telegram is the safe haven for drug peddlers says Telegram has to be pressured to tighten the noose, "Threat actors are using it to sell bank accounts created on fake documents, steal credit cards and even sell drugs. The bots available on telegram are allowing users to even make deep fake videos in a click! Loose action from telegram allows it to become a wild west for crime. Until Telegram tightens its actions on such groups, it will remain a bad guy haven."
Brijesh Singh further adds the need to be self-aware, ‘’The cybercrime cases investigated on highlight the need for enhanced digital literacy among the public to recognize such scams and the importance of international cooperation in tackling cybercrimes that use encrypted platforms.’’
Decode Internet has reached out to Telegram for a response on steps to be taken to stop such channels from operating, this story will be updated as and when the response is received.