Dark web criminals switch to popular apps to sell drugs, using bots and secret graffiti messages to do business

Graffiti and hashtags in public places direct people to drug dealers’ accounts on encrypted messaging apps like Telegram

Anthony Cuthbertson
Wednesday 13 March 2019 11:55 GMT
A graffiti-covered wall with a giant hashtag sign near Moscow’s Kursky railway station. Criminal gangs are using tags to advertise channels on popular apps like Telegram where people can buy drugs
A graffiti-covered wall with a giant hashtag sign near Moscow’s Kursky railway station. Criminal gangs are using tags to advertise channels on popular apps like Telegram where people can buy drugs (AFP/Getty)

Dark web drug dealers are turning to popular apps to peddle their products, often using street graffiti to advertise their accounts to customers, and automated bots to communicate with them.

The shift follows a crackdown on illicit online markets, together with the introduction of encryption into apps that allows users to remain anonymous.

Cyber experts have observed this growing trend among the criminal underground, noting the innovative tactics gangs employ to evade police detection.

Speaking anonymously to The Independent, a dark web researcher who has infiltrated channels on the messaging app Telegram explained how automated bots are used to communicate with customers – both for convenience and to defer liability.

The researcher shared images of the channel names spray-painted on walls near transport hubs and other public places in order to advertise the channels to potential customers.

Another major change in the way these drug dealers operate is in the use of “dead drops” to distribute the product. This bypasses the dangers of meeting face-to-face, while also avoiding the risk of drugs being tracked or intercepted through the postal system.

Goods are instead hidden in publicly accessible places, such as parks, before the location is sent to the customer once the purchase has been made. Semi-anonymous cryptocurrencies like bitcoin facilitate the payments.

The dropgangs, as they have been dubbed, were first discovered operating in Ukraine but have since been observed in Russia, the Balkans and most of central and eastern Europe.

Europol special adviser Rik Ferguson points to the end-to-end encryption and limited identity checks that make apps like Telegram attractive to the gangs.

“Criminals operate increasingly like businesses today, and they need reliable communication tools to get their job done,” Mr Ferguson, who also heads up research at cyber security firm Trend Micro, told The Independent.

“Telegram has become the tool of choice for criminals but it is not the first app to be put to nefarious use. Channels such as WhatsApp and Facebook Messenger had their day in the criminal underworld too, so Telegram will likely not be the last.”

Telegram previously gained notoriety after it became the communication tool of choice for the Isis, however, there has since been a significant crackdown on channels that harbour terrorist activity.

More recently, an investigation uncovered images of child abuse and stolen credit card numbers being openly traded through Telegram – once again pointing to the trend of encrypted apps taking over from the dark web as a venue for crime.

“Encryption apps started out with good intentions, such as helping protect private communications from government spying,” said Boris Cipot, a security engineer at the software firm Synopsys. “But, unfortunately, even if this functionality was created for good use, there are those that will abuse it for negative reasons.”

Telegram did not respond to several requests for comment, though has previously stated that it is engaged in “proactive searches” to find and remove illegal activity on its platform.

Despite the proliferation of dropgangs and the difficulties faced by authorities in tracking and stopping them, security experts warn that forcing apps like Telegram to compromise the encryption they use would be dangerous.

“The problem won’t be solved by governments demanding back doors be built into the software to give them access,” Europol adviser Rik Ferguson said.

“This would only serve to undermine encryption fundamentally – back doors come with no guarantees, and open up consumers’ communications to a whole new world of attacks.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in