Telegram app hosts ‘underground markets’ for Southeast Asian crime gangs, UN says

Powerful criminal networks in Southeast Asia extensively use the messaging app Telegram which has enabled a fundamental change in the way organised crime can conduct large-scale illicit activity, the United Nations said in a report on Monday.

The report represents the latest allegations to be levied against the controversial encrypted app since France, using a tough new law with no international equivalent, charged its boss Pavel Durov for allowing criminal activity on the platform.

Hacked data, including credit card details, passwords, and browser history, are openly traded on a vast scale on the app, which has sprawling channels with little moderation, the report by the United Nations Office for Drugs and Crime (UNODC) said.

Tools used for cybercrime, including so-called deepfake software designed for fraud, and data-stealing malware are also widely sold, while unlicensed cryptocurrency exchanges offer money laundering services, according to the report.

“We move 3 million USDT stolen from overseas per day,” the report quoted one ad as saying in Chinese.

There is “strong evidence of underground data markets moving to Telegram and vendors actively looking to target transnational organized crime groups based in Southeast Asia,” the report said.

Southeast Asia has emerged as a major hub for a multibillion-dollar industry that targets victims across the world with fraudulent schemes.

Many are Chinese syndicates that operate from fortified compounds staffed by trafficked workers.

The industry generates between $27.4 billion to $36.5 billion annually, UNODC said.

Russian-born Durov was arrested in Paris in August and charged with allowing criminal activity on the platform including the spread of sexual images of children.

The move has put the spotlight on the criminal liability of app providers and also triggered debate on where freedom of speech ends and enforcement of the law begins.

Telegram, which has close to 1 billion users, did not immediately respond to a request for comment.

Following his arrest, Durov, who is currently out on bail, said the app would hand over users’ IP addresses and phone numbers to authorities making legal requests.

He also said the app would remove some features that have been abused for illegal activity.

Benedikt Hofmann, UNODC’s deputy representative for Southeast Asia and the Pacific, said the app was an easily navigable environment for criminals.

“For consumers, this means their data is at a higher risk of being fed into scams or other criminal activity than ever before,” he told Reuters.

The report said the sheer scale of the profits earned by criminal groups in the region had required them to innovate, adding they had integrated new business models and technologies including malware, generative artificial intelligence and deepfakes into their operations.

UNODC said it had identified more than 10 deepfake software service providers “specifically targeting criminal groups involved in cyberenabled fraud in Southeast Asia”.

Elsewhere in Asia, police in South Korea – estimated to be the country most targeted by deepfake pornography – have reportedly launched an investigation into Telegram that will look at whether it abets online sex crimes.

Reuters also reported last month that a hacker had used chatbots on Telegram to leak the data of top Indian insurer Star Health, prompting the insurer to sue the platform.

Using the chatbots, Reuters was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses.