Great post, John Whaley! We're working with a customer now who is using our API to fight fraud flowing through their platform, they consider it one of the biggest risks to their business.
Founder Inception Studio • 3x Cybersecurity Founder (Redcoat AI, UnifyID, Moka5) • Teach Compilers and GenAI at Stanford • IBM Research • Ph.D. Stanford, MIT
I think this story is a big one, but not for the most obvious reasons. I've watched with bemusement as people describe Telegram as "encrypted" (hint: it's not, at least by default) and their "proprietary encryption algorithm" (which should set off red flags with anyone who understands security). All of their channels are unencrypted broadcasts. They are just a mobile social media platform. No one I know who is serious about security uses Telegram for secure communication. (They all use Signal.) My experience with Telegram is mostly as a source for crypto scams and Russian propaganda. I often get added to crypto scam groups on Telegram with a bunch of sock puppet accounts and a small number of real users, where they try to pull some pump-and-dump or rug pull scam. Telegram is also a great source for fringe propaganda and a nice channel for sketchy businesses like hacking tools, bot farms, credential dumps, or ransomware toolkits. I was surprised by the fact that they let this play out on this unencrypted platform with impunity. I always assumed Telegram was working with the Russian government (either explicitly or implicitly), which is why it was allowed to continue. Durov's arrest, however, is a new development. This is the first time a CEO has been charged and held liable for the content that is on their platform. Being unencrypted, Telegram could have detected and blocked illegal content on their platform. It seemed to be a business decision to intentionally ignore (and perhaps promote) illegal content, which is why they were an obvious target. This is a new world now. We aren't going back. There are no longer excuses for putting your head in the sand and allowing fraud, scams, and illegal material on your platform. If you don't take reasonable steps to protect against it, a CEO can be detained, arrested, and charged based on illegal user-generated content. This includes not only the major messaging platforms, but all the minor ones too (think mobile apps/websites with social features or messaging functions). (Speaking of which, LinkedIn is one of the worst. I get so many obvious scam reach-outs here...) https://lnkd.in/gTrQZyz6