Brazil's insistence that WhatsApp and its parent Facebook turn over information sent over the messaging app is forcing criminals based in that country to find other secure ways communicate.
That nation's courts this week froze the $6 million being held in Facebook's Brazilian bank account over encryption issues involving the messaging app. Actions such as this, tied to earlier moves by the Brazilian legal system, have pushed Brazilian cybercriminals to change their method of communication shifting to more secure messaging systems like Telegram.
Trend Micro blogger Deep Web cited the two main reasons for the change. In December 2015, and again in May, WhatsApp was temporarily shut down in Brazil by the courts forcing cybercriminals to find an alternative way to chat, next Brazilian courts began to require that Facebook/WhatsApp provide information that was transmitted over the messaging app relating to on-going criminal investigations.
Deep Web said that from a criminal's perspective shifting over to Telegram was a no-brainer.
”We believe cybercriminals opted for Telegram because, like WhatsApp, it encrypts the messages sent over its network. That said, law enforcement agencies can't easily prove the illicit nature of cybercriminal transactions conducted via the service. Users can also create and chat with large groups of people at the same time, much like forum pages, where a lot of cybercriminal deals and communications occur,” Deep Web wrote.
Since WhatsApp is fully encrypted, Facebook has said it cannot supply the requested information.
The relationship between the social media giant and Brazil has become so strained that in March Diego J. Dzodan, vice president for Latin America at Facebook was picked up by authorities on obstruction and contempt charges.
Trend Micro indicated that the Brazilian bad guys have quickly settled into the Telegram universe offering a wide variety of products for sale, ranging from stolen credit card numbers to hacked Netflix accounts. The fact that these people were able to so quickly adjust might have had something to do with their age.
“Based on some posts we found, the sellers of stolen credentials are still in high school, most likely younger than 20 years old," Deep Web wrote. "We're not sure if they work alone or in groups. But most are certainly self-taught/self-starters, obtaining knowledge and skills by joining and participating in forums–judging by the number of hacking/carding tutorials and how-to guides they share with other group members.”