The Top 5 Dark Web Telegram Chat Groups and Channels

Posted on September 29, 2020 by Avishag Yulevich

read the article

As experts in dark web data, the Webhose cyber team managed to create this overview of the top five dark web Telegram chat groups and channels. We decided to make a list of chat groups and channel for categories like hacking, drugs, racism, financial fraud, and data breaches.  We selected these five dark web groups and channels based on the size of the user base, language, use case, number of daily messages, and year founded.  

The encryption and anonymity offered in chat applications like Telegram, IRC and Discord have encouraged increasing numbers of criminals to flock to them for a wide range of activities. 

These activities include but are not limited to: hacking, or trading malware and discussing security vulnerabilities; trading illegal drugs or prescription drugs; and the trading or discussion of personally identifiable information (PII). In addition, many terrorist discussions and chats with extremist or racist content also take place using these chat applications.  

Even though many of these chat groups, channels, and servers are technically open to the public, they are sometimes only shared in a specific forum or closed community that is geared toward a specific type of audience. The anonymity of the users combined with the often exclusive sharing of information and the scale of the data makes it challenging for law enforcement and security agents to monitor.  A commercial dark web data crawling technology can monitor existing groups of chat applications at scale and also automatically discover new ones through specific identifiers. This includes groups and channels that can be difficult to discover since they are closed groups, forums, or communities. In addition, many marketplaces and forums on the dark web have a dedicated Telegram group. 

But before we continue, let’s give you some background about the chat application itself. 

A Brief History of Telegram

Founded in 2013 after Edward Snowden’s whistleblowing on the United States’ government’s mass surveillance system, Telegram was created with the mission of protecting private conversations and data from third parties (including governments). 

As a result, unlike other chat applications, Telegram has promoted itself as offering full anonymity. This includes the ability to forward messages anonymously and to set up a username while preserving a user’s phone number as private. Not surprisingly, these features make it one of the top chat applications of choice of many criminals. 

Now let’s cover the different chat groups and channels. 

1. Carders [Getbette.biz] – [Dumps][Cc][Cvv][Dumps+Pin][Track2 / Track1+Track2]

Group: Carders [Getbette.biz] – [Dumps][Cc][Cvv][Dumps+Pin][Track2 / Track1+Track2]

  • Created: 2017
  • Main Language: English
  • Statistics: 5,812 members 
  • Topics of interest: Financial fraud and carding

Users post daily messages on the Carders group offering to sell or purchase personally identifiable information (PII) that have been acquired through carding, leaked credit cards, bank account information, and money transfers that enable money laundering. Carding is financial fraud that involves stealing credit card numbers, bank account, and other personal information online and using them for money laundering and other illegal purposes. 

Another interesting fact is that the chat group is also related to a credit card shop called  http://getbette.biz. The shop is currently down. 

Here is an example of a post from this chat group related to a full package of individual’s identifying information (including but not limited to credit card information). A credit card dump refers to an unauthorized digital copy of the data on an active credit card, such as the card number and expiration date. Once this data is available to a hacker, it can be used to make purchases. We have covered more about this criminal lingo in our post: Telegram Fresh Fullz and dumps.

We also see that in this post the actor left his phone number, which can be useful for actor profiling. Actor profiling is a research methodology that enables the creation of an identity of anonymous actor profiles on the dark web through identifiers such as wallet ID, phone numbers, or an email address connected to the actor.  

2. Narcotic Express DE ❄️🚖

  • Group: Narcotic Express DE  ❄️🚖
  • Created: July 8, 2020
  • Main Language: German
  • Statistics: 589 members 
  • Topics of interest: Drugs

Narcotic Express DE is the only closed Telegram group on this list. This small but focused Telegram group focuses on the sale and purchase of illicit drugs and conversations related to narcotics. Closed Telegram groups, as opposed to open ones, cannot be found in a search within the app or the Telegram dedicated search engine. In addition, closed groups only enable users to see messages in the group if they join them. The link to join private groups is only available through another user in the group. 

Shortly after the group was opened, Webhose quickly added it to the many chat groups, sites, marketplaces, and discussions it covers in the dark web.  

Below is an example of a post found from a user looking to sell cocaine in Narcotic Express DE:

3. Whatsapp Hacking Telegram 

  • Group: Whatsapp Hacking Telegram
  • Created: February 10, 2020
  • Main Language: English
  • Statistics: 5,825 members 
  • Topics of interest: Hacking

The Whatsapp Hacking Telegram group distinguishes itself from other Telegram groups because only the group managers can send messages to the group. Most of these messages are related to hacking and cyber attack offers for sale, in addition to screenshots of deals made via chats.

Another interesting fact: The Whatsapp Hacking Telegram group is related to dsmhackers.net, a shop for cyber attacks services.

Below is an example of a message posted by the group manager related to different hacking services.

4. NSDAP France

  • Channel: NSDAP France 
  • Created: August 25, 2018
  • Main Language: English, Russian and French
  • Statistics: 253 members 
  • Topics of interest: White supremacy and racism

The NSDAP France Telegram channel stands for the Nazi Party (or the Nationalsozialistische Deutsche Arbeiterpartei). Posts contain messages, photos, and videos related to racism, white supremacy, anti-zionism, anti-feminism, and against assisted reproductive technology (ART) through surrogacy and LGBT adoptions. 

Telegram channels, unlike groups, allow only admins to post and allow an unlimited number of subscribers to join. 

The NSDAP France channel is related to pages in VK, a Russian online social media platform similar to Facebook and this Gab.com page. 

Here is an example of the type of image posted in the NSDAP France channel, with the words “kill niggers” at the bottom of the image:

5. Free Premium Accounts – Netflix•accounts•free•premium•hotstar•disney•plus•amazon•prime•hulu•voot•pornhub•spotify•altbalaji•hack.

  • Channel: Free Premium Accounts – Netflix•accounts•free•premium•hotstar•disney•plus•amazon•prime•hulu•voot•pornhub•spotify•altbalaji•hack.
  • Created: May 22, 2019
  • Main Language: English
  • Statistics: 1,732 members 
  • Topics of interest: Database sharing

This channel is another Telegram channel that shares personally identifiable information (PII) in addition to information about hacking and cracking tools with its users. Cracking tools are those used to discover passwords found in data stored or transmitted by a computer system. Similar to the other channels mentioned, it only allows channel managers to send messages to the channel. 

Similar to the NSDAP France channel, this channel was related to pages in VK and Gab.com. The page was recently blocked in VK.

Stay on Top of the Latest Dark Web Chat Groups and Channels 

Since criminals often migrate between the different chat applications, it is crucial for law enforcement and security agencies to rely on wide dark web coverage to stay on top of the latest and most relevant chat messaging applications cybercriminals are using. 

Here at Webhose, it is our mission to deliver the most relevant, up-to-the-minute data from the deep, dark, and open web to our customers. Armed with data from our Cyber API, cybersecurity organizations, law enforcement officials and security agents can continually discover hundreds or thousands of new Telegram groups and channels through a combination of automation and machine learning.  

Want to learn more? Contact a dark web data expert today!