Discord is now the young hacker's weapon of choice

Discord is now the young hacker's weapon of choice — here's why

The Discord Google Play listing displayed on a phone screen.

(Image credit: Sharaf Maksumov/Shutterstock)

Discord and Telegram are the immature hacker's platforms of pick, and companies and other enterprises should consider blocking network access to those platforms in order to lower the take chances of cyberattack, a security expert said at the RSA Conference this week.

"Discord is the potential future of the dark internet," said Brook Chelmo, a senior strategist for network-firewall maker SonicWall. He added that "Discord's wonderful scripting engine makes moderators' lives much easier, simply it also gives both attackers and defenders powerful tools."

Discord: Everything you need to know
The best encrypted messaging apps
Plus: We've not seen Xbox Series X's ability 'fully embraced' yet

Echoing what other researchers have recently discovered, Chelmo said malicious hackers are using Discord'south content-delivery network (CDN) to distribute spam, business firm malware command-and-control servers, run bots that shill for stocks or cryptocurrencies and launch distributed denial-of-service (DDoS) attacks to knock websites offline.

But, Chelmo said, the most important cistron is that Discord lets young hackers, both expert and bad, quickly and easily share code, communicate and class communities.

Because Discord is actively moderated by the people who run it, malicious hacking crews run the adventure of being banned or having their group servers taken down. And then they oft take their near sensitive discussions to Telegram, which permits fully encrypted 1-on-1 discussions that even Telegram's operators can't view.

What are Discord and Telegram?

A quick primer if you're not familiar with Discord or Telegram: Both are communications platforms that run on Windows, Mac, iOS, Android and Linux alike.

Discord was originally ready in 2015 every bit a chat and voice-call platform for online gamers, but has since grown to include video streaming and software delivery. Users bring together for gratuitous, can gear up virtual "servers" for their own groups, and can upload pretty much anything for other Discord users to view or download.

User-uploaded content is held in Discord'southward worldwide content-delivery network (CDN). Discord's administrators actively patrol the service to root out forbidden material such as child pornography or extremist or violent content, as well equally prevent harassment of users. However, Discord'southward transparency reports show a huge surge in cybercrime and malware on the service since early on 2019.

Telegram was created in 2013 as a free encrypted messaging app. Since and so, it has added vocalisation and video calling, groups chats and video calls, as well as broadcast "channels" that send one-mode letters to an unlimited number of users.

1-on-one chats, voice calls and video calls can exist end-to-end encrypted and so that Telegram's administrators can't see the content. Grouping chats and calls cannot be, but that hasn't stopped all sorts of nefarious groups, from ISIS to malicious hackers, from using Telegram to communicate.

Who are these young hackers and why do they work so fast?

Chelmo said he gained entry into this world in 2019, when an article he had written near the HildaCrypt ransomware crew (named afterwards the Netflix kids' cartoon) was retweeted by the ransomware crew itself.

"I reached out and we started talking," Chelmo recalled. "They introduced me to a whole new earth of Generation-Z hackers working on Discord."

Older hackers taught themselves to code using secondhand manuals and a lot of trial-and-error tinkering, Chelmo said, but the kids these days get ahead much faster.

They meet on Discord, form groups and buy a lot of pre-existing malware modules online, which they can apace assemble into complex new malware. If they have trouble using the malware modules, many of the modules are sold with customer back up.

Equally an example, Chelmo said that in 2008, it took a five-homo crew nine to 12 months to create and distribute the Koobface worm, which stole data from Facebook, Gmail and other social-media and webmail platforms.

In 2020, a "like-sized crew" took only iii months to create very constructive ransomware. It would have taken even less time, except that the crew wanted to brand its malware the next-gen "fileless" diversity to evade detection. What fabricated the divergence was the availability of Discord, Telegram and modular malware.

"Discord allows them to hack on the cheap," Chelmo said. "Discord can conciliate their server, but they can replicate it quickly."

The platform also lets them "ping" servers and test for vulnerabilities and exposed login credentials. If hackers are running ransomware, they can accept payments in Bitcoin, then "wash" it into alt-coins such every bit Monero, convert it back into Bitcoin and cash out using PayPal.

Mutual characteristics, plus a lot of anger

In that location were some interesting mutual characteristics that Chelmo observed among the young hackers he encountered online, whether they were involved in cybercrime or not. While they come up from diverse backgrounds, many supported hacktivist groups and felt a desire to join a customs.

The difference betwixt the "good" and "bad" hackers was simple, Chelmo said. Those involved in cybercrime were pessimistic about the hereafter and their own career prospects, and often had suffered betrayal or loss — one had bitcoin stolen by a friend, another learned to hack to get back at schoolhouse bullies, a third hacked the workplace of his girlfriend's father later on the man forbade the relationship.

The hackers defending against cybercrime were more optimistic about their careers, and some had crucially been rewarded for defensive hacking as teenagers. Chelmo said one hacker was encouraged when Cerise Bull sent him cases of its free energy drink subsequently he found a trouble with the company'due south software.

Merely the Russian hackers were a bit dissimilar, he added. Russia and other Eastern European countries have a sense of isolation from the West dating back virtually a thousand years, Chelmo said. Immature Russian hackers said that even today, they're taught that the West is evil. It's ane reason Russian hackers will often go later High german and American targets — and 1 reason the Russian government lets them.

"There'southward lots of anger at the Westward, and a desire for revenge," Chelmo said.

What is Discord doing about this?

Discord, to its credit, is very clear about how it handles abuses of its service. It now releases transparency reports twice a year, which show a increase in malware and especially cybercrime.

Malware was 1.5% of reported abuse in the first three months of 2019, 1.8% in the last nine months of 2019, 2.9% in the first half of 2020 and 3.five% in the second half of 2020.

Cybercrime wasn't a category in the 2019 reports at all. In the outset half of 2020, it was v.2% of all reports. In the second half of 2020, information technology was 12%.

The biggest slice of the pie in all 4 transparency reports was harassment, which was reported more than than 275,000 times to Discord administrators in 2019 and 2020. But information technology's spam, child sexual content and other exploitative content that is virtually likely to get a Discord user banned.

"Responding to malware and cybercrime takes a far back seat to this stuff," Chelmo said, although Discord admins did have action in 41% of reported cybercrime cases in the 2d one-half of 2020.

What can y'all do well-nigh this?

Because RSA Conference is focused on business security, Chelmo'south communication mainly cruel forth those lines: Configure your visitor firewall to block Discord and Telegram, train your employees how to respond to cyberattacks, and so on.

But some of his advice applies to consumers too. Use one of the best antivirus products — one that has a configurable firewall (or lets you lot configure the Windows ane) and besides performs heuristic monitoring to grab "fileless" malware that runs but in memory. Apply strong, secure, unique passwords; one of the best password managers volition go a long way to aid with that.

Some of Chelmo'southward communication to companies was more long-term and geared to win over more young hackers to the good side.

"Consider hiring people without a college education," he said. "Look for certifications and skill sets. Await for more than women seeking technical roles. Be more sensitive about human link to climate change," a huge result for many people in their teens and 20s.

"Consider hiring from the old Soviet Union," where many young people who may turn into malicious hackers live, he added. "Give them the benefit of the doubt."

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has as well been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting effectually in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Idiot box news spots and even chastened a panel discussion at the CEDIA dwelling house-technology conference. Yous can follow his rants on Twitter at @snd_wagenseil.