Report: Cybercriminals prefer Skype, Jabber, and ICQ

The most popular instant messaging platforms with cyber criminals are Skype, Jabber and ICQ, according to a new report released this morning.

Meanwhile, consumer-grade platforms like AOL Instant Messenger and Yahoo IM have fallen out of favor, while newer, more secure consumer oriented platforms like Telegram and WhatsApp are also gaining popularity.

The newer platforms are more user-friendly and more convenient, but also offer greater security, said Leroy Terrelonge, Director of Middle East and Africa Research at Flashpoint, which recently released a report about the communication platforms cyber criminals have been using over the past four years.

The research is based on discussions conducted on hundreds of underground communities by thousands of members, in which the participants mentioned the instant messaging platforms they were using.

While the underground forums are home to some general discussions, it’s the instant messaging channels where the really serious conversations and planning take place, Terrelonge said.

And the general direction of movement is towards more encrypted, more secure platforms — both because the cyber criminals are becoming more security conscious, and also because the general public is, too, and the popular tools are evolving as a result.

“In the past, secure tools existed, but they were clunkier and were niche, for nerds and geeks,” he said. “Now that they’re made it a lot more user-friendly, even people who are not technically adept tend to use them. Even some of the applications that were not as security minded before have moved their platforms to include encryption.”

One high-profile example of that is WhatsApp, he said, which is now a top messaging platform with the general public — and has added encryption.

Convenience is often the most important consideration, however. Skype, for example, does not offer end-to-end encryption.

“But Skype is pretty global,” he said. “If you say, ‘Let’s connect on Skype,’ chances are that the other person will already have it on their system.”

Skype was the second most popular messaging platform in 2012 with the Russian underground, according to the report, and rose to first place at the end of 2016.

With English-language communities, Skype was in first place both in 2012 and in 2016. After Skype, the other two most popular platforms with cyber criminals today are Jabber and ICQ.

Jabber is a free, secure, open-source, decentralized platform that is in second place in both the Russian and English-language criminal underground. With the elite Russian forums, however, Jabber is in first place.

“The Russian elite cyber criminals are using Jabber as their preferred IM system,” Terrelonge said. “It’s something that’s been around for many years, and is theoretically, as far as anyone knows, unbreakable.”

The third-place network, ICQ, has been losing ground among the general public, and even in Russia, its stronghold, ICQ’s popularity has dropped from first place in 2012, with 52 percent of mentions, to third place in 2016 with just 21 percent of mentions.

But in English-speaking communities, the mentions of ICQ have actually tripled, from just 3 percent in 2012 to nearly 10 percent today.

Cyber criminals around the world look up to the Russians as models and trendsetters, he said. This means that if enterprises spot ICQ traffic on their networks, they should take a second look.

“If you are a Western company and you have people who are using ICQ on your network, it doesn’t necessarily mean that it’s malicious,” he said.

That’s especially true with users from the former Soviet Union, he added.

“But if they’re not from a former Soviet country, the only people I know who use ICQ are cyber criminals,” he said. “You might want to ask some questions.”