2025-09-27 –, Main Track
Cybercriminals are hawking stolen credentials on Telegram, using a subscription-based model where clients pay for access to a trove of stolen information. From there, these credentials can be used for all manner of digital crime.
In this talk we’ll explore a slice of this ecosystem where cybercriminals sell access to “clouds” of stolen credentials (named so because the data is often hosted with cloud providers) by looking at a handful of these Telegram channels. We’ll dive into the structure, composition, and workings of these groups, as well as consider the ways in which Telegram is used as a platform for marketing and promotion of criminal goods and services.
As barriers to entry for cybercrime continue to fall and Telegram rises in importance as a facilitator of cybercrime, it is important to consider both the technologically sophisticated elements of this setup as well as the unsophisticated elements.
Liv Rowley is a Research Manager at Open Measures. Much of her current research focuses on threats and digital harms originating from fringe tech platforms. In previous roles, Liv has worked as a threat intelligence analyst in both the US and Europe, specializing in understanding threats from the cybercriminal underground as well as the Latin American cybercriminal space.