Home Security Skype top comms tool among cyber criminals: study

Skype top comms tool among cyber criminals: study

Skype top comms tool among cyber criminals: study Featured

Despite its lack of end-to-end encryption, Microsoft's Skype remains the top communications tool used by most English-speaking cyber criminals, and among the top five tools used by five other language groups, a study has found.

The business risk intelligence firm Flashpoint studied the use of communications tools across Russian, Chinese, English, Farsi/Persian, Arabic and Spanish cyber criminals.

It found that among the English-speaking group, the percentage using Skype was about 63% in 2016. This was down from nearly 81% in 2012.

Among the messaging apps used by the different language groups were Telegram, AIM, QQ, ICQ, Jabber, Kik Messenger, Xfire, Zephyr, Yahoo! Messenger, WhatsApp, Wickr, Tox, Pretty Good Privacy and others.

Among Persian/Farsi speakers, Yahoo! Messenger was the most popular, while Chinese cyber criminals preferred QQ. French speakers opted in the main for Jabber, with Spanish speakers going for ICQ.

Most Russian underground members used Skype but the elite criminals preferred Jabber. French speakers also went for Jabber, while Arabic speakers were found to be mainly WhatsApp users.

"Skype was among the top five messengers in all of the language groups, and only in the French, Persian, and Chinese language communities did Skype not constitute a significant share of the most mentioned messengers," the study said.

"Microsoft’s bundling of Skype with its devices has likely played a large role in the application’s popularity."

However, the study found that cyber criminals had become interested in end-to-end encrypted communications which are on offer from WhatsApp, Telegram and Jabber.

This was put down to the following factors:

  • Revelations of NSA surveillance that likely prompted more users to adopt more secure communications practices;
  • The proliferation of encrypted communications apps, particularly in the wake of Edward Snowden’s leaks; and
  • Information sharing by connectors in more sophisticated underground communities, who have transferred knowledge about secure communication practices to other less-sophisticated communities.

The Flashpoint study came to the conclusion that Russian-speaking cyber criminals were the trendsetters for other cyber-crime communities.

"(They are) well-known for their prowess and universally considered the most innovative and sophisticated actors in the cyber crime ecosystem, the study said.

"For this reason, actors from other language communities often emulate Russian cyber criminals in an attempt to raise their own levels of competency."

It said that an example was the number of mentions of ICQ across many cyber-crime language communities. "Based on usage patterns of ICQ in the general population (where ICQ has fallen into disfavour except in the countries of the former Soviet Union), one would expect to see a commensurate drop in the share of mentions across the cyber crime underground.

"In contrast, there was a general uptick across a number of communities. Given that there is no security rationale for increased mentions of ICQ (the service does not natively offer end-to-end encryption), the most plausible explanation is criminals’ desire to model themselves more closely to Russian-speaking criminals or adopt the technology to facilitate communication with Russian-speaking actors," the study said.

The study relied on mentions of social media platforms in the underground communities monitored by Flashpoint. These observations were used as a proxy for gauging interest in and use of these messaging services. Communities who were studied are involved or interested in financially-motivated cyber crime, apart from the Iranians who form part of the study.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News