Feb 13, 2024 - Technology

How Discord has become a hacker hotbed

Illustration of a repeating pattern of computers with the Discord logo displayed on the screen.

Illustration: Aïda Amer/Axios

Cybercriminal gangs are infiltrating popular online community platform Discord to plan their schemes and teach a new generation of hackers, according to a new report shared first with Axios.

Why it matters: Hackers have long used members-only online forums to discuss their activities, but the use of Discord shows these conversations are now taking place on more mainstream social media platforms — and moderators are having a hard time keeping up.

  • Discord CEO Jason Citron was recently among a group of tech leaders who testified before Congress about the ways their companies are protecting kids online.

Driving the news: Intel 471 released a report detailing how hackers are recruiting and obfuscating their schemes on Discord.

The big picture: Online discussion boards have long been havens for hackers looking to entice others to join their ranks or to share secret information about their activities.

  • Historically, hackers have built their own discussion boards to trade stories, sell stolen data and learn new skills.
  • But increasingly, malicious hackers have turned to commonplace communications platforms, like Discord and Telegram, where it's easier to share documents and rebuild communities after a potential law enforcement raid.

Of note: Scattered Spider, one of the most prolific hacking groups in recent years, is believed to be made up of members of another group, known as the Comm, that built its ranks across Discord and Telegram.

What they're saying: "A lot of people in security were gamers who wanted to figure out how to cheat [and modify games], and that inspired them to figure out, 'Well, how does this work? How does reverse engineering work?'" Jeremy Kirk, executive editor at Intel 471, told Axios.

  • "It's interesting to look at the community to see how it develops, and there's always been this tangent to the gaming community," he added.

Details: Intel 471 researchers are tracking at least a dozen communities on Discord that appear to be discussing crimes and hacking techniques among one another.

  • In some forums, these groups are simply sharing tutorials for new hacking techniques and ways to build new tools.
  • In others, malicious hackers are openly talking about the crimes they've committed while also hosting malware on Discord's servers and looking to sell data stolen during recent cyberattacks.

Zoom in: A screenshot from November of an invitation to join one such Discord channel appears to offer training in a variety of malicious hacking activities, including phishing, password cracking and creating fake IDs.

Between the lines: Discord offers several advantages to cybercriminal groups, including the ability to host and easily share files, Kirk said.

  • Building a community on Discord also gives hackers distance from their main websites, which law enforcement could easily take offline once they're discovered, Kirk added.
  • And Discord also allows people to remain anonymous, making it easier for hackers to disguise themselves, per the report.

Yes, but: Discord isn't alone. Hackers have also been known to turn to Telegram to talk shop, and they're increasingly turning to other legitimate services to host and deploy malware.

  • Telegram has the added advantage of offering encrypted chat services.

The other side: A Discord spokesperson told Axios that the platform has a "zero-tolerance approach to illegal activity on our platform," adding that the site's community guidelines prohibit users from engaging in illegal activity.

  • "When we see this kind of activity, we take action, which can include removing users, shutting down servers, and engaging with authorities," the spokesperson added.
  • Discord has also shared tips to protect users from scams on the site.
Go deeper